Role Description Responsible for day-to-day operation of the company’s compliance and AI governance program in a regulated, government-facing environment. This role focuses on translating regulatory, cybersecurity, AI governance, and audit requirements into actionable internal processes, coordinating audit readiness, maintaining documentation, and ensuring ongoing compliance alignment. The position partners closely with the CTO, Cloud Hosting Manager, Engineering, and Security stakeholders to support secure operations, responsible AI usage, and adherence to applicable regulatory frameworks and data protection standards. - Interpret regulatory, contractual, cybersecurity, and AI governance requirements (e.g., SOC 2, CJIS, NIST-based controls, ISO 27001, AI governance standards, state/local requirements) into internal tasks and control activities - Coordinate audit readiness efforts, including evidence collection, organization, validation, and remediation tracking - Serve as primary internal point of contact for auditors; support external audit processes, security assessments, and follow-up activities - Maintain and update policies, procedures, control narratives, risk assessments, AI governance documentation, and compliance records - Track compliance status, findings, risks, and remediation efforts; ensure timely closure of identified gaps - Partner with Hosting, Engineering, Security, and Product teams to validate implementation of security, privacy, and AI-related controls - Support governance and oversight of AI-related processes, including data handling, model usage, vendor assessments, and responsible AI practices - Assist in identifying and mitigating cybersecurity, privacy, and AI-related operational risks - Escalate ambiguous, high-risk, or non-compliant requirements and coordinate resolution activities - Support vendor compliance reviews, security questionnaires, and third-party risk documentation requests as needed - Assist in maintaining control mappings across multiple compliance and security frameworks - Contribute to continuous improvement of compliance, information security, and AI governance processes Qualifications - 3–7+ years of experience in compliance, risk management, cybersecurity governance, audit coordination, or related function - Working knowledge of at least one framework (SOC 2, NIST, CJIS, ISO 27001, or similar) - Familiarity with cybersecurity governance principles, access controls, data protection practices, and risk management methodologies - Exposure to AI governance, responsible AI practices, data privacy considerations, or emerging AI regulatory requirements preferred - Experience supporting audits (internal or external), including evidence collection and auditor interaction - Strong documentation skills; ability to produce clear, structured policies, procedures, and governance documentation - Ability to interpret technical and regulatory requirements and translate them into operational tasks and controls - Comfortable working cross-functionally with technical, security, and operational teams - Detail-oriented with strong organizational and follow-through capabilities Requirements - Experience in government, public sector, healthcare, or other regulated environments - Exposure to multiple frameworks or control mapping activities - Familiarity with compliance and security tools (e.g., Vanta, Drata, Wiz, Microsoft Purview, Defender, or similar platforms) - Experience supporting cloud security governance in Azure or AWS environments - Understanding of AI security, data governance, or vendor risk management practices related to AI-enabled solutions Benefits - Health care benefits and Insurance benefits (e.g., vision, dental, life, disability) - Retirement benefits (e.g., 401(k)) - Paid time off - 11 Paid holidays

Role Description Under the direction of the Manager, Identity Access Management and in support of the Chief Information Security Officer (CISO) and Orlando Health organizational business units, the Epic Security Analyst I provides consultation and guidance to the development, internal application and technical teams, and the third-party Epic EMP/SER provisioning vendor to maintain optimal protocols for granting and revoking appropriate end-user access for supported applications. The Epic Security Analyst I is responsible for the administration and coordination of all tasks related to SER, security tools, and policies and processes for Epic. This position provides outstanding client service and must be very knowledgeable about policies, procedures, and business operations. Responsibilities - Establishes Epic security protocols, in consultation with appropriate organizational stakeholders, and maintains the security of the Epic application. - Understands the foundational structures of Epic software, including profiles, roles, menus, and security classes, as well as network and device security relating to Epic and Epic end users. - Performs daily Epic security administration functions, including managing customer access requests, creating and/or deleting user profiles and accounts, maintaining appropriate documentation, and monitoring and auditing access logs. - Performs provider import/build as needed and cross-references user lists. - Works with Epic application teams to design system-level access, such as logout times, and leads decisions related to ownership and change delegation guidelines. - Takes ownership of process improvement in Epic Security provisioning, monitoring, and auditing. - Provides day-to-day troubleshooting, analysis, and resolution related to provider record issues. - Works with Epic project representatives to complete design, build, and test tasks in accordance with the project plan. - Identifies issues that arise within security and provider configuration, as well as issues that affect other application teams, and works to reach resolution. - Builds and maintains the Knowledge Base and any other Epic Security related processes, procedures, and policies. - Identifies and implements requested changes to the system. - Maintains effective communication with the Information Services Security Risk and Compliance Team and understands business needs and security concerns and communicates effectively with management. - Coordinates with the Epic Hosting Team and supports technical teams. - Takes the lead on implementation, including but not limited to presentations, Q&As, policies, and coordination of training. - Maintains regular communication with Epic representatives, including participation in weekly project team meetings. - Analyzes, interprets, and presents audit findings in clear, concise reports. - Maintains reasonably regular, punctual attendance consistent with Orlando Health policies, the ADA, FMLA and other federal, state and local standards. - Maintains compliance with all Orlando Health policies and procedures. Qualifications - Associate’s degree from a 2-year college or university. Requirements - Preferred: Security 101-Epic Fundamentals Certification - Preferred: Security 200-Epic Security Administration Certification - Preferred: IT Security industry certification (i.e., Security+, A+, CCNA) - Preferred: Certified Identity and Access Manager (CIAM) - Preferred: Certified Identity Management Professional (CIMP) - Preferred: Microsoft Identity and Access Administrator Associate - Two (2) years of information technology experience. - Two (2) years of customer support experience. Benefits - All Inclusive Benefits (start day one) - Student loan repayment, tuition reimbursement, FREE college education programs, retirement savings, paid paternity leave, fertility benefits, back up elder and childcare, pet insurance, PTO/Holidays, and more for full time and part time employees. - Forbes Recognizes Orlando Health as a Best-In-State Employer - Employee-centric: Orlando Health has been selected as one of the “Best Places to Work in Healthcare” by Modern Healthcare.

• Acompanhar projetos e planos de ação relacionados à Segurança Cibernética Industrial • Realizar follow-up de atividades junto às equipes envolvidas e stakeholders • Apoiar o controle de cronogramas, entregas, riscos e pendências • Elaborar e manter documentações, relatórios e indicadores de acompanhamento • Contribuir para a governança operacional das iniciativas de segurança • Prestar suporte às frentes de IDS Industrial, Secure Remote Access (SRA) e EDR Industrial

• Own and maintain key elements of the corporate security program, including identity governance, security policy, and security posture reviews. • Conduct access reviews and support least-privilege access management across corporate systems and SaaS applications. • Manage and maintain endpoint security standards and device security baselines. • Coordinate with third-party security service providers regarding detections, investigations, and response activities. • Develop, maintain, and communicate corporate security policies, standards, and acceptable use requirements. • Serve as a security resource for corporate employees seeking guidance on cybersecurity matters. • Support security awareness initiatives and employee education efforts. • Conduct periodic reviews of SaaS applications, cloud environments, and overall corporate security posture. • Support vendor security reviews and assessments. • Track and report security metrics, risks, and program status to leadership. • Assist in developing governance standards and acceptable use requirements for AI tools. • Evaluate security, privacy, and compliance considerations associated with emerging AI platforms. • Maintain working knowledge of cloud security principles across AWS, Microsoft Azure, and Google Cloud Platform (GCP).