SUMMARY:

• SAP Security consultant with over 12 years of multiple implementations experience in SAP R/3 Security, HR Security and SAP - BW/BI.
• Functional experience in implementing SAP Security right from Scratch
• Excellent knowledge of SAP Governance Risk and Compliance Access Control.
• Upgrade experience to GRC 10.1 from GRC 10.
• Good Understanding of GRC 10.1 Process Control and configuration.
• Sun IDM integration with SAP GRC.
• Expert in GRC implementation; automation; upgrade experience with GRC CUP, RAR, SPM SAP CUA (Central User Administration) integration with SAP GRC.
• Implemented MSMP workflows for different User provisioning requests and FF user access
• Integrated LDAP to perform data validation for user requests, auto populates cost center, account number and etc fields
• Experience with Light directory active protocol with GRC, SAP Portal, Sun IDM.
• Extensive experience in SAP Security in SAP R/3, BW, APO, SEM, CRM, MM, PP.
• Integration experience with Central User Administration and Sun Identity Management.
• Strong configuration and analysis experience in using Profile Generator in SAP Security.
• Involved in upgrades, (4.7to ECC 5.0 & 4.7 to ECC 6.0 )
• Configured and Implemented Non Prod & Prod CUA instances.
• Defined naming standards and procedures for Roles & Profiles.
• Deployed and supported Structural Authorizations for HR Module.
• Implemented SSO (Single Sign-On) For Prod & Non Prod Systems in EP.
• Supported MM, HR, FI, CO, SCM, SD, BW, APO, CRM.
• Experience In Identifying and resolving Segregation of duties issues (SOD).
• Worked with Transaction Variants for changing the Screens.
• Extensive experience with CUA User Security Profiles, Profile Generator and Authorization.
• Continuously improved security configuration to reflect best practices and to prepare for system audits, Audit Remediation.
• Good communication and documentation skills, proven ability to work on multiple tasks concurrently completing them with in time and budget.
• Proven ability to work effectively in a team environment.

PROFESSIONAL EXPERIENCE:

Confidential, Sanford, NC

SAP GRC Subject Matter Expert

Responsibilities:

• Worked with stake holders in Business blue Printing phase to understand the custom requirements/changes to provide flexible solution through GRC Application.
• Gathered requirements from the business to implement GRC Access Control ARA,EAM,ARM,BRM modules for BB&T’s project one Go-Live.
• Based on the requirement’s created the Process Design Document ( PDD) and Technical Design Document (TDD).
• Designed and Implemented the solution in GRC as per the business approved PDD and TDD documents.
• Performed GRC 10 Post Installation and configuration steps like activating BC Sets, Services, Connector group Config .Etc.
• Currently working on prototyping a project in GRC Process Control & Risk Management in GRC 10.1
• Integrated Active Directory to GRC system successfully.
• Co-ordinated with basis team on setting up RFC Connections and Batch ID’s, Fine tuning of database for Batch risk analysis jobs.
• Implemented many SAP Notes by coordinating with Basis and development teams.
• Implemented BADi to enable the access request escalation at line item/ role level in MSMP workflow.
• Created GRC roles to BB&T namespace from standard SAP templates and tuned them as per the requirement
• Designed and Developed business roles that should be available through ARM.
• Worked with the business in identifying Firefighter Owners, controllers, mitigation Owners and mitigation Controllers, Role owners and Risk Owners.
• Working with Internal and external auditors in defining the enterprise level ARA rule set.
• Had extensive discussions with Business process owners and auditors to identify and create ARA rule set for BI system.
• Worked with ESM Security team in coming up with test cases in EAM,ARA functionality.
• Created MSMP workflow’s for Access Request Workflow( including Firefighter provisioning), Firefighter Log review, User access review and SoD review.
• Defined MSMP workflow’s for auto provisioning new Users and modify existing users access in production systems.
• Created a custom initiator using BRFPlus to handle manual and auto provisioning of users and roles.
• Using BRFPlus created an application for handling user defaults and parameters for different systems in the landscape.
• Designed and integrated custom solution to integrate GRC system with SAP PI and IG01 (BB&T Legacy HR system) application to automatically provision users to SAP systems through GRC MSMP Workflow.
• Successfully upgraded from GRC 10 to GRC 10.1 system.
• Interacted with SAP on Potential bugs/issues relating to standard and custom functionality through OSS Messages for the GRC 10.1 upgrade
• Implemented multiple OSS notes to resolve standard functionality issues experienced on the GRC 10.1 upgraded system.
• Coordinated with Unix, Database, Basis and application management team in orchestrating the system downtime/availability for Database and net weaver upgrade as part of the GRC 10.1 upgrade.
• Completely responsible for end to end System Integration Testing, And helped the Functional team complete the Functional Unit Testing of the entire GRC Functionality for the GRC 10.1 Upgrade.
• Hands on experience on GRC 10.1 new features like HANA Studio Provisioning, Remediation View, Simplified Work Inbox, Custom group Etc.
• Created Functional Unit test cases and user acceptance test cases for all GRC functionality.
• Lead an Offshore team to design, develop, test and promote SAP roles for Project 1-Release One & Two

Environment: ECC 6.0, BI 7.0, LRM,BPC,PI,SolMan,EP,Business Objects, BPC,GRC 10 AC, GRC 10.1AC, PC & RM. HANA,NW 7.4,DB2

Senior SAP idM/GRC Security Consultant

Responsibilities:

• Participated in initial meetings with Business and Functional resources to understand the existing business process of the company and to gather requirements for the implementation of R7 project for Frito Lay North America.
• Closely worked with functional team to build role mapping matrix.
• Gathered the functional Specs for Job mapping related profiles.
• Prepared Functional design documents for security relevant customizations.
• Worked with ABAP team to automate security related processes.
• Worked with project management team to provide the tasks associated to security for various phases of the project.
• Worked closely with the COE group and internal controls team in identifying SoX sensitive risks.
• Written System integration Test cases and User acceptance test cases and executed them in ECC and GRC landscapes.
• Designed and developed Cutover profiles specific to Go-Live actives and Hyper care activities/
• Troubleshooting and post go live support of HCM, BI, Portal, GRC and LDAP.
• Configured HR Triggers to leverage the auto provisioning of users for New Hire and Rehire CUP requests from HR system to CUA system.
• Proven knowledge on analyzing data in SAP delivered tables on VIRSA like /VIRSA INT TRIG and /VIRSA/DATA to troubleshoot error handling issues.
• Hands on experience in maintaining and modifying Workflows and different configuration scenarios inside Compliant User provisioning tool.
• Troubleshooting experience on HR Triggers, Access requests from Sun Identity Management tool.
• Monitoring of background jobs (Nightly, periodically) for HR Triggers on user loads and successful user provisioning on CUA.
• Good knowledge on day to day issues with GRC Administration processes.
• Installation of GRC Access Control - Prepared the Business Blue print, Project Plan for GRC AC 10 Project.
• Currently working on both GRC 5.3 in PepsiCo North America Landscape and GRC 10 on Pepsi International Landscape.
• Defined GRC AC 10 implementation Strategy with industry best practices.
• Provided Knowledge about the Key Benefits and futures of GRC AC 10 to the client before Project initiation and implementation to PI (Pepsi International).
• Post Installation Activities of GRC Access Control suite which includes activation of AC and PC capabilities in the system.
• Configuration of GRC AC components - Analyze and Manage Risk (RAR), Emergency Access Management (SPM) and Provision and Manage Users (CUP)
• Worked with Internal Audit and Security team for Rule set Customization/updating for all modules.
• Part of Role remediation team for all SAP modules.
• Extensively worked on Provision and Manage Users - Designed EUP (End user Personal Screens), MSMP - Multi User Multi path workflows.
• Worked on idM/GRC Integration by understanding the idM request forms for different systems in the landscape.
• Written and executed test case documents for idM/GRC integration.
• Configured MSMP workflows for user creation, changes for Role approval for ALL SAP systems
• Configured Firefighter ID’s in NWBC in the process of setting up SPM.
• Mass maintained roles in NWBC.
• Checked the request audit logs in NWBC to troubleshoot requests sitting in Escape route.
• Configured repository objects in BRF+ for role approvers, Controllers.
• Maintained User defaults in SPRO and BRF+.
• Prepared the configuration guide / User manual for GRC Access control.
• Complete end to end implementation experience of SAP Business objects Access Control
• Involved with SP Upgrades of GRC on CUP, RAR at PepsiCo using GRC 5.3
• Good troubleshooting experience around idM Web service errors pertaining to GRC 5.3 CUP requests.
• Unit/Regression tested both idM and GRC for multiple service pack and support pack updates, upgrades and new enhancements.
• Daily monitoring and troubleshooting the idM and GRC 5.3 requests that encountered issues relating web service calls and missing parameters.
• Configured/updated new & existing workflow items (Initiator, Custom Approver determinates (CAD’s), Stages, Paths and detours in GRC 5.3 for North America landscape.
• Constantly updated the role import file and CAD files with new roles and approver changes as per PCS team.
• Worked with idM team closely in designing new processes relating to request audit trail and post provisioning access setup via idM/GRC 5.3 system.
• Worked closely with SAP development teams through OSS Messages to resolve known errors and bugs with each service pack upgrade and participated in implementing, Unit testing, Regression testing, Negative testing of the same.
• Provided customer support to end users after HCM go-live at Pepsi and effectively resolved issues that came in through the SM7 ticket management system.
• Working on every day production support tickets in ECC, BI, and APO & SCM.
• Ran LDAP- Putty Sync to make sure roles assigned in the backend is reflected in portal.
• Worked with the cross functional teams in identifying role approver changes.
• Set up security for the HR Functional, development and testing teams in non production systems.
• Troubleshoot authorization issues for the HR team members in the non production systems.
• Involved in Security design strategy. Design involved use of Structural authorizations, context sensitive authorizations and custom authorization object.
• Designing, development of position based and structural authorizations.
• Designed, developed, and maintained structural authorizations and standard authorizations for position-based HR security strategy including ESS and MSS
• Created/Maintained new roles and PD profiles (structural authorizations).
• Assigned roles to positions using PP02.
• Assigned PD profiles to positions using PO13.
• Executed program RHPROFL0 for maintaining PD profiles to positions.
• Executed PFUD to maintain role assignment to positions.
• Extensively used OOSB and HRAUTH to troubleshoot structural authorization issues.
• Used HR tables PA0001, PA0105, HRP1001, HRP1002, USR02, and USR05 for analysis and troubleshooting.
• Scheduled daily jobs for Index programs RHBAUS00, RHBAUS01, RHBAUS02 to address performance issues.
• Scheduled daily jobs for PFUD and RHPROFL0.
• Developed Custom Authorization Objects for queries developed by the users. experience in creating roles in SAP BI for restricting InfoAreas, InfoCubes, and Queries etc.
• Extensively used RSECADMIN for developing/changing custom authorization objects, troubleshooting authorization problems.
• Configured roles and authorization objects to secure reporting users.
• Used InfoObject Security (field-level security) for Reporting Users and also created custom reporting authorization objects (Analysis authorizations).
• Limiting the Query access within the BEx Analyzer.
• Secured the data presented in Queries by Hierarchy node.
• Maintaining authorizations for Hierarchies.
• Documented the approvals and change management in Solman.
• Created transport request in CHARM for changes that are to be propagated to different environments in the landscape.

Environment: ECC 6.0, BI 7.0, HCM, idM 7.0, Microsoft AD, GRC 5.3 on PepsiCo North America land scape, idM/GRC 10.0 on Pepsi International (PI) Land scape.

SAP GRC Consultant

Responsibilities:

• Configured and Implemented GRC Access Control Suite 5.3
• Done post installation steps for RAR,SPM And CUP
• Worked closely with the basis team in establishing the RTA’s Connectors.
• Worked with Internal and external audit teams in identifying, eliminating and mitigating potential risks.
• Configured RAR with the default rule set and created custom Risks as per business requirement and audit specifications
• Configured SPM for Firefighter access.
• Identified and created Firefighter roles.
• Worked closely with Process control team in defining the, Risk Identification, Remediation and User provisioning.
• Created and configured Paths and workflow’s for User provisioning on New User, User modification.
• Successfully measured the system for SAP License audit 2010.

Environment: ECC6.0, CRM 7.0, Net Weaver 4.0, GRC 5.3

SAP GRC/Security Lead

Responsibilities:

• Lead a SAP Security team to Implement COMPASS right from scratch for MM, SD, PP, LE Modules.
• Created a strategy for design, built, Implement, test & deploy applicable security in FI, CO, FSCM, SD, MM, PP, LE Modules in ECC 6.0.
• Experience in upgrading Security of SAP systems.
• As a Team lead coordinated between different functional teams in Coming up with new Security role Matrix based on new BPML and PDD Documents.
• Worked with COE (Center Of Excellence) and functional Consultants in identifying new business processes.
• Identified Critical transactions during Design Phase that might cause Potential SOD Issues.
• Worked as a liaison between Internal Audit, Business and COE in identifying, communicating and remediating Sox compliance issues.
• Recommended and Incorporated new mitigations in GRC by interacting with internal auditor and COE.
• Installed and configured GRC Access control Suite 5.3 to support End-to-End Compliance from risk identification and remediation.
• Done Post installation configuration for GRC components.
• Extensively worked on GRC 5.3 Components CUP (Compliant User Provisioning), RAR (Risk Analysis and Remediation), and SPM (Super privilege Management).
• Completed configuration task on all components of GRC and lead configuration workshops.
• Defined/Configured workflows, stage and paths in CUP
• Configured Risk and mitigations interaction in RAR
• Defined and configured Firefighter ID, Controllers, and Reason codes in SPM.
• Experience in identifying SODs and making roles/IDs SOX compliant.
• Created new mitigations and controls in Compliance Calibrator.
• Applied Mitigations to users in Production system that has SOD Risks Using Compliance Calibrator.
• Completely responsible for redesigning, Developing, Testing and deploying of existing security setup to make a standard and stable Security system.
• Designed, developed, tested and implemented security for collection and dispute management in FSCM module.
• Created and maintained Portal roles, IDs, and groups using the UME.
• Knowledgeable in connecting the Portal system to LDAP for authentication purposes.
• Designed, developed, and maintained structural authorizations and standard authorizations for position-based HR security strategy.
• Implemented PA/PA, OM, Payroll, Time modules, ESS & MSS for HCM.
• Actively involved in creating and maintaining CRM security roles in Sales, Marketing.
• Worked with CRM Functional users in exclusively identifying PFCG roles for each Business role in Sales, marketing.
• Assigned CRM roles to users both directly in SU10 and indirectly in PPOMA CRM.
• Created composite roles (Action roles) for full HCM implementation.
• Assigned profiles and conducted testing based on position in HCM environment.
• Developed LSMW Scripts to Mass Create new Derive roles based on the organizational levels.
• Resolved every day production support issues like end user authorization Issues, Trouble shooting.
• Closely worked with COE in Approval process for Designing &Developing new roles.
• Trained help desk personnel and ITD Security personnel in Firefighter dash board and Compliance calibrator activities.
• Able to create Security documentation based on SAP Security best practices.
• Familiar with assigning SAP License types to user IDs and creating SAP License reports.
• Performed enterprise level yearly SAP system measurement for license audit.
• Experienced in using SU24 to associate objects and their field values with transactions to reduce role maintenance.

Environment: ECC6.0, Net Weaver 4.0, GRC 5.3, Oracle10g Business Objects XI 3.0

Modules: FI, CO, FSCM, MM, SD, PP, BI 7.0, EP 7.0, CRM 7.0, cProjects

SAP Security Consultant

Responsibilities:

• Worked with Business Process Owners, Super Users, & End Users In Resolving And Improving Security Aspects at Sauer-Danfoss.
• Coordinated With Users and Business Owners across the Globe in Fixing and Solving Authorization Issues at Transaction And Auth Object Level.
• Worked Extensively on Sauer-Danfoss (SD Requests, SIR Requests) Ticketing Systems.
• Experience in trouble shooting Various Upgrade Issues (4.7 to ECC 6.0).
• Extensively worked on transactions like SU01, PFCG, SUIM, SE10, SE93, SU24, SU53, RSSM, ST10, PFUD, SE16, and SM37.
• Created & Modified Roles as per to the Requirements in R/3, HR, BW Environments.
• Gathered and documented all the specifications from Business Owners, Super Users before designing New Roles or making any changes to the Existing roles in All Modules Including HR.
• Assigned roles indirectly to the Users in HR system Based on the Position.
• Fixed the Structural Authorization issues for the HR Users in PA & OM Environment.
• Used the RSSM transaction in the BI system to create new and modify Existing Info Objects, Hierarchies.
• Worked with Reporting Users, Power Users and Administration Users in Identifying And Resolving Authorization Issues in BI System.
• Traced the users through RSSM in the BI Environment.
• Implemented and worked with SSO (Single Sign-On) on all the systems in landscape.
• Successfully Imported Certificates for all systems using EP.
• Created New and Supported New Roles in EP
• Supported APO roles for DP (Demand Planning) and SNP (Supply network planning) implementation.
• Ran VIRSA Compliance Calibrator Test on all New and Modified Roles to Identify and resolve any SOD Conflicts both at transaction and Auth Object level.
• Assisted security team in redesigning of SAP Security roles, identifying SOD’s, building SOD Matrix and in creating new SAP Security Roles
• Created Firefighter and Firefighter ID’s in Firefighter Dashboard.
• Simulated User based, Role based background jobs in VIRSA Risk Assessment Tool to Identify Any SOD issues.
• Taken monthly VIRSA Evaluation Checks, to Analyze Overall monthly SOD Conflicts, in the entire SAP landscape.
• Generated profiles in Expert mode.
• Taken Audit of all the systems in the Landscape periodically.
• Created detailed audit analysis reports.
• Regulated access to Critical Authorization Objects by maintaining the right Authorization groups.
• Developed Single, Master Derived Roles and tested them in Various Clients and systems in the Landscape.
• Extensively used ST01 and SU53 Transactions in Trouble Shooting Authorization Check and Interface Checks.
• Transported Custom and Workbench Requests across the landscape.
• Specified the Auth Objects that are to me Maintained and modified for Various Custom Transactions using SU24 and SE93 in HR, BW and R/3 Environments.
• Scheduled and Monitored Back Ground jobs Using SM37 Transaction.
• Created Various Test Cases and Test plans as a part of Normal Change request and Upgrade Issues.
• Coordinated with Super users and Users on Testing Unit test cases.
• Interacted and Coordinated with Other SAP Security Team members in a Global Team Environment, in Resolving and sharing the workload.
• Closely Interacted with Sauer-Danfoss Global Basis Team to track the Change management, and ensure all the systems are in Sync.
• Finalized the Approvers list for the changes that make into production.
• Responsible for day to day Development, technical support, resolution of security issues and troubleshooting security problems across multiple Time Zones.

Environment: R/3 4.7, ECC 6.0, Net Weaver 4.0, APO 3.1 (DP, SNP), VIRSA 4.0 GRC 5.2, Oracle 9.2& 10g.

Modules: FI, CO, MM, SD, PP, PS, BW 3.5, 7.0, HR, EP 7.0

SAP Security Consultant

Responsibilities:

• Worked with Business Systems and Functional Groups in Gathering Requirements.
• Responsible for setting up Naming Standards and Procedures for Roles and Profiles.
• Designed and Developed Security Roles for FI, CO, MM, SD, PS, Functional Modules For Borg Warner Corporate Systems.
• Implemented Master, Derived and Composite Roles.
• Unit Tested and promoted Security roles From Dev to QA.
• Successfully fixed all Authorization Issues during Integration Testing in QA.
• Created Transport request to release the Roles to QA and Prod.
• Worked with Business Users in resolving conflicts w.r.t. SOD.
• Identified the Fields Values for Creating User master Record.
• Developed eCATT Scripts and successfully loaded High Volume of users Into Various environments.
• Worked with Users in Training and Trouble shooting at Application level and Security level.

Environment: ECC 5.0, Windows XP, Linux, Oracle 9.2

Modules: FI, CO, MM, SD, PS, BW

SAP Security Administrator

Responsibilities:

• Assisted Grainger Corp in the Security redesign, created new Roles for all their SAP modules by gathering requirements from all the functional teams.
• Working on the Upgrade from 4.6b to ECC 5.0.
• Prepared and maintained adequate documentation.
• Real-time assessment, simulation, and remediation for ERP user authorization and for preventative as well as detective segregation of duties (SoD) analysis (VIRSA).
• Supported System Integration Test and User Acceptance Test and troubleshot Authorizations using ST01, SU53 and SUIM.
• Extensively used CATT scripts to load users and also to reset password for the users.
• Created authorization objects that are used for local implementation. Defined and documented restrictions within an authorization object.
• Defined the gap between existing central templates and the required transactions.
• Analyzed segregation of access controls. Rolled out central templates to the local sites.
• Worked with the external auditors on SOD related issues.
• Created local single-role profiles based on templates. Maintain local single-role profiles.
• Reconcile local single-role profiles with central templates to ensure identical profiles.
• Designed Security architecture and created user role matrix.
• Worked on Structural Authorizations (including evaluation paths) to limit access of personnel data to the reporting nodes within the organization structure.
• Maintaining standard naming conventions for security profiles and objects.

Environment: 4.6b, ECC 5.0 MS SQL Server 2000, Windows NT 2000 Advanced Server

Modules: FI, CO, MM, SD, HR

SAP Security Administrator

Responsibilities:

• Designed Security for FI, HR, BW and SD modules
• Developing SOD (segregation of duties) matrix with cooperation of functional people.
• Creating and updating SOD conditions using Virsa Tool.
• Identifying Security’s Key Role in Maintaining Sarbanes-Oxley Compliance
• Working with process team members to determine roles and responsibilities for multiple functional areas, using profile generator.
• Building the Master Roles and Simple Roles using the transaction codes and implementing these Roles for the client organizational levels.
• After Proper AUDIT Transported Security Roles in to the QA Environment
• Created users and configured profiles, which went through complete phase from designing the roles, supporting unit and integration testing, going live and post go live support.
• Monitor and manage security access and violations.
• Locking and unlocking users and maintaining their profiles.
• Used Audit Information System to perform the audit. Ran reports for critical transactions and objects.
• Ran reports to check the change log passwords for users SAP* and DDIC. Checked the values for security parameters. Ran reports to see which users had never logged on since their creation date. Ran reports for segregation of duties conflict between roles and users. Created documentation for process and controls.
• Extensively worked on and configured Central User Administration (CUA) for single point of access control.
• Designed both Info Object level security and Info Cube level security for various functional groups to access reports and data in BW. Discussed with module owners to create new Roles and fix authorization issues
• In BW security created roles based on the Info Cube and Info Area level
• Utilizing system trace (ST01), authority check (SU53), debug mode to analyze and fix problems related to Security.
• Modified the SAP standard startup screen for better messaging to the users.
• Provided support to the R/3 front end users regarding front end strategies, desktop applications, email connectivity and security related issues.
• Provided On Call support on a rotational basis.

Environment: Windows2000, AIX 4.3.3, Oracle 8.0.6, SQL Server, 8.1.7, SAP 4.6C, 4.7, BW 3.5

SAP Security Administrator

Responsibilities:

• As a Security Consultant study the current security system, include the new requirements re-designing, defining and implementing task groups.
• Set up Profile Generator, activity groups/authorizations/profiles.
• Identifying Security’s Key Role in Maintaining Sarbanes-Oxley Compliance
• Created roles, derived roles for the MM, HR, SD, FI, CO modules.
• User Creations for all Modules and support users in all Systems.
• Redesign of SAP Security roles, identifying SOD’s and creating all new SAP Security Roles.
• Created Activity Groups and reviewed the existing Activity-Groups for better security controls.
• Taken necessary steps to secure the User Master Data.
• Created roles based on the Info Cube and Info Area level for BW security
• Configured the workplace and created roles in workplace and R/3 to support Employee Self Service implementation.
• Lock user ids upon the direction of management or in certain other established situations. When a user departs, user management must notify the security team. The user id should be locked
• Maintaining the Security Audit logs and setting the Audit log Parameters.
• Monitor and manage security access and violations.
• Assisted the basis team in Going Live checks during the implementation of the BW systems.
• Used Audit Information System to perform the audit. Ran reports for critical transactions and objects.
• Ran reports to check the change log passwords for users SAP* and DDIC. Checked the values for security parameters. Ran reports to see which users had never logged on since their creation date. Ran reports for segregation of duties conflict between roles and users. Created documentation for process and controls.
• Written CATT scripts for creating, deleting mass user id s, creating and generating the roles.

Environment: Windows, HP-UNIX, Oracle 8.1.7, SAP 4.6C, BW 3.5