Epic Compliance & Environment Management Analyst

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary
The Epic Security Compliance Analyst monitors and reports on adherence to role-based access controls, performs regular internal audits to ensure data integrity and privacy. Engage in and respond to third-party audit requests. Must exhibit a professional attitude, communication style, and presence.

BASIC FUNCTION: The Epic Security Compliance Analyst monitors and reports on adherence to role-based access controls, performs regular internal audits to ensure data integrity and privacy. Engage in and respond to third-party audit requests. Must exhibit a professional attitude, communication style, and presence.

Qualifications

Minimum Qualifications:

• 3 years of experience in healthcare IT

• Demonstrated experience with EMR software, including audit reporting, and change control processes using tools like Data Courier, Content Management and Analytics Catalog.

• elf-directSed learning, multi-tasking, organizational, communication, and IT project management skills.

Preferred Qualifications:

• Some experience specifically supporting Epic environments.

• Demonstrated experience with Epic software, including audit reporting, and change control processes using tools like Data Courier, Content Management and Analytics Catalog.

• Relevant Epic certifications (e.g., Data Courier, Bridges) are often preferred. ITIL certification is also a common preference.

• Certified Information Systems Security Professional (CISSP) preferred.

Education:

• Degree in Information Technology, Computer Science, or a related field; or comparable industry and vendor-provided Certifications

PRINCIPAL ACCOUNTABILITIES:

Security Compliance

• Conducts Routine Audits: Reviews and assesses compliance with departmental policies and procedures on data migration, EPCS, system access.

• Complies with Audit Board Requests: Provides requested reports and documentation as required and coordinates with IA SOX to respond to any findings.

• Configures Compliance Reports: Highlighting findings, recommendations and areas of concern.

• Administers investigations into potential compliance violations or breaches: Gathers evidence, conducts interviews, and prepares reports on the findings.

• Monitors Disaster Recovery Exercises: Tracks scheduling compliance, and completion.

Collaboration and Communication

• Act as a Liaison: Serve as a bridge between Epic technical teams and Internal Audit.

• Host and Facilitate Meetings: Coordinate meetings to review any findings and deficiencies with teams and assist in remediation plans.

• Communicate Effectively: With minimal manager supervision, draft, prepare and disseminate education on identified compliance violations.

• Project Management: Manages smaller projects with multiple teams and participates in multi-disciplined project teams.

Monitoring and Support

• Track and Document: Maintain documentation for routine audits, compliance reports and Audit Board requests.

• Monitor Performance: Track clinical and technical team adherence to policies and procedures.

• Analyzes internal controls, policies and procedures: Identifies weaknesses and recommend improvements.

• Monitors Epic Access: Collaborate with Epic Security group to confirm all Epic certifications are up to date for Epic analysts with EMR access.

• Track downtime: Monitor the planning and testing of downtime and disaster recovery procedures.

• Leverages ITSM services: Leverages ServiceNow for incident management review and change control compliance.

General

· Demonstrate ability to integrate into multiple work teams.

· Responsible for understanding the technological advances and innovations available in the healthcare industry.

· Promotes individual professional growth and development by meeting requirements for mandatory/continuing education, skills competency, supports department-based goals which contribute to the success of the organization, serves as a customer resource.

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$64,890.00 - $173,040.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 06/09/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.