All the benefits and perks you need for you and your family:

• Benefits from Day One
• Paid Days Off from Day One
• Student Loan Repayment Program
• Career Development
• Whole Person Wellbeing Resources
• Mental Health Resources and Support

Our promise to you:

Joining AdventHealth is about being part of something bigger. It’s about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.

Schedule: Full Time

The role you’ll contribute:

The Manager is responsible for managing the AIT Enterprise Security Team EPIC, which provides centralized security services for AIT enterprise application role design and build, account provisioning, and operational auditing. The security team will be focused on applying industry best security practice consistently across all facilities within AdventHealth System. The Manager must be focused on staff development to ensure the staff maintains the necessary knowledge and skills to understand and apply technology tools, standards, systems, policies and processes that are required to provide the secure and appropriate access of our mission critical applications.

The Manager provides oversight to the implementation of all business applications in order to maintain adequate security and control measures. The Manager and Security team must provide subject matter expertise in security concepts and methodologies while working diligently to improved application security and awareness at AdventHealth System. The manager should be a visible internal spokesperson for application security and controls, including segregation of duties, and is charged with gaining widespread support of and compliance with application security requirements, in accordance with the audit and education plans led by Information/Data Security and Senior Security Manager.

The Manager should be knowledgeable on security and business regulations and frameworks. (i.e. HIPAA, HITECH, PCI, FERPA; COBIT, NIST, ISO). This position will provide security best practice guidance, supervision, direction, and coordination of the business, functional, and technical teams on all stages of the application implementation process from application selection or development through post-implementation support. This individual will analyze Security Testing against project requirements, and be responsible for the training of key Subject Matter Experts (SMEs) on role-based testing, and general applications controls such as timeouts and password rotation and complexity, to accelerate the testing process.

The Manager will ensure the Security team conducts routine and accurate security level auditing and evaluations as requested providing management with appropriate assessments and recommendations. This will include assistance in the auditing of new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that systems and procedures are in compliance with corporate and industry recognized standards.

This individual must be able to excel in communications with all stakeholders in strategic design process, issue resolution and change management to translate security and business requirements into processes and systems. He/she must be experienced and knowledgeable of all focus areas in healthcare IT including clinical, business, physician, interoperability, human resources and support/helpdesk systems. In coordination with the Senior Security Manager, the Manager reviews, prioritizes and recommends information security improvements as they relate to the achievement of the customer's business goals and objectives, while balancing to also achieve the organization’s desired security and privacy risk posture. This individual will embrace the mission of AdventHealth Systems, demonstrating outstanding leadership, approachability, integrity and mentoring skills. The Security Manager must provide subject matter expertise in security concepts and methodologies while working diligently to improved application security and awareness at AdventHealth System, especially as it is applied to the EPIC system. The manager should be a visible internal spokesperson for application security and controls, including segregation of duties, and is charged with gaining widespread support of and compliance with application security requirements.

Implements and maintains high performance teams through effective interviewing and selection, establishment of individual and team goals and objectives, performance evaluation and development, formal and informal coaching and counseling, and mentoring personnel as they grow within the organization. Critical skills also include ability to present and educate on security concepts, application architecture, documentation process, and career path for security professionals from associate/entry level through senior/team lead level.

The value you’ll bring to the team:

• Provides leadership, coaching, managerial, technical, procedural and process related assistance to members of the IT Enterprise Security Team EPIC.
• Responsible for staff hiring, successful planning, and performance management activities.
• Responsible for scheduling and coverage for all day-to-day operational activities, including on-call rotation for support, access coverage for applications provisioned, and monitoring activities including any account remediation required for compliant access control.
• Assist Director in annual budget development for area of responsibility.
• Leads and mentors team members in design, build and configuration of application security access controls for all enterprise supported Electronic Health Record systems including Epic applications and any supporting third- party integrated applications.
• Lead and Mentor team members in design and architecture of enterprise application control security solutions in coordination with IT, Clinical and Business team members.
• Using project management skills, manages, executes, and supports project phases and tasks as it relates to enterprise application control security through the lifecycle of the project, including gathering functional and technical requirements, constructing project scope, completing and/or coordinating the completion of technical deliverables and milestones, sharing end-user concerns, presenting results to management.
• Develops and maintain collaborative relationships with all stakeholders including application/system owners and vendors; meets with customers and sponsors to capture business & technical requirements, system process documentation, and outlines process steps using appropriate tools.
• Develops and maintains system design documentation and outlines build steps using appropriate tools with direction and assistance from team members or the application manager.
• Gathers and analyzes data that will be supportive of all change and implementation activities to improve data integrity and optimization.
• Work directly with the user community, information technology and security teams to support and troubleshoot all clinical and business applications and Electronic Health Record systems, including EPIC applications and integrated EPIC applications with industry standard service management and clinical and business to ensure a secure, positive and consistent user experience.
• Ensures systems and procedures are in compliance with corporate and industry recognized standards.
• Assist and guide the user community on security processes.
• Analyze and recommend technical improvements in IAM software and systems to improve staff efficiency.
• Provide high level of technical assistance and mentoring in areas of provisioning and access controls.
• Research and evaluate new technology to continuously improve processes and the organization's overall security posture.
• Mentor team members in responsibilities and protocols for representing IAM Department for Access Control reporting to Corporate Responsibility, Information Security, and Audit departments.
• Manage the collection of data and processes for investigations as required by IAM Management.
• Ability to receive calls and text messages 24 hours a day, seven days a week on a rotated basis to provide excellent customer service to our clients.
• Perform other duties that may be assigned by IAM Management.

The expertise and experiences you’ll need to succeed:

KNOWLEDGE AND SKILLS REQUIRED:

• Epic Proficiency with Honors, Certification, or ability to complete certification within 3 months of completing classes.
• Expertise in methods of access control to applications/systems, including role-based, rule-based, attribute-based, and management of exceptions.
• Supported multiple security platforms using various user interfaces.
• Experienced with large and complex systems having multi-layered architectures and use of Software Development Lifecycle methodology.
• Expertise in security risk assessments with success in recommend solutions to support business needs while simultaneously supporting security requirements.
• Expertise of security requirements specific to Healthcare including HIPAA, HITECH, and SOX.
• Expertise of security frameworks including HITRUST.
• Must be a fast learner with a commitment to personal growth and mentoring others in the domain of Information Security.
• Proven experience in partnering with vendors in software development and customization.
• Expertise in knowledge of healthcare or clinical physician clinical practice.
• Expertise in mapping job role and scope of practice to access control design and development.
• Able to work in a fast paced environment, handle changing requirements, and perform under tight timelines.
• Advanced knowledge of Microsoft suite of products.
• Knowledge of industry recognized security concepts, regulatory agencies, and security best practice.
• Proven competence to independently champion architecture principles with business owners, application owners, and technology partners.
• Understanding of key InfoSec concepts, regulation & frameworks (i.e. ARRA/HITECH, HIPAA, PCI, SOX, NIST, ISO).
• Must be self-motivated, responsible, conscientious, and detail-oriented and possess a passion for excellence.
• Quick learner who can master system design with little or no documentation. Continuous learning of new systems, business processes & concepts.
• Proven experience in mentoring and communicating with people of varying levels of technical competencies. Must be able to communicate highly technical information in a non-technical format.
• Must possess strong interpersonal, verbal and written communication skills and have experience and willingness to teach/mentor others.
• Knowledge of evidence collection techniques (e.g. observation, inquiry, inspection, interview, data analysis) used to gather, protect and preserve audit evidence.
• Skilled in creating, training and utilizing reporting tools and methods to support requirements for auditing, analysis, data reporting, etc.
• Ability to communicate and guide best practices in troubleshooting, testing techniques, and quality assurance.
• Excellent project management, change management, process management, time management and organizational skills. Ability to lead and implement large and complex projects within approved budget and timelines. This will include all aspects such as facilitation of user meetings, business analysis, project planning, training, and implementation. Must have proven ability to estimate level of effort, duration, and anticipate and communicate multiple priorities.
• Aptitude to present security models, regulatory and compliance directives, policies, standards, industry best practice and application security architecture in a clear and engaging way.
• Ability to utilize industry support tools to support security building, auditing, reporting and support processes. (Such as Snag-it, PowerPoint, CCL, Crystal Reports, SQL, etc.)
• Applies best practice techniques in troubleshooting, testing, and quality assurance.
• Ability to travel occasionally as needed to support project implementation and assist with assessment of local workflow processes as needed.
• In order to support and maintain the technology systems and services in our hospitals, must have the ability to receive calls and text messages 24 hours a day, seven days per week.

KNOWLEDGE AND SKILLS PREFERRED:

• Application security training and experience in EPIC, Cerner, Active Directory, Identity Management, another major EHR system, or other major system architecture.
• Advanced knowledge of Microsoft suite of products.
• Advanced Knowledge of security requirements specific to Healthcare including HIPAA, HITECH, and SOX.
• Advanced Knowledge of security frameworks including HITRUST, ISO, NIST, COBIT.
• Working knowledge of healthcare or clinical physician clinical practice.

EDUCATION AND EXPERIENCE REQUIRED:

• Four year college degree in Information Management, Information Security or related area.
• 6+ years information security experience and a strong knowledge of security standards.
• 5+ years Software design and architecture experience in ERP, Identity Management, Cerner EHR and/or other EHRs, or major enterprise systems.
• 3+ years Active Directory administration, build and/or design experience.
• 2+ years in Management, Supervisor or Team Lead role, proven ability to lead a high performing team.
• 3+ years providing customer support in a healthcare or technology oriented environment.
• Understanding of current regulatory environment and related implications to Identity Management and Security/Audit Compliance.
• Fluency in Common Industry User Directories (LDAP, Active Directory, etc.)
• EPIC EHR Accreditation (Proficiency with Honors), Certification or ability to complete within 3 months of completing classes.

EDUCATION AND EXPERIENCE PREFERRED:

• EPIC Certification.
• Knowledge of information security systems including Encryption Protocols, SSL, Certificates.

LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:

• EPIC Accreditation (Proficiency with Honors), Certification or ability to complete within 3 months of completing classes.

LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:

• Industry recognized Security certification such as Security +, CISA, CISM or CISSP.