SUMMARY

• 8+ Years of extensive experience in SAP Security including Implementation, Production support, Post Go - live support, Role remediation, SAP GRC10, 5.3, 5.2 configuration, SCM 5.0 role design.
• GRC implementation, configuration, Upgrade, Migration experience with GRC 5.3 (RAR, CUP, ERM, SPM) and GRC 10.0 (ARA, ARM, EAM, BRM). SAP CUA (Central User Administration) integration with SAP GRC 5.3 and GRC 10.0.
• Extensive and Hands on Experience in GRC Implementation, Automation, upgrade experience with GRC CUP, RAR, ERM, SPM, SAP CUA (Central User Administration) integration with SAP ECC 6.0. with an excellent understanding of Sarbanes-Oxley Act.
• 6+ years of GRC experience in end to end implementation/Configuration, Upgrade/migration and support.
• Worked on HANA Upgrade and Migration.
• Hands on experience in working on migrating the SAP systems from oracle database to Hana 1.0, 2.0. Design and planning of audit controls for the Hana database. Planning migration strategy for S/4 Hana at Confidential .
• Worked as a team lead for a support project as well as Executor for Security audit team.
• Handled security for various modules: BI, CRM, FI, ECC, SPM, CO, MM, SD, and MDM.
• Worked on SECATT, SCAT scripts for mass user and authorizations maintenance.
• Central User Administration (CUA) experience to create users, assign roles, and maintenance.
• Excellent knowledge of SOX, Audit issues and Segregation of Duties (SOD) issues.
• Involved in GRC configuration for RAR and SPM. Designed custom Rule sets as per the requirement.
• Identified risks, created Business Processes, Functions and Risks in GRC system, performed risk analysis and mitigation.
• Configuring and Customizing the General Settings in Sap GTS -Business Partner, Organization structure, Partner structure, Document Structure, Legal Regulation, and Determination Procedure
• Worked as SAP GTS functional consultant in support project.
• Configuration and support of GRC 10.1 for EAM, ARA and ARM
• Expertise in SAP GRC access controls 5.3 supports (Risk Analysis and Remediation (RAR) and remediation of SOD violations through detailed analysis, recommendations and Super User Privilege Management (SPM).
• GRC implementation; automation; upgrade experience with GRC RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP GRC 5.3
• Experienced in rating the controls/systems as part of Security Audit Self-Assessment.
• Experience in implementing security in BW including info object level security
• Developed tools related to SAP Security where User Administration and Role Administration has been performed 70% faster than the manual process.
• Granting access in BOBJ, Access provided at folder level
• Maintained different access level for universes to folders in BOBJ
• Created backend roles in BI for Portals and implemented / mapped them in the portal for CRM upgrade project.
• Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW. Administration of BODS.
• Set up CHARM including technical configuration of all necessary Solman and Remote System components.
• Managed roles and privileges for SAP Net Weaver IDM across the landscape.
• Integrated Identity Manager, UME and corporate LDAP and Basic HR configuration.
• Validated ECC/BI critical Objects and transaction pre-Go-Live
• Extensive expertise in the areas of audit, SAP IDM, SOX, BW/BI Security, Portal Security, ECC/R/3 Security, CRM Security, and upgrade projects.
• Developed Job role matrix for access request/provisioning through IDM
• Very good knowledge in Microsoft Excel, Macros, Word, Access and PowerPoint.
• Extensive experience on SAP license audit, SLAW and USMM usage.

TECHNICAL SKILLS

ERP Packages: SAP R/3- 4.7EE, ECC 5.0 and ECC 6.0, SCM 5.0, MDM, BI 7.0, HR, CRM and BW3.5, SAP Solution Manager (7.0,7.1)

Security Tools: SAP GRC / Virsa (4.0, 5.3, 10.1) (Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter, Access Control and Process Control), SAP User Management Engine / CUA)

Skills: SAP /HANA /Security (ECC, CRM, SCM, Fiori SAP GRC architect BPC, BW) expert SAP Audit controls

PROFESSIONAL EXPERIENCE

Confidential, Issaquah, WA

GTS and Solution Manager

• Worked with Finance, Supply chain management, sales & customer service, Basis, Development, Configuration, Change Control, Training and Testing teams during role design, testing phases.
• Rich experience in Integration of SAP Security in SAP R/3, SD/MM/HR/PP/IM/PS/BW/SEM-BPS modules with FI/CO and in overall business processes such as, order-to-cash, purchase-to-pay and make-to-Order.
• GRC Lead for implementing end to end solution to GRC (ARA, EAM, ARQ)
• Worked on SOP for User auto provisioning from GRC 10 to plugin systems when a request is submitted via ITIM/IAM
• Designed the security architecture for CRM Confidential Membership system, shared service framework, HANA security build and integration with sap ECC and BOBJ for the HCM self-service reporting. Worked on project planning, proposals, resource planning for multiple SAP security, GRC and HCM HANA reporting projects.
• Implemented security design strategy integrating Persona, Fiori and ECC Designed and developed SOX Controls in HANA, BW and BOBJ systems.
• SDA integration of the HANA databases between ECC and BW.
• Designed and developed policy and procedures for GRC EAM, ARA and ARM
• GRC 10.1 migration from GRC 5.3
• Implemented end to end GRC ARM solutions for multiple projects
• Designed and developed GRC UAR (User Access Review) solution to review the user access every quarter
• Worked on project planning, proposals, resource planning for multiple SAP security and GRC projects.
• Worked as Liaison between Business and Internal/external Auditors.
• Developed a roadmap in implementing new technologies and tools like Hana, IDM/GRC integration, PING federation for SSO.
• Responsible for Analysis, Design, Develop, Test and Implementation of roles in BI, ECC, SRM, CRM, GTS, APO/SPP and CUA applications for the Enterprise Wide implementation project.
• Created custom rules in SAP GRC to perform the risk analysis in roles for various business processes and functions.
• Recommended and created mitigation controls in SAP GRC
• Assign firefighter Id's to support users to resolve the issue which requires sensitive access
• Worked with Business Manager and Internal Audit in designing and developing GRC compliant composite and single roles for the company
• Providing support in SOX monitoring reports & Automated Security SOX control monitoring.
• Schedule BG jobs for SOD risk analysis
• Instrumental in setting up and administering the Central User Administration (CUA) for non-Production systems
• Handled License administration activities end to end. Familiar with USMM and SLAW t-codes
• Implemented end to end SAP Security for Solution Manager 7.1(CHARM)
• Experience in setting up Security Roles for Solution Manager & CHARM
• Solve issues with TMS (Transport Management System), background jobs
• Designed security roles for authorization of Incident Management, Change Management, Root Cause Analysis etc. work centers.
• Worked with Basis team to develop Solution manager roles for Administrators, Configurators, Change Managers, and Support Desk roles.
• Set up security by Info Area, Info-Cube, Info-Object, QUERY and WORKBOOKS.
• Configured roles and authorization objects to secure reporting users.
• Limiting the Query access within the BEX Analyzer.
• Implemented Info Object Security (field-level security) for Reporting Users and created custom reporting authorization objects.
• Maintaining authorizations for Hierarchies.
• Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization.
• Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations
• Trained & knowledge transferred the security personnel for BW, BI Technology.
• Building security for Administrative users using SAP provided scripts, templates.
• Setup users in BODS with repository & troubleshooting the access issues.
• Interacting with functional and technical consultants for problem diagnosis in BI.
• Worked with the t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles.
• Created roles using PFCG and Analysis Auth using RSECADMIN.
• Used SAP best practices like setting the following Info Objects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• In BOBJ

Confidential, Northbrook, IL

Technology: ECC 7.0, BI, BOBJ, BPC, GRC10.0 (ARA, ARM, EAM, BRM), GRC5.3 (SPM, RAR, CUP, ERM), PI, SCM, SRM, CRM, Upgrade, IDM.

Sr. SAP Security Consultant

• Implemented AC10 Access Request Workflow to enhance the company's upgraded GRC10 system with additional functionality
• Configured MSMP and BRF plus logic to enable workflow usage as an add-on to the existing design. This BRF plus logic was setup to support multiple levels of approvals driven by request types and conditions contained within the request
• Conduct meetings and working session workshops to discuss and implement the approved design
• Draft design documents to cover all functionality configured for ongoing support
• Work with the technical development teams to create custom function modules to enhance standard functionality to fit the complex cross process-id usage requirement
• Built complex usage of multiple custom document objects using standard same message class and building custom notification template id's.
• Extensively worked with Sarbanes-Oxley Compliance Strategy management related to SAP business processes
• Executed GRC 10 Post installation steps
• Experience in end to end implementation GRC 10 components (ARA, ARM, EAM and BRM)
• Performed the testing after the configuration of ARA, ARM, EAM and BRM
• Performed testing of the functionality from IDM to GRC
• Configured SPRO settings for all components (ARA, ARM, EAM & BRM)
• Trouble shooting issues with SPRO configuration
• Resolved GRC 10 issues by applying notes
• Worked on synchronization issues from LDAP to GRC
• Configured SPRO settings for LDAP connector
• Resolved issues on FF owners not receiving email or workflow issues
• Resolved MSMP workflow issue by Debug/Audit logs
• Schedule BG jobs for SOD risk analysis
• Run SOD reports for users based on GRC ARM requests
• Apply mitigation controls for users with SOD conflicts
• Design & manage MSMP work flows
• Processing of GRC 10 Access Requests
• Assigning FFID’s to users in GRC 10 and extracting log reports in Emergency Access Management module
• Extract FFID log reports
• Certified GRC 10.0 Access controls professional
• Extensive experience in Configuration and support of GRC 10.0 AC Suite (EAM, ARA, ARM, BRM)
• Aligning the security design in alignment with your organization’s identity management setup currently in place
• Designing the security based on CRM functional requirements to align with the business role design and organization’s position hierarchy
• CRM role configuration using CRMD UI ROLE PREPARE (This is a program which generates the PFCG menu structure from CRM business role) may not comply with the principle of least privilege, requiring a workaround
• Performing SOD analyses without transaction codes
• Data replication requirements between systems and the authorizations that must be administered when implementing CRM for certain modules
• Supported few CRM activities on generating a PFCG role from a business role, and assigning the PFCG role to business role
• Built test environment and supported unit, integrating and user acceptance testing and managing defects
• Trouble shooting authorization issues using portal execution and traces in backend SAP
• Cutover and go-live support activities and delivering the required knowledge transfer to the support teams on both technical & procedural front
• Configured and managed Central User Administration (CUA) environment
• Set up Central User Administration (CUA) for 56 clients across 11 systems
• Extensive experience in CUA support and trouble shooting
• Managing a team of 4 for providing SAP Security production support in various SAP components.
• Providing support in ECC, BI, SRM, CRM, SCM, XI, SUS, ICH, HR, Portal, IDM and GRC.
• Single point of contact for all kinds of SAP Security offshore activities.
• Providing support in SOX monitoring reports as well as ADHOC requests (SAP Security).
• Automated Security SOX control monitoring to reduce manual efforts
• Automated User administration activities for mass User uploads
• Automated LDAP scripts for data preparation
• Enabled regulated Super user access control via GRC’s Firefighter.
• Utilized trace (ST01) results to identify the expected authorization values and incorporated them into the security roles after the upgrade.
• Performed a mapping of the portal roles with the backend system.
• Maintained security for BW power users and gave them authorizations for their new queries.
• Prepared numerous reports and coordinated with PWC auditors to make the company SOX compliant.
• Followed the steps outlined in SU25 for the ECC 5.0 upgrade.
• Performed extensive role redesign for the IT and business users in the system.
• Worked on continuous process improvement with the team to reduce and streamline security processes.
• Maintained users in CRM landscape and applied the best practices in CRM security administration.
• Built Analysis Authorizations using the transaction RSECADMIN.
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Troubleshoot authorizations related problems using RSECADMIN
• Setup security at the Info objects level (field-level security).
• Created distribution list users in LDAP and UME, assigned distribution list to Roles.
• Configured User Data source and defined authentication system for requestors using CUP
• Designed Power user, Query writer and query viewer role strategy for BW reporting access for the business user community. Discuss with module owners to create roles and fix authorization issues

Confidential, Pittsburg, PA

Technology: SAP ECC 6.0 Security Implementation, GRC SPM and RAR

Sr. SAP GRC Consultant

• Understanding the existing organizational ERP security policies and procedures.
• Configured and Implemented GRC Access Control Suite
• Implemented GRC’s Role Expert and performed a security redesign based on the CC facilitated Internal Controls Framework.
• Function mapping for the custom risks.
• Enabled regulated Super user access control via GRC’s Firefighter.
• Reviewed and monitored Firefighter activities.
• Analysis of Custom risks and standard functions.
• Analysis of the appropriateness of the Transactions (functions) within the custom risks.
• Utilized trace (ST01) results to identify the expected authorization values and incorporated them into the security roles after the upgrade.
• Created users and roles in MDM repositories and restricted based on Functions and tables.
• Performed security checklist after the client copy.
• GRC SPM and RAR unit testing
• Performed a mapping of the portal roles with the backend system.
• Designed the SAP security architecture for the Finance transformation project and discussed with various functional teams to design the security for overall SAP.
• Handled security for Business Objects (BO).
• Worked with Dynamic actions and info type’s tables.
• Worked on Authorization Objects P ORGIN, P ABAP, P PERNR, P ORGXX etc.
• Maintained authorization profiles using OOSP.
• Experience on NWBC and fixing Security related issues.
• Setup and maintained Organizational Structure including Organizational Units, Jobs, Positions, Cost Center assignments etc.
• Assigned tasks to positions and integrated all these into the enterprise organizational plan.
• Assigned the various organization units and positions to cost centers.
• Assigning roles to BP and maintaining PFCG role with relevant authorizations.

Confidential,Charlotte, NC 

Technology: ECC 6.0, BI, GRC5.3, Audit, SCM, SRM, CRM, HCM

Sr. SAP GRC Consultant

• Understanding the existing organizational ERP security policies and procedures.
• Analyzed the roles and tracked the possible issues with the role & profile naming convention, T-code assignment via SU24, master roles with org level assignment, duplicate roles and roles without profiles.
• Created derived roles for FI and SD modules in ECC.
• Created roles in BI system.
• Used transaction RSECADMIN for creating custom authorization objects and S RS AUTH for assigning authorization objects for BI query end user roles
• Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW
• Created roles in SRM system.
• Performed role remediation includes deletion of obsolete roles and restriction of display only access to the display roles.
• Analyzed and resolved the tracked issues (ex: T-code assignment via SU24).
• Restricted roles at Company code level.
• Maintained users in CRM landscape and applied the best practices in CRM security administration.
• Created Standard Operating Procedures reflecting the approval flow and policies for User Access management, Role Management and Transport management.
• Built Analysis Authorizations using the transaction RSECADMIN.
• Setup security at the Info objects level (field-level security).
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Troubleshoot authorizations related problems using RSECADMIN
• Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1.
• Troubleshoot analysis authorizations related problems using RSECADMIN.
• Build security and successful testing of various objects related to Dashboard.
• Created custom Ruleset as per customer requirement
• Created background jobs for synchronization
• Uploaded Ruleset files in RAR
• Generated Rules
• Risk Mapping and analysis
• Automated scripts to prepare data to upload rules
• Defining Request types and initiators for CUP requests
• Stage and Workflow Configuration for CUP requests
• Integration of CUP with RAR and ERM
• Defining Connectors for LDAP and R/3 systems
• Request form customization
• Defining number Ranges in CUP
• Request Priority configuration
• Defining Authentication source and Detailed data source in CUP, by using LDAP & UME
• Defining (SMTP) Email notification in CUP
• Upload role master data to CUP