SUMMARY

• Accomplished and seasoned IT/ Security specialist with over 18 years’ experience with on premise and cloud based products and applications. Seeking to benefit an environment with superior analytical skills. Passionate and motivated, with a drive for excellence.
• Designed, developed and enhanced global SAP security strategies
• Supported major project implementations of SAP products and regional implementations into one global central instance
• Support of a global production environment with over 10,000 named users
• SAP Security Architect for SAP implementations in China, Australia, India and Middle Eastern Africa, Japan and Europe
• Infrastructure and Operations lead for SAP Implementations. Traveled to remote sites to assess environments and suggest upgrades and enhancements to support an SAP rollout
• Managed a successful implementation of SAPGRC for SuperUser Privilege Management (SPM/Firefighter) and User self - provisioning
• Implemented and supported a SSO/SNC enterprise solution for over 60 SAP ABAP instances as well as ChaRM and GRC workflow notifications
• AWS Security lead. Developed roadmap and strategies for virtual data center in AWS, as applications migrated off physical data centers

PROFESSIONAL EXPERIENCE

Cloud Security Engineer

Confidential, MA

Responsibilities:

• Assisted in the migration of SAP landscapes to AWS Cloud Services. This included over 50 SAP instances now residing in the AWS Cloud enabling the shutdown of a 3rd party data center
• Experience building VPC’s for specific environment, and subnetting for private or public needs
• Developed an AWS security roadmap which included the AWS Services and 3rd party tools to be utilized in the AWS Cloud for Security monitoring
• Developed an AWS Security Group strategy. Determined naming conventions, owners, and approval process for Security Group change requests in a promote-to-production environment
• Enabled and configured CloudTrail logs for 26 AWS accounts. Created and managed an encrypted S3 Bucket for all CloudTrail logs and adjusted bucket policy for each accounts CloudTrail to access
• Installed and configured Amazon's Inspector. Created Targets and Templates and scheduled Assessment runs on all EC2 instances in the AWS account
• Created Lambda function to automate Inspector scans in 26 AWS accounts
• Developed Lambda scripts to enable monitoring and alerting of Root login, Access Key age, and any unapproved Security Group changes in production environments
• Enabled AWS Config to monitor changes in AWS accounts. Developed AWS Config Rules to monitor for unencrypted volumes, untagged resources in all accounts and open S3 buckets
• Configured SNS to alert Information Security team for any changes in the AWS environment, Inspector runs, and for any non-compliant resources based on AWS Config Rules
• Enabled and utilized AWS Trusted Advisor to inspect accounts and provide reporting and remediation recommendations
• Experience using CloudHealth for cost saving and security monitoring
• Enabled AWS GuardDuty and monitored 26 AWS accounts
• Tier 3 resource for SAP system support and escalation
• Installed, configured, and maintained a CyberArk environment for password management and privileged access
• Experience with Chef and Infrastructure as Code concepts. Attended Chef Essentials training performed by Chef
• Trained by AWS on Security Operations on AWS Security Concepts
• Trained and experienced in working in a Lean and Agile environment. Experience with Kanban and Scrum methodologies

SAP Systems Analyst

Confidential, MA

Responsibilities:

• Designed, developed, and enhanced the role based security landscape of a global SAP implementation of ECC, BI, SCM, SRM, PI (XI), Enterprise Portal, Solution Manager, GTS, PLM, and CRM 7.0 and GRC
• Lead the SAP Security team in migrating several regional SAP instances, into one global central instance of SAP worldwide. This included a series of 10 implementations and subsequent go-lives over an 8-year span
• Established, implemented and sustained world-wide SAP security governance model and policies in support of business strategy and direction
• Collaborated with business owners and SME's to create end user roles and derivatives for all Organization Units, in addition to creating a strategy for testing these roles and ultimately obtain sign off
• Responsible for production support for over 10,000 named SAP users across all SAP environments and clients on a 24 hour on-call basis
• Implemented and configured SAP GRC 10.0. Configured HR triggers for automated user creation in CUA. Rolled out user self-provisioning to the end user base with role approval workflows
• Configured SAP’s Firefighter, SPM, EAM for decentralized access. Developed a Firefighter log review process for compliance. Set up workflows and notifications to Controllers that log reviews were waiting in their inbox
• Configured and performed user administration through CUA
• Completed a SAP CRM rollout for our Australia business in July of 2012. This project added an additional 150 users onto the Bose CRM instance
• Completed a SAP CRM rollout for our Japan business in July of 2015. This project added an additional 200 users onto the Bose CRM instance
• Completed a SAP ECC rollout of our China business in July 2013. This project added an additional 250 users onto the Bose central instance
• Completed a SAP ECC rollout of our Japan automotive business in March 2015. This project added an additional 200 users onto the Bose central instance
• Completed a SAP ECC rollout of our Japan business in July 2015. This project added an additional 200 users onto the Bose central instance
• Completed a SAP ECC rollout of our India and Middle East business in July 2014. This project added an additional 150 users onto the Bose central instance
• Completed a SAP ECC rollout for our European businesses in March of 2016. This project added an additional 1200 users onto the Bose global central instance. This was the final rollout to complete the worldwide initiative of a global central instance
• Collaborated with Internal Audit team to analyze each of our ECC production users to determine transactions, and ultimately roles, that were unused by end users. This project consisted of eight separate waves of role removals which analyzed over 6000 users, and removed almost 7000 roles from these users, equating to over 319,000 t-codes being removed from the production environment
• Coordinated annual PWC audit activities including scheduling the audit planning meetings. Worked with the auditors and internal teams to develop responses/plans of action for any PWC findings. Performed lessons learned activities with the business and PWC to determine ways to streamline processes in effort to be more efficient
• Implemented and supported Security structure for Autosys' Embedded Entitlement Manager (EEM) and created views for Workload Control Center (WCC)
• Experience with SAP Integrated Business Planning (IBP) security and user maintenance
• Supported SAP HANA and HANA Studio Security
• Implemented Secure Network Communication (SNC) and Single Sign-On (SSO) for ABAP, HTTP, and ICF applications including SAPGUI, Portal, Charm, and GRC. Installed, configured, and annually patched Kerberos software on over 40 SAP instances, to enable SSO and SNC throughout the landscape
• Performed all SAPGUI annual patching, rollout strategies, and the overall upkeep of Saplogon.ini and Services files
• Utilized Remedy application for production support and the SAP Security team averages 450 remedy tickets per month
• Managed a rollout of SAP SuperUser Privilege Manager (SPM/Firefighter). Developed policies regarding mandatory quarterly sign off for all Firefighter Owners

SAP Security Analyst

Confidential Milford, MA

Responsibilities:

• SAP lead Basis/Security support for all US, Canada, Europe, and Far East sites
• Designed and maintained security architecture for entire SAP landscape based on business requirements and corporate solutions
• Designed all roles and role derivatives per business requirements
• Developed and enforced a change management policy for any changes in Production landscapes
• Designed, implemented and monitored a transport approval process for quality assurance
• Project lead for all SAP installations, upgrades and refreshes
• Developed project plans based on sequence of work to be performed. Proposed timelines and coordinated efforts to meet deadlines
• Monitor systems performance, disk space usage and transaction response times. Provide daily reports to executive team
• Created, scheduled, and monitored all background jobs. Gathered documentation detailing job owner, job purpose, normal runtimes and any dependencies

Infrastructure Analyst

Confidential Milford, MA

Responsibilities:

• Responsible for the smooth operation of all client/server hardware, software, and network connectivity throughout fourteen international sites
• Researched, implemented, and maintained a reliable tape backup solution for all corporate data and email mailboxes
• Maintained Active Directory and Group Policies, DNS, DHCP, and corporate Antivirus solutions.
• Helpdesk for over 1000 end users, providing support for several OS's including Windows 95/98, Windows NT 4.0, Windows 2000 Professional and Server, Windows XP Professional
• Assisted in the Rival Co. acquisition by integrating 20 servers, 400 desktops to Confidential network and ultimately collapsing 4 Rival sites