Role Description Under the direction of the Manager, Identity Access Management and in support of the Chief Information Security Officer (CISO) and Orlando Health organizational business units, the Epic Security Analyst I provides consultation and guidance to the development, internal application and technical teams, and the third-party Epic EMP/SER provisioning vendor to maintain optimal protocols for granting and revoking appropriate end-user access for supported applications. The Epic Security Analyst I is responsible for the administration and coordination of all tasks related to SER, security tools, and policies and processes for Epic. This position provides outstanding client service and must be very knowledgeable about policies, procedures, and business operations. Responsibilities - Establishes Epic security protocols, in consultation with appropriate organizational stakeholders, and maintains the security of the Epic application. - Understands the foundational structures of Epic software, including profiles, roles, menus, and security classes, as well as network and device security relating to Epic and Epic end users. - Performs daily Epic security administration functions, including managing customer access requests, creating and/or deleting user profiles and accounts, maintaining appropriate documentation, and monitoring and auditing access logs. - Performs provider import/build as needed and cross-references user lists. - Works with Epic application teams to design system-level access, such as logout times, and leads decisions related to ownership and change delegation guidelines. - Takes ownership of process improvement in Epic Security provisioning, monitoring, and auditing. - Provides day-to-day troubleshooting, analysis, and resolution related to provider record issues. - Works with Epic project representatives to complete design, build, and test tasks in accordance with the project plan. - Identifies issues that arise within security and provider configuration, as well as issues that affect other application teams, and works to reach resolution. - Builds and maintains the Knowledge Base and any other Epic Security related processes, procedures, and policies. - Identifies and implements requested changes to the system. - Maintains effective communication with the Information Services Security Risk and Compliance Team and understands business needs and security concerns and communicates effectively with management. - Coordinates with the Epic Hosting Team and supports technical teams. - Takes the lead on implementation, including but not limited to presentations, Q&As, policies, and coordination of training. - Maintains regular communication with Epic representatives, including participation in weekly project team meetings. - Analyzes, interprets, and presents audit findings in clear, concise reports. - Maintains reasonably regular, punctual attendance consistent with Orlando Health policies, the ADA, FMLA and other federal, state and local standards. - Maintains compliance with all Orlando Health policies and procedures. Qualifications - Associate’s degree from a 2-year college or university. Requirements - Preferred: Security 101-Epic Fundamentals Certification - Preferred: Security 200-Epic Security Administration Certification - Preferred: IT Security industry certification (i.e., Security+, A+, CCNA) - Preferred: Certified Identity and Access Manager (CIAM) - Preferred: Certified Identity Management Professional (CIMP) - Preferred: Microsoft Identity and Access Administrator Associate - Two (2) years of information technology experience. - Two (2) years of customer support experience. Benefits - All Inclusive Benefits (start day one) - Student loan repayment, tuition reimbursement, FREE college education programs, retirement savings, paid paternity leave, fertility benefits, back up elder and childcare, pet insurance, PTO/Holidays, and more for full time and part time employees. - Forbes Recognizes Orlando Health as a Best-In-State Employer - Employee-centric: Orlando Health has been selected as one of the “Best Places to Work in Healthcare” by Modern Healthcare.

• Acompanhar projetos e planos de ação relacionados à Segurança Cibernética Industrial • Realizar follow-up de atividades junto às equipes envolvidas e stakeholders • Apoiar o controle de cronogramas, entregas, riscos e pendências • Elaborar e manter documentações, relatórios e indicadores de acompanhamento • Contribuir para a governança operacional das iniciativas de segurança • Prestar suporte às frentes de IDS Industrial, Secure Remote Access (SRA) e EDR Industrial

• Own and maintain key elements of the corporate security program, including identity governance, security policy, and security posture reviews. • Conduct access reviews and support least-privilege access management across corporate systems and SaaS applications. • Manage and maintain endpoint security standards and device security baselines. • Coordinate with third-party security service providers regarding detections, investigations, and response activities. • Develop, maintain, and communicate corporate security policies, standards, and acceptable use requirements. • Serve as a security resource for corporate employees seeking guidance on cybersecurity matters. • Support security awareness initiatives and employee education efforts. • Conduct periodic reviews of SaaS applications, cloud environments, and overall corporate security posture. • Support vendor security reviews and assessments. • Track and report security metrics, risks, and program status to leadership. • Assist in developing governance standards and acceptable use requirements for AI tools. • Evaluate security, privacy, and compliance considerations associated with emerging AI platforms. • Maintain working knowledge of cloud security principles across AWS, Microsoft Azure, and Google Cloud Platform (GCP).

• Monitor security events in real time using SIEM, XDR, and other industry-standard security tools. • Perform advanced alert triage, distinguishing false positives from real incidents. • Correlate events from multiple sources (network, endpoint, identity, cloud). • Execute operational playbooks for initial response. • Escalate relevant incidents to higher tiers (N2) with structured context. • Contribute to rule tuning and continuous improvement of detection quality. • Document evidence, analyses, and classifications in incident management tools.