SUMMARY:

• Building on a strong background of over twenty years of SAP Security and GRC experience, I have been responsible for the design, development and implementation of a wide variety of SAP related projects.
• I have concentrated this experience in providing high quality SAP Security, GRC and Sarbanes - Oxley compliance for several Confidential 500 companies as an independent computer consultant.
• I have been involved with seven successful implementations of SAP Security.

PROFESSIONAL EXPERIENCE:

Confidential

SAP Security Consultant

Responsibilities:

• I worked with SAP Project Clean Team, which was re-designing all the roles for our ECC systems to a three role Job Based role scheme. I went through all the tickets and assigned them to the responsible team members as the Ticket Farmer.
• Handled the day-to-day Security requests for a large International Retail company with the Retail AFS module installed.
• Created User ID’s, Test ID’s, ran audit reports, created new roles and made role changes for a 4000 user ECC 6.0 system.
• I used the IDM provisioning tool for approximately one year before they switched to Access Management using CUP. The client also used CUA and just regular SU01 for provisioning while I was on the team.
• I used GRC 10.0 and 10.1 to run SOD checks on role and user changes and to also provision users.
• Supported and tested GRC 10.1 roll out of Fire Fighter for handling exceptional access requests.
• Supported and tested the GRC 10.1 roll out of Access Control User Provisioning.
• Worked with Auditors in keeping the SAP systems audit compliant..
• The systems supported included ECC, BW, CRM, SCM, HCM, Solution Manager, XI/PI, BOBJ, Portal, IDM, and GRC 10.0 and 10.1, Vistex, and AP Automation.
• The ECC and BI systems had two systems and landscapes, one for Retail and one for Wholesale that were different and had to be supported.
• Completed several projects and assisted in the setup and testing of IDM, GRC, Charm and Global HCM with ESS/MSS roll outs. Had to work with end users to rename their accounts so that SAP accounts would match Active Directory/Network accounts
• The company utilizes CA Help Desk and Microsoft and Google+ software products.
• Worked in the following functional areas of SAP - FI/CO, SCM, MM, PP, SD, PS, PM, WM, HR.
• Analyzed authorization errors using authority checks (SU53), system trace (ST01) and STAUTHTRACE transactions.
• Worked with Portal security, User administration and UME.
• Setup new Retail Store accounts in there retail store SAP system along with the assignment of new staff members worldwide.
• Worked with functional consultants to analyze and design new roles.

Confidential

SAP Security/GRC Consultant

Responsibilities:

• FDA Validated Pharmaceutical environment.
• Took training to be approved for viewing Clinical trial data.
• Successful Go-live of the first North American company with Clinical studies using SAP.
• Had to restrict numerous security objects to blind roles where necessary. Created enabler roles to give back access to unblinded users. Worked with single, derived and composite roles.
• Worked with the Business role owners, Clinical Trials Group and the COE in creating and implementing the Security architecture of the project.
• Created multi-stage CUP approval Path so that clinical roles got approved by Clinical role Approver first. Customer is using GRC 5.3.
• Used Access Enforcer for Risk Analysis and provisioning of the roles.
• Gave out Fire Fighter accounts to approved users.
• Used ISM Helpdesk software. Utilized HP Quality Center for testing and defect tracking.
• Worked in the following functional areas of SAP - FI, CO, SCM, GTS, MM, PP, SD, WH.

Confidential

SAP Security/GRC Consultant

Responsibilities:

• Performed an SOD Remediation for an ECC 6.0 system with 1500 Users and 27000 roles.
• Held SOD/GRC workshops with the customer to determine an SOD matrix to use.
• Performed the SOD Remediation without an SOD tool using SAP Supplied tools in SUIM.
• Found most of the violations occurred in their IT and Super User roles.
• Worked with Internal Auditor to run reports for users having certain access.
• Held meetings with CFO, CIO, an Internal Auditors to present the results of my findings and possible solutions.

Confidential

SAP Security Consultant

Responsibilities:

• Provided SAP Security support to an end-user community of around 7000 users on 4.6C landscape.
• Worked to resolve SAP Security related tickets entered in Remedy Help Desk System.
• Followed a very strict Department of Defense user provisioning protocol.
• Used Virsa Compliance Calibrator to make sure that all new users were SOD/GRC compliant.
• Setup new Firefighter accounts and made changes to existing ones.
• Made role changes following a very strict D.O.D. Change Request protocol.
• Used HP Quality Center to setup testing for any role changes made.
• Managed Department change reports and Inactivity Reports.
• Worked with MM, PP, PM, PS, QA, FI, CO modules.

Confidential

SAP Security Architect

Responsibilities:

• Supported the testing phase and Go-Live of a new implementation of Vistex.
• Designed and created new roles and made changes to existing roles identified by testing.
• Created new User ID’s and test ID’s via CUA .
• Taught two of their employee’s security concepts, so they could better identify what is needed in their roles.
• Used Solution Manager for documentation, Status reports, creating and handling of issues and for doing Transports. CUA is running in Solution Manager.
• The client is running ECC 6.0.
• Identified possible SOD problems with some of their roles. They have no SOD tool.
• Completed another successful Go-Live.

Confidential

SAP Security Architect

Responsibilities:

• Worked with the Functional Team to design and build new roles for the new plants that were going live. This included single, derived and composite roles.
• Used CATT scripts to create all the new users for the plant go-lives and to assign their roles.
• Took over their everyday user maintenance and role maintenance as they did not have a full time SAP Security employee.
• Client uses the Remedy Help Desk Software package.
• Got rid of old roles that had been created not using standard naming convention. This required building new master and derived roles and moving the users to the new roles.
• Researched GRC tools and helped with presentation.
• Took Auditors Security report and removed many SOD violations that the customer currently had in Production.
• Trained Basis Team members about GRC, being a private company they were currently not required to follow these procedures.
• Trained a new fulltime SAP Security person to take over the everyday security needs for the customer.
• The customer is currently on Version 4.7 Enterprise.
• Created and maintained roles in the following areas SD, FI/CO, WM, AM, SCM, MM, PM, PLM, PP, PS, QM, SCM, HCM.
• Made SU24 changes to promote better security practices.

Confidential

SAP Security Architect

Responsibilities:

• Built over 100 new and derived roles for new implementation of ECC 6.0.
• Worked in modules FI/CO, AP, AR, GL, PP, PM, PS, HR, AM, myAgri.
• Supported the IT team in Sandbox, Development, QA and Training.
• The customer has the myAgri Add-on installed.

Confidential

SAP Security Architect

Responsibilities:

• Re-designed all their IT and Production Support roles and made them GRC compliant.
• Supported the re-design and testing of all their functional roles.
• Supported the upgrade to ECC 6.0 through Sandbox, Development, QA and Production upgrades.
• Worked with FI/CO, AP, AR, BW, CRM, GL, MM, SCM, HCM, WM, Solution Manager.
• The customer has the Retail Add-on installed.
• Worked on Production Support for ECC 6.0, BI 7.0 using Analysis.
• Worked with Structural Authorizations within HCM and BI.
• Supported Analysis authorizations using RSECADMIN.
• Supported Enterprise Portal CRM, APO.
• Eliminated SOD conflicts using SAP’s GRC Tool Virsa.
• Used eCATT scripts to make mass changes to users.

Confidential

SAP Security Compliance and GRC Consultant

Responsibilities:

• Worked on the IRM Security Compliance Team (GRC). The team was responsible for identifying SOD violations, both intra-role and role-to-role. Utilized Price Waterhouse’s GRC tool SAFE. SAFE was purchased by Virsa and then by SAP and it is now called GRC. It is similar to Compliance Calibrator.
• Performed remediation for two years working with the role owners in removing transactions and table access from many roles, as well as, removing thousands of roles from individual users to put them into compliance. If violations still existed, mitigating controls were put into place by the user’s controller to justify the violations.
• Ran numerous reports and created many spreadsheets using the SAFE tool. All the major functional areas were covered in this process SD, FI/CO, GL, MM, AM, PP, PS, SEM. Because of my work with the first remediation, was chosen to also perform the remediation and SOX compliance for the HR system.
• While not working on GRC, I worked with the SAP Security Team. Made changes to roles and to user’s access based on USD tickets that came into their queue. Was selected to make changes to their X-roles which are utilized in all their systems like BW, APO, CRM, SCEM and HCM. These roles had to be kept in sync on over 100 different clients. Confidential has a huge SAP landscape consisting of over 100 different SAP systems and close to 100000 users. The client is running versions 4.7 and some 4.6 systems and one of their systems, SCEM, is on 5.0. They are also the largest user of CUA.
• Maintained the HR Security Inbox which consisted of assigning the roles and org units specified in the tickets. Created new org units and assigned different portal roles as needed. Structural Authorizations were being utilized in HCM and BI Worked on My-IP tickets which dealt with Employee and Manager Self Service.

Confidential

SAP Security/GRC Consultant

Responsibilities:

• Worked for a major Food Indstry company in Thomasville, GA. Documented their existing profiles and created a spreadsheet where each profiles transactional capability could be looked up. Built another spreadsheet that contained all the Segregation of Duty transactions contained within each user’s profiles. Added another column to the spreadsheet that showed all the possible Segregation of Duty violations that were contained in each user’s profiles.
• Reviewed Price Waterhouse/Coopers (PWC) audit results. Determined from previous work, and from PWC’s audit, that one profile was causing a large number of the violations. It contained all functional area access. Created and tested a display only profile that was given to many of these users. Gathered from these users the requirements needed to either build new profiles or added new transactions to their existing access to take care of their none display needs in production. This helped to get Confidential closer to achieving Sarbanes-Oxley compliance (GRC). Used the results from PWC’s ACE Tool to actually create a spreadsheet of the Segregation of Duties transactions that a user had actualy performed in the last six months.
• Reviewed several GRC tools that would help them go to a role based environment when they upgraded to 4.7 next year. Created a spreadsheet that contained the software packages capabilities along with Pros and Cons for each software package reviewed. Was able to get into a 4.7 Enterprise test system and see how their current profiles and activity groups looked as well as review the standard set of roles supplied in 4.7. Presented them with three different plans to move to a role based environment by their 4.7 upgrade, one manual and two using a different software package.

Confidential

SAP Security Consultant

Responsibilities:

• Built new activity groups using derived profiles and made the necessary organizational level and authorization adjustments. The activity groups were created for a new Procurement roll-out on a SAP 4.5B system.
• Created lots of user ID’s in QA and Production systems.
• Added new activity groups to users already in production.
• Researched OSS notes for security problems they were having.
• Transported newly created and modified profiles into production.
• Worked with the testers in QA to take care of any problems that arose from the new profiles.

Confidential

SAP Basis Consultant

Responsibilities:

• Worked for a major Department of Defense company that was upgrading from 3.1H to SAP Version 4.6C with IS-AD Industry Solution. The client was also experiencing very poor performance. Assisted in the upgrading of both Oracle and SAP on a test system that was successfully upgraded.
• Utilized the profile generator to modify the existing role based profiles to work with the new release after the upgrade.
• Fixed their performance problems that were database related.
• Performed the everyday duties such as security, transports, researched and applied OSS notes, applied LCP’s, performance monitoring and tuning.
• Trained their new employees on the duties they were expected to be able to perform.

Confidential

SAP Basis Consultant

Responsibilities:

• Worked on a project that was being outsourced to another consulting firm.
• Wrote over thirty documents describing the various responsibilities of the outsourcing firm including in-depth documents concerning security administration. The client was using security templates that had to be explained thoroughly so that the outsourcing security consultants could administer it properly.
• Performed the duties that were expected of the new outsourcing company. These duties included security, transports, performance monitoring, archiving, handling system problems and issues, training new employees of the outsourcing firm. The platform was 3.1H running Informix on Sun equipment.
• Worked remotely for seven months performing archiving during the nights and on weekends.

Confidential

SAP Basis Consultant

Responsibilities:

• Involved in the deployment of three implementations of SAP for a major Department of Defense company. One implementation was with SAP version 3.1I. The last two implementations utilized SAP version 3.1H with the IS-AD Solution. The system platform utilized was IBM RISC 6000 AIX machines running the Oracle database.
• Major focus was delivering the security requirements for the roles and responsibilities provided by the functional teams. Utilized the Profile Generator to create over 200 activity groups.
• Set up over 1000 users with the proper activity groups. Set up the profiles for the configuration and development teams. Wrote the security strategy documents and procedures manuals. SAP modules included HR, SD, FI/CO, MM, PM, PS, QA, WM. Assisted company auditors in developing audit procedures for SAP for enterprise rollout. Trained their employees how to use Profile Generator.
• Handled day-to-day security problems and modifications.
• Assisted in several installs of SAP 3.1H and 3.1I, upgraded 3.1H to the IS-AD solution. Performed CTS, client copies, system copies, applied LCP’s, backups, researched notes on OSS, applied numerous OSS repairs, added printers to SAP and the print queues needed in AIX, performed Oracle DBA duties using SAPDBA. Provided off-hour support until the clients SAP team was able to handle 24/7 coverage.
• Performed a complete implementation of HR security.
• Was utilized as the SAP Basic Team Lead. Worked together with clients team lead in applying LCP’s, OSS notes, installing new SAP kernels and making sure that SAP was Y2K compliant.
• Because of the small Basis team, was utilized in all areas of SAP Basis at one time or another.

Confidential

SAP Basis Consultant

Responsibilities:

• Main responsibility was SAP security, this included adding new user accounts and setting up SAP role based Security profiles for production rollout and maintaining profiles and authorizations. Involved in the security strategy and documentation of the enterprise wide SAP implementation. Created role based security profiles for the SD, FI/CO, MM, PM and HR modules. Trained three full time employees in SAP security. Created new profiles for two different implementations.
• Performed a complete implementation of HR security.
• First member of the consulting team. Had to wear many hats and come up to speed very quickly. Performed System Administration for a HP and a HP 0. The team was also responsible for the deployment of TCP/IP and the SAPGUI interface on Windows 3.1, WFW and Windows NT workstations. Involved in the Proof of Concept testing and evaluation of all the software packages needed for the system wide connectivity and rollout of SAP. Supported over twenty different instances of SAP version 3.0F.
• Performed Correction and Transport (CTS), repairs to SAP code, performance monitoring, Oracle upgrades, backup/recovery, added network printers, some ABAP/4 programming, installed Hot packages and researched SAP problems in OSS.
• Duty Manager for one week every month. During this time, was responsible for handling or directing the resolution of SAP system problems on all systems, including two production systems, and was on call, 24/7, during this time.
• On the initial Steering Committee on SAP until it went enterprise wide. Received an award recognizing accomplishments as the best customer support person in all the Utility Group.