SUMMARY:

• SAP Certified Security professional with expertise in SAP Security administration. Over 10+ years of global support experience in SAP Security & GRC Security administration. Seek technology savvy organization where SAP Security and GRC Specialization are held at a premium and where these skills and experience will create a powerful and engaging value proposition.
• Involved in 4 successful implementations and 3 migrations projects.
• Designed and developed Global Security Strategy and Procedural documents to fit the needs of businesses in multiple Global implementations.
• Involved in the complete life cycle implementation of the project phases like Blueprint, Realization, Final Prep, Cutover Go - Live, Production Support and Post Go live / hyper care support activities.
• Mapping of user security as per the role Matrix to avoid conflicts.
• Built comprehensive project plans and estimate of resource / work hours for Security activities.
• Prepare the SOP ( Systematic Operations Procedure ) and periodic access reviews
• Preparing the Global Templates for all the new role designs.
• Experience in Managing of 15 members team at Offshore (India) team management
• Versatile expertise in Project Preparation, Business Blueprint, Implementation, Final Preparation and Go-live & Support
• Very good experience in Implementation and Upgrades in ECC environment.
• SAP R/3 structure Implementation in the Sales and Distribution (SD), Order to Cash (OTC), Procure to Pay (PTP), APO / Master Data Management (MDM), Finance ( FI), FICO - Accounts Payable (AP), Accounts Receivable (AR), Funds Management, Plant Maintenance(PM), Production Planning(PP), Inventory Management (IM), Materials Management ( MM), Fixed Assets and Service Management.
• Role creation (Composite / Single / Derived / Position) using Profile Generator in Global Environment
• Clean up of existing SOD’s and maintaining as a clean positions.
• Experience in Design, develop and implement security matrix, roles & Authorization
• Configure and maintained Central User Administration (CUA) to handle and distribute users & profiles.
• Clean up of Segregation of Duties (SOD) conflicts resolution using SAP GRC and Security Weaver
• Implementation of Single Sign On ( SSO )
• Run License Management activity Quarterly & Yearly.
• Monitoring Security Audit Logs using SM20
• Creating and executing dynamic eCATT /Secatt and LSMW scripts for mass maintenance of user, roles.
• SAP Security Upgrades of application systems using SU25 steps and transporting
• Designed, Implemented and configured GRC10.1 landscape for DEV, QA, PRD environment for access control components ARA, BRM, ARM and EAM.
• Created RFC connections / customized connectors / connector groups for GRC Access Control, Risk Terminator, Process Control and Enterprise Risk Management (ERM)
• Configure application client, Activated Business configuration Set (BC Sets), SICF services
• Downloaded / uploaded Standard rule set and created /update / synchronized customized rule set.
• Create new functions/ rule set and access risks and mitigation controls
• Customize and configured MSMP WF and BRF+ rules for access request and approvals.
• Setup automated test and monitoring controls for continuous monitoring
• Schedule background jobs for authorization sync and repository sync.
• Configuration of Risk Analysis and Remediation, Enterprise Role Management and Super User Privilege Management
• Activation of Default rules in the RAR with specific Business Processes, Functions, Risks, and Rules etc.
• Create Mitigation Controls and mitigated users wherever necessary with the help of Business Owners
• Configure Alerts to send any email notifications
• Configuration of FF ID Owners, Controllers and notification process in firefighter access controls
• NetWeaver configuration and User access restrictions.
• Upgraded BW 4.1 to BI 7.1 using Manual Migration
• Creation of Analysis Authorizations (AA) using RSECADMIN, securing queries down to Info Object level (Company code, Plant, Sales Org etc.)
• Restricting user access based on their reporting hierarchy
• Assigning Analysis Authorizations to user through role using the object S RS AUTH.
• Creating roles with the restriction to queries, workbooks, info cubes etc.
• Troubleshoot authorizations related problems using RSECADMIN, RSRT, SU53 and ST01
• Create Profiles in Central Management Console (CMC) to restrict users to view only approved data.
• Built security on GROUPS and FOLDERS level
• Creation of Business Objects Security groups and rules for 400+ user base
• Create custom Access Level accesses, Categories and Folder Structure for reports in CMC
• Worked with Security Queries for troubleshooting BOBJ related access issues
• Design security methodology on indirect role /Structural profile assignment at Job /Position based and Context Sensitive structural authorization
• Assign structural authorizations’ using OOSB / PO13 to the users.
• Design ECC- HCM roles for OM, PA, Compensation, Benefits, ESS and MSS for Global Access
• Creation of backend roles for HR Employer self-service ESS and Manager self-service MSS
• PD Profiles creation as per business requirements and assigning to users
• Implemented position based security so that whenever users move within the org structure they inherit the roles automatically
• Worked with the ABAP team to create the custom function module for structural authorization
• Gathered the security requirements for structural profiles and PFCG roles as per the business roles
• Successfully migrated BPC 7.5( MS Version ) to (10.0 NW Version)
• Created BPC security specs based on the strategy recommended by configuration team
• Created Users from the network domain and assigned them to Teams.
• Created various Task Profiles and restricted them by different interface tasks based on requirement
• Created Member / Data Access Profiles and restricted the Read / Write access to various applications
• Created and imported the transports and reset the application status.
• Restricting access to Analytical / System / Objective/Package Privileges HANA Studio & S/4 HANA.
• Provided access to Business Objects Dashboards in HANA to view the necessary reports
• Provided Application privileges to the HANA XS & S4 HANA applications
• Creating Analytical Privileges with restriction to column level
• Creating customized roles in HANA DB for Developers, Modelers, Technical Admins, End Users, and Power Users
• Design transportation of Security Objects/Roles within HANA Landscape
• Creation of runtime and Design time roles
• Transportation through CTS+
• Running Monthly & Yearly user licensing activity using USMM in all the SAP Systems.
• Supporting Internal / External (EY Audit) all the evidences on approval process and document them.
• Running Periodic reviews of User access / Sensitive tcodes / SOD reports and sending to Audit Management.
• Clean up of obsolete roles and conflicts as per the Audit Guidelines.
• Worked interactively with Internal Auditors & External Auditing teams and implementing audit recommendations for Sarbanes Oxley (SOX) Compliance
• Access provisioning to Fiori Launch Pad
• Designing the backend FIORI roles ( Admin / Catalog / End User / Developer ) for User access
• Updating the services when new enhancements done.
• Providing the access to Catalogue.

PROFESSIONAL EXPERIENCE:

Confidential, Long Beach, CA

Sr.SAP Security Consultant

Responsibilities:

• Designed, developed and implemented SAP Security in LATAM countries.
• Supported Post Go-Live & production issues on ECC, BI & Portal, PO, GTS, SCM / APO modules
• Maintaining user master records though Central User Administration (CUA).
• Created over 3000 single/derived roles and 40 composite roles for implementation in LATAM.
• Designed and developed BOBJ security by restricting users to various groups and folders.
• BOBJ user administration. Creating new roles for based on plant / Company Codes. Creating reporting / Data roles.
• BPC Migration done from Microsoft version 7.3 to NetWeaver 10.0 and production support.
• Creation/Maintenance of Task Profile & Member Access (DAP) / Teams in BPC.
• Migrated BI System from 4.1 to 7.1.and continuing the post upgrade support.
• Extensively worked on creating analysis authorizations and troubleshooting user issues using RSECADMIN.
• Sabrix Tax Calculation System support and User Admin & Security access.
• Enterprise Portal Security and PI / PO User access and role creation & maintenance.
• Resolving the Production issues / Incidents using BMC Foot Prints tool.
• Post-installation of Configuration of GRC AC 10.0 Components.
• Configuration of Connectors, Connector Groups and Integration Scenario Frameworks.
• Activating BC Sets and Applications in Client.
• Configuration of Workflow using MSMP.
• Scheduling of Synchronization jobs for ARA and EAM.
• Configuring security reports to perform User & Role analysis to identify existing SoD violations Risk.
• Analysis on the Firefighter ID’s requirement and designed the Fire fighters accordingly in GRC
• Maintained Owners and Controllers in Central Owner Maintenance in GRC.
• Assigning Owners, Controllers to Firefighter IDs in GRC.
• Worked with business to define various risks and mitigating controls for the violations.
• License Management: Monthly / yearly running and updating the user license using USMM.
• Working on SOX, Audit issues and Segregation of Duties (SoD) issues.
• Managed offshore Hosting team of 10 members to resolve day to day Production Support Security issues using Capgemini’ s in-house ticketing system.
• CUA Administration (Connecting, disconnecting, creating RFC’s for all child system).
• FIORI role creation and providing the access to apps and Catalogs for Pilot Project.
• Enable / Troubleshoot OData Services and SAP Gateway
• Troubleshoot Fiori tiles
• Configured SAP Fiori Launchpad
• Configured HANA Studio Security Management.
• Experience on restricting user access based on Analytical / System / Objective / Package Privileges.
• System Privileges for administrative and development task (CATALOG READ, AUDIT ADMIN, etc.)
• Object Privileges for database objects (SELECT, INSERT, DELETE, etc.)
• Analytic Privileges for S4 HANA Information View
• Package Privileges on repository packages (REPO.READ, REPO.EDIT NATIVE OBJECTS, etc.)
• Application Privileges for S4 HANA XS applications.
• Worked on SAP HANA data modeling using Attribute, Analytic & Calculation Views and Analytical Privileges.
• Activating and validating the Audit trails.
• Responsible for building RUN time and Design time Security roles and transporting Design time roles.

Environment: GRC, ECC 7.0, BI 7.2, BOBJ 4.0, BPC 10.0, Security Weaver, PI 7.3 / PO 7.5, SCM, Sabrix, Hybris, Solution Manager, 7.2, Enterprise Portals. HANA, FIORI

Confidential, Plymouth, Michigan

Sr. SAP Security Consultant

Responsibilities:

• Managed the offshore team and ensured project deliverables are achieved on time.
• Creating new users and maintaining users on day to-day basis (Single roles, Composite roles (jobs) and Derived roles.
• GRC 10.0 Implementation done successfully by defining and Create Connectors and maintaining Connector settings, Maintained Owners and Controllers in Central Owner Maintenance in GRC.
• Ensure that ongoing, formal testing of user roles and system changes are completed according to guidelines using GRC 10.0.
• Analysis on the Firefighter ID’s requirement and designed the Fire fighters accordingly in GRC
• Create, maintain, and manage Rule Sets, Functions and Risks used to generate Rules in GRC.
• Created the mitigation controls to minimize the SOD violations in GRC.
• Produced SOD Analytical Reports (both Summary and Detail) against Users using ARA.
• Performed the mapping of mitigation controls to the risks of respective users in Access Risk Analysis.
• Configuration of Emergency Access Management.
• Scheduling of Synchronization jobs for ARA and EAM.
• Risk ID creation and assignment to appropriate approvers and monitor for the risk.
• CUA resides on Solution Manager and the child systems are ECC, BI, SCM, GTS, PI / PO integration to Central system is in process.
• Analysis authorization concept has been used in Business Intelligence ( BI ) order to control the reports based on company code
• Enterprise Portals (EP) user and role /group administration is being handled.
• Regular production support of SRM, CRM and BI has been handled.
• Worked on CRM 7.0 PFCG and Business role.
• Role design for Business and connecting PFCG roles for webgui.
• Implemented Hybris and CRM Mobility client.
• Done enhancement in UI components or changes in the navigation profile or in the business role
• Maintaining authorization proposals for traces written by modified UI components

Environment: SAP R/3 ECC 6.0, SRM, CRM, BPC 7.5, BI/BW, HR, Solution Manager, Portal, SAP GRC10.0 (AC).

Confidential, Columbus, OH

Sr. SAP Security Consultant

Responsibilities:

• Migration from the BW (4.0) to BI 7.1 version.
• Gathering the Information from Business Owners as per their new requirement.
• Complete redesigning the roles and Creating Analysis authorizations.
• Creating Reporting roles & work bench roles.
• Testing of each role using HP Quality center tool.
• Resolving the post upgrade issue using ST01 & RSECADMIN Logs.

Environment: SAP ECC, BW / BI, SCM 4.0, Virsa Firefighter, Oracle 10.1, Active Directory.

Confidential, San Clemente

Sr. SAP Security Consultant

Responsibilities:

• Upgraded ECC system from 4.7 to ECC 6 and continuing the post upgrade support
• Gathered Information and Customized CUP Workflows leveraging clients existing process.
• Suggested alternatives for SOD remediation during and after the Go Live for naming conventions, role swaps for users with conflicts and configuration changes to keep track of project progress.
• Defined critical transactions to be used for SPM.
• Configuring SPM on user based firefighter ID's, to capture the logs from firefighter ID's usage.
• To provide production support, to end users functional and technical users.
• Configured system audit reporting/ audit log
• Handled Mitigation and Remediation process in RAR.
• Creating and maintaining template roles, derived roles, global roles and composite roles using Profile Generator (PFCG) in SAP R/3, BW and HR environments.
• Maintaining organizational values as and when required while creating / modifying roles.
• Understanding and implementing the Change Control process to for any enhancements or operational changes required.
• Supporting BPC 10.0 and creating new teams / Tasks / Data Access profiles.
• Design security methodology on indirect role /Structural profile assignment at Job /Position based and Context Sensitive structural authorization
• Assign structural authorizations’ using OOSB / PO13 to the users.
• Design ECC- HCM roles for OM, PA, Compensation, Benefits, ESS and MSS for Global Access
• Creation of backend roles for HR Employer self-service ESS and Manager self-service MSS
• PD Profiles creation as per business requirements and assigning to users
• Implemented position based security so that whenever users move within the org structure they inherit the roles automatically
• Worked with the ABAP team to create the custom function module for structural authorization
• Gathered the security requirements for structural profiles and PFCG roles as per the business roles

Environment: ECC 6.0, BI, GRC 5.3, SCM, HR, Portal, BPC10.0

Confidential, Tampa, FL

Sr. SAP Security Consultant

Responsibilities:

• Re-designed all SAP roles and implemented a common security policy for all SAP landscapes
• Re-designed table security, program security & custom tcodes security.
• Prepared a cleanup plan and strategy including UAT, change communication & training.
• Configured & trained Firefighter usage to the SOD cleanup impacted users.
• Developed Security SOP & Guidelines document to act as a single source & point of information for SAP Security SLAs, escalation procedures, DR etc.
• Support in Implementation, Performance, Integration Testing, Load Testing & End User Training.
• Configuration, integration & support of all control panel Components: Risk Analyzer, Usage Analyzer, Transport Manager, Role Manager, User Manager, Fire Call (EA), and Auto Auditor.
• Designed Security architecture for various teams including FI, CO, SD, HR, BI,& BPC.

Environment: ECC 5.0, B I7.0, Virsa (FF ID), SOX, Portal, AD

Confidential

SAP Security Administrator

Responsibilities:

• Implemented SAP for Asia Pacific region on designing the new roles for ECC, APO & BW systems by taking the inputs form the BPO’s and Business Managers.
• Create, maintain and delete user profiles in SCM 5.1 / BI (7.0) / ECC / XI systems.
• Risk Analysis and Remediation Calibrator (CC) using VIRSA calibrator and Super-User Privilege Management (FF).
• Good experience in creation and maintenance of Fire Fighter (VIRSA) user IDs for Critical Authorizations for Project and End Users.
• User Defined Background Job management, Standard Jobs management thorough RSPC & SM37.
• Monitoring of all RSPC jobs & Scheduling and Monitoring of Control-M Jobs.
• Co-ordinate with Functional consultants to resolve functional / configuration issues with SAP support through OSS Message.
• OSS Id Creation & Maintain the Service connection in Market place.
• RFC Integration between R/3 and APO systems.
• Technical support to EGATE, PI & Control-M third party tools.
• Maintaining & running the background jobs using Control-M.
• Responsible for looking after lock entries, dump analysis, batch input monitoring, System Logs and process overview

Environment: SAP ECC, BW, HR, Virsa Firefighter, SCM, Portals, Control-M

Confidential

SAP Security Administrator

Responsibilities:

• Roles creation, deletion and modification based on requests.
• Single and mass roles transportation.
• Adding the standard and customized t-codes into the roles.
• Authorization groups creation and maintain authorization groups in the roles.
• Creating the new authorization objects and maintain as per request.
• Assign authorization objects to transactions.
• Adding the roles for existing users based on request.
• Passwords reset and lock/unlock the users.
• Increasing the validity period for users.
• Resolving the authorization issues using authorization check.
• Used system trace to trouble shoot authorization problems.

Environment: SAP R/3 ECC 5.0, SRM, CRM, BW, HR, Solution Manager, Portal, Virsa, IBM Mainframes, Linux, AD / LDAP