Boston Medical Center
Based in Boston, Massachusetts, Boston Medical Center (BMC) is the Boston University School of Medicine's primary teaching affiliate and a private, not-for-prof
Applications Security Analyst III – Senior
Location
United States
Posted
56 days ago
Salary
$83K - $120.5K / year
Seniority
Senior
Associate Degree5 yrs expEnglishCyber SecurityServiceNow
Job Description
• Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for joiner/mover/leaver access changes, troubleshooting, and triage
• Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately
• Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability
• Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy
• Develop and maintain standardized access patterns Attribute Based Access Control (ABAC) /templates, privileged/elevated access controls) aligned to least privilege
• Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions
• Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve
• Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps
• Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans
• Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready” (clean entitlements, requestable roles, approvals, constraints, and edge-case handling)
• Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students)
• Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails
• Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices
• Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement.
Job Requirements
- Associates degree OR equivalent education or experience
- Epic certification(s), Security strongly preferred
- 5+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility
- Strong Epic import/export, Microsoft Excel skills and experience
- Demonstrated expertise in Attribute Based Access Control (ABAC)/least privilege, access standardization, and governing elevated access in a complex clinical/operational environment
- Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation
- Strong cross-functional collaboration skills (Epic teams, operations, HR, IAM/IGA, IT) and clear written communication
- Preferred Bachelor’s degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred
- Additional Epic certifications
- Strong Data Governance knowledge and experience
- Experience implementing or partnering with IAM/IGA platforms (Okta LCM or SailPoint ISC/IIQ preferred; similar tools acceptable)
- Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare
- Microsoft Access database experience.
Benefits
- medical
- dental
- vision
- pharmacy
- discretionary annual bonuses and merit increases
- Flexible Spending Accounts
- 403(b) savings matches
- paid time off
- career advancement opportunities
- resources to support employee and family well-being
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Security Analyst I
PCI Pharma ServicesTogether, delivering life changing therapies. Let's talk future.
Security Analyst58 days ago
Full TimeRemoteTeam 1,001-5,000Since 1971H1B Sponsor
Security Analyst providing frontline security operations support for PCI Pharma
Cyber SecurityDNSLinuxTCP/IP
Pennsylvania
Security Analyst63 days ago
Full TimeRemoteTeam 1,001-5,000H1B No Sponsor
Compliance Specialist managing SOC reporting and risk assessments at Bonterra
Access Control Specialist
US Anesthesia PartnersQuality Anesthesia Care: We're raising the bar for the industry.
Security Analyst64 days ago
Full TimeRemoteTeam 5,001-10,000Since 2012H1B No Sponsor
US Anesthesia Partners is seeking an Access Control Specialist who is responsible for managing user access across enterprise systems, ensuring compliance with internal security policies and external regulatory requirements. This role plays a critical part in safeguarding sensitiv...
Access ControlIdentity and Access ManagementMicrosoft Entra IDActive DirectoryServiceNowExcelAudit PreparationComplianceDocumentation
United States
Lead Security Analyst, Cloud & Endpoint Incident Response
HubSpotSince launching in 2006, HubSpot has emerged as the force behind the industry-leading inbound marketing and sales platform. Among other accolades, HubSpot is al
Security Analyst64 days ago
Full TimeRemote
Lead Security Analyst managing AWS and endpoint incident response
AWSCloudLinuxMacOSPythonSplunk
