SUMMARY:

• SAP Certified Technology Professional with over 10+ years of experience in SAP Security and GRC administration.
• Successfully delivered 12 projects, which includes 4 Full Life cycle implementations starting from design phase to post implementation and 6 Upgrade and Rollout projects in ECC / BW / BO (BOBJ) /SCM / BPC/ Pi - PO/ HANA modules.
• 24X7 Production Support in R/3 (SD/MM/FI/PP/PM), BW/ BI, BOBJ, HR, Portal, GRC5.3/10 tools (ARA, EAM & ARM).
• Extensively used CATT Scripts during security implementations.
• Maintained and configured Central User Administration (CUA), monitored user activities, troubleshoot user level problems to properly access the servers and managed security throughout the SAP landscapes.
• Strong Experience in understanding Segregation of Duties (SOD) and Audit Compliance Standards.
• Experience in Design, develop and implement security matrix, roles & Authorization.
• Experience in Creation of Master role, Composite roles, and derived roles for various modules such as ECC, BI/BW, BPC, PI/PO, APO, Finance, GRC, HR, GTS, Solution Manager, Portals, Fiori and BOBJ, SD (OTC), MM (PTP).
• Expertise in GRC 10.0 Access Control Implementation.
• Configured SPRO settings and activated the default rules in the RAR for specific Business Processes, Functions, Risks, and Rules in GRC based on business process requirements.
• Worked on Segregation of Duties (SOD) conflict resolution and helped process experts build the SOD matrix using Security Weaver / GRC tools.
• Clean up of existing SOD’s and maintaining single / Composite roles using GRC & Security Weaver tools.
• Experience in SAP GRC Access Control 10 (ARA, EAM, ARM)
• Designed and implemented MSMP workflows for business scenarios for User management, Emergency access management & Risk management
• Experience in create BRF+ expressions for different Process IDs.
• Created Mitigation Controls, Risk ID and assigned Risk Owners and Control Monitors
• Configured FF Owners, Controllers and notification process in Emergency Access Management to enforce firefighter access controls.
• Designed Analysis Authorizations using RSECADMIN in BI, based on securing queries down to Info Object level in BI/BW based on Organization structure.
• Build role on SAP BI/BW at Info Cube /Info Providers (Cubes, DSO, Infoset, and MultiProvider), Info Area, and Info Object level.
• Experience in Troubleshoot authorizations related problems using RSECADMIN and ST01.
• Experience in Task and Data access profiles creation and update at Appset level in in BPC 7.5 & BPC 10.0.
• Experience in BOBJ users access setup and migration of private profiles. (Importing roles, assigning the roles to the user group and SSO).
• Experience in restricting access on BOBJ folder based on user, and user group created.
• Designed security methodology on indirect role / Structural profile assignment on Job /Position based and Context Sensitive structural authorization in HR / HCM using OOSB / PO13 to the users in HCM.
• Experience on HANA Studio Security Management.
• Experience on restricting user access based on Analytical / System / Objective / Package Privileges on schema level.
• Responsible for building RUN time and Design Time Security roles.
• Good Knowledge in SAP HANA data modeling using Attribute, Analytic & Calculation Views and Analytical Privileges.
• Configured and maintained Central User Administration (CUA) to handle and distribute users & profiles.
• Designed and prepared the SOP’s and periodic review and Updates when there is a change in process.
• Running Monthly & Yearly user licensing activity using USMM and SLAW in all the SAP Systems.
• Supporting Internal / External Auditors in providing all the evidences on approval process and documentation related to the procedures followed.
• Responsible for building RUN time and Design Time Security roles and transporting Design time roles.
• Running and publishing various SOX reports like, UAR, Critical Actions, SOD, Critical Permissions, Firefighter Log Review, 90/360 days Inactive users, SAP Security Parameters and configurable settings, Security Patch Review, Table Log Review, DDIC Activity, SAP ALL, SAP NEW Access.
• Clean up of obsolete roles and conflicts as per the Audit Guidelines.
• Worked interactively with Internal Auditors & External Auditing teams and implementing audit recommendations for Sarbanes Oxley (SOX) and JSOX Compliance.

PROFESSIONAL EXPERIENCE:

Confidential, Long Beach, CA

Onsite Service Deliver Lead

Responsibilities:

• Involved in LATAM Countries SAP Implementation projects fright from Blueprint, Gathering the requirements, Development, Testing and Go-Live.
• Prepared the role matrix based on the requirement created the Position and Derived and single roles.
• Created over 3000 single/derived roles and 40 composite roles for implementation in LATAM.
• Maintaining user master records though Central User Administration (CUA).
• User Administration and Role Administration (ECC, BI, SCM, GTS, and PO).
• Creation/Maintenance of Task Profile & Member Access / Teams in BPC.
• Implemented user security for various modules/systems SAP ECC, GRC, BW/BI, BOBJ, MM (PTP), PP, OTC (SD), GTS, SCM, BPC, PI/PO, FIORI, SABRIX, Ecomex, Mastersaf.
• Configuration of GRC Access Control 10.1 Components.
• Configuration of Connectors, Connector Groups and Integration Scenario Frameworks.
• Activating BC Sets and Applications in Client
• Configuration of Workflow using MSMP.
• Scheduling of Synchronization jobs for ARA and EAM.
• Configuring security reports to perform User & Role analysis to identify existing SoD Violations Risk.
• Analysis on the Firefighter ID’s requirement and designed the Fire fighters accordingly in GRC
• Maintained Owners and Controllers in Central Owner Maintenance in GRC.
• Assigning Owners, Controllers to Firefighter IDs in GRC.
• Worked with business to define various risks and mitigating controls for the violations
• Extensively worked on creating analysis authorizations and troubleshooting user issues using RSECADMIN.
• Worked on BOBJ user administration (User group creation, importing SAP BW roles to BOBJ, assign the security to BOBJ user groups, folder access setup, Universe access, Connection security, Application security).
• Created the customer access levels in BOBJ.
• Worked on BOBJ 3.X and 4.X upgrade projects and migrated authorization to new version.
• Worked on SAP Business Objects Analysis for Office rollout project.
• Worked on SAP BPC upgrade project from Microsoft version 7.5 to NetWeaver 10.0.
• Worked on SAP ECC upgrade project from 5.0 to 6.0.
• Enterprise Portal Security and PI / PO User access and role creation & maintenance.
• Attending & resolving the Production issues / Incidents using BMC Foot Prints tool.
• Monthly / yearly running and updating the user license using USMM.
• Working on SOX, Audit issues and Segregation of Duties (SoD) issues.
• Configured HANA Studio Security Management.
• Experience on restricting user access based on Analytical / System / Objective / Package Privileges.
• System Privileges for administrative and development task (CATALOG READ, AUDIT ADMIN, etc.)
• Object Privileges for database objects (SELECT, INSERT, DELETE, etc.)
• Analytic Privileges for S4 HANA Information View
• Package Privileges on repository packages (REPO.READ, REPO.EDIT NATIVE OBJECTS, etc.)
• Application Privileges for S4 HANA XS applications.
• Worked on SAP HANA data modeling using Attribute, Analytic & Calculation Views and Analytical Privileges.
• Activating and validating the Audit trails.
• Responsible for building RUN time and Design Time Security roles and transporting Design time roles.

Environment: ECC 7.0, BI 7.2, BOBJ 4.X, BPC 10.0, GRC, HANA, PI 7.3 / PO 7.5, SCM, Sabrix, Hybris

Confidential, Irvine, California

SAP Security & BPC Security Consultant

Responsibilities:

• Worked on Security Implementation for different Geographical locations.
• Maintaining Roles as per Business requirements with Object Level Security.
• Successfully implementation of BPC 10.0.
• Created new teams and Task and Data Access profiles.
• Restricted cost center access Read and Write wherever required.
• Successfully transported all the security changes to QA and Production.
• Preparing the audit reports at teams, Tasks and User level every month.
• Worked on Security Implementation for different Geographical locations.
• Maintaining Roles as per Business requirements with Object Level Security.
• Worked with ABAP team to create custom Authorization Object and in corporate in Program
• Coordinating with Testing Team for End-to-End Testing.
• Worked on HP and Remedy Tools to update Testing Documents.
• Worked on Carve-outs Analysis, Identification of Users, Creation and updating of roles, Roll out and Support.
• Worked extensively on ECATT & LSMW scripts for User creation & role assignments.
• Worked on GRC to run Segregation of Duties and Risks involved.
• Creating new Firefighter Users, Owners and Approvers in GRC.
• Setting up new Approvers/Owners in Access Control Owner.
• Created Owners, Controllers and Approvers to approve the GRC requests in NWBC.
• Created Mitigation controls ID's to assign risks.
• Performing risk analysis and simulation on user and role level whenever required
• Performs Investigations on Security related issues and resolves the same.
• Extensively worked for Go-Live, Hyper care and Sustaining.

Environment: ECC 7.0, BI 7.2, BPC 10.0, GRC, Remedy

Confidential

Senior SAP Security & GRC Consultant - Offshore Lead

Responsibilities:

• Managed the offshore team and ensured project deliverables are achieved on time.
• Create new users and maintaining on day to-day basis.
• Creating and maintaining of single, Composite / Position and Derived roles and transport them.
• GRC 10.0 Implemented successfully by defining and Create Connectors and maintaining Connector settings.
• Maintained Owners and Controllers in Central Owner Maintenance in GRC.
• Run SoD reports for users based on GRC ARM requests.
• Risk ID creation and assignment to appropriate approvers and monitor for the risk
• Design & manage MSMP work flows
• Create, maintain, and manage Rule Sets, Functions and Risks used to generate Rules in GRC.
• Created the mitigation controls to minimize the SOD violations in GRC.
• Maintaining FF ID owners, provision of FF access, Assigned owners/controllers to firefighter ids.
• Scheduling of Synchronization jobs for ARA and EAM.
• Produced SOD Analytical Reports (both Summary and Detail) against Users using ARA.
• Performed the mapping of mitigation controls to the risks of respective users in Access Risk Analysis.
• Configuration of Emergency Access Management.
• Risk ID creation and assignment to appropriate approvers and monitor for the risk.
• CUA resides on Solution Manager and the child systems are ECC, BI, SCM, GTS, PI / PO integration to Central system is in process.
• Analysis authorization concept has been used in Business Intelligence (BI) in order to control the reports based on company code.
• Debugging missing authorizations using trace in BW.

Environment: SAP R/3 ECC 6.0, SRM, CRM, BPC 7.5, BI/BW, HR, Solution Manager, Portal, SAP GRC10.0 (AC).

Confidential

Senior SAP Security Consultant

Responsibilities:

• Migration from the BW (4.0) to BI 7.1 version.
• Gathering the Information from Business Owners as per their new requirement.
• Complete redesigning the roles and Creating Analysis authorizations.
• Used transaction RSECADMIN for creating custom authorization objects and S RS AUTH for assigning authorization objects for BI query end user roles
• Creating Reporting roles & work bench roles.
• Unit testing of each role using HPQC Testing tool.
• Resolving the post upgrade issue using ST01 & RSECADMIN Logs.

Environment: SAP ECC, BW / BI, Oracle 10.1

Confidential

Senior Security Consultant

Responsibilities:

• Upgraded ECC system from 4.7 to ECC 6 and continuing the post upgrade support
• Gathered Information and Customized CUP Workflows leveraging clients existing process.
• Defined critical transactions to be used for SPM.
• Configuring SPM on user based firefighter ID's, to capture the logs from firefighter ID's usage.
• To provide production support, to end users functional and technical users.
• Configured system audit reporting/ audit log
• Handled Mitigation and Remediation process in RAR.
• Creating and maintaining template roles, derived roles, global roles and composite roles using Profile Generator (PFCG) in SAP R/3, BW and HR environments.
• Maintaining organizational values as and when required while creating / modifying roles.
• Understanding and implementing the Change Control process to for any enhancements or operational changes required.
• Supporting BPC 7.5 and creating new teams / Tasks / Data Access profiles.
• Worked with business leads in order to develop requirement role matrices
• Worked with process experts and BPO’s for SOD conflicts and assigned appropriate roles to the users
• Traced the transactions for required authorizations and adjusted the SU24 for those t-codes
• Analyzed the impact of SU24 changes to proactively avoid issues

Environment: ECC 6.0, BI, GRC 5.3, SCM, HR, Portal, BPC 7.5

Confidential

Senior Consultant

Responsibilities:

• Re-designed all SAP roles and implemented a common security policy for all SAP landscapes
• Re-designed table security, program security & custom tcodes security.
• Prepared a clean-up plan and strategy including UAT, change communication & training.
• Configured & trained Firefighter usage to the SOD clean-up impacted users.
• Developed Security SOP & Guidelines document to act as a single source & point of information for SAP Security SLAs, escalation procedures, DR etc.
• Support in Implementation, Performance, Integration Testing, Load Testing & End User Training.
• Configuration, integration & support of all control panel Components: Risk analyses, Usage Analyses, Transport Manager, Role Manager, User Manager, Fire Call (EA), and Auto Auditor.
• Designed Security architecture for various teams including FI, CO, SD, HR, BI, & BPC.

Environment: ECC 5.0, B I7.0, Virsa (FF ID), SOX, Portal, AD

Confidential

Senior Consultant

Responsibilities:

• Implemented SAP for Asia Pacific region on designing the new roles for ECC, APO & BW systems by taking the inputs forms the BPO’s and Business Managers.
• Create, maintain and delete user profiles in SCM 5.1 / BI (7.0) / ECC / XI systems.
• RAR & CC using VIRSA calibrator and Super-User Privilege Management
• Good experience in creation and maintenance of Fire Fighter (VIRSA) user IDs for Critical Authorizations for Project and End Users.
• User Defined Background Job management, Standard Jobs management thorough RSPC & SM37.
• Monitoring of all RSPC jobs & Scheduling and Monitoring of Control-M Jobs.
• Work with Functional team & resolve functional / configuration issues with SAP support through OSS Message.
• OSS Id Creation & Maintain the Service connection in Market place.
• RFC Integration between R/3 and APO systems.
• Support to Confidential, PI & Control-M third party tools and Maintaining background jobs using Control-M.
• Monitoring of lock entries, dump analysis, batch input monitoring, System Logs and process overview

Environment: SAP ECC, BW, HR, Virsa Firefighter, SCM, Portals, Control-M.

Confidential

Senior Consultant

Responsibilities:

• Roles creation, deletion and modification based on requests.
• Single and mass roles transportation.
• Adding the standard and customized t-codes into the roles.
• Authorization groups creation and maintain authorization groups in the roles.
• Creating the new authorization objects and maintain as per request.
• Assign authorization objects to transactions.
• Adding the roles for existing users based on request.
• Passwords reset and lock/unlock the users.
• Increasing the validity period for users.
• Proposed customer HR position-based security
• Restriction for Employees to access others Travel and Entertainment report through HR authorization objects like P PERNR, PLOG, and P ORGIN.
• Resolving the authorization issues using authorization check.
• Used system trace to trouble shoot authorization problems.

Environment: SAP R/3 ECC 5.0, SRM, CRM, BW, HR, Solution Manager, Portal, Virsa, IBM Mainframes, Linux, AD, LDAP, Lotus Notes, RSA Cards.