EXPERIENCE SUMMARY:

• 11+ Years of extensive experience in SAP Security including Implementation, Production support, Post Go - live support, Role remediation, SAP Confidential configuration.
• Handled security for various modules: BI, CRM, FI,ECC,SPM, CO, MM, SD, and MDM
• Worked on SECATT, SCAT scripts for mass user and authorizations maintenance.
• Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues.
• Involved in Confidential configuration for RAR and SPM. Designed custom Rule sets as per the requirement.
• Identified risks, created Business Processes, Functions and Risks in Confidential system, performed risk analysis and mitigation.
• Configuration and support of Confidential 10 for EAM, ARA and ARM
• Expertise in SAP Confidential access controls 5.3 supports (Risk Analysis and Remediation (RAR) and remediation of SoD violations through detailed analysis, recommendations and Super user Privilege Management (SPM).
• Confidential implementation; automation; upgrade experience with Confidential RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP Confidential 5.3
• Experienced in rating the controls/systems as part of Security Audit Self-Assessment.
• Experience in implementing security in BW including info object level security
• Developed tools related to SAP Security where User Administration and Role Administration has been performed 70% faster than the manual process.
• Granting access in BOBJ, Access provided at folder level
• HANA Confidential configuration, BW on HANA implementation
• Maintained different access level for universes to folders in BOBJ
• Created backend roles in BI for Portals and implemented / mapped them in the portal for CRM upgrade project.
• Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW. Administration of BODS.
• Set up chaRM including technical configuration of all necessary SolMan and Remote System components.
• Managed roles and privileges for SAP NetWeaver IDM across the landscape.
• Integrated Identity Manager, UME and corporate LDAP and Basic HR configuration.
• Validated ECC/BI critical Objects and transaction pre Go-Live
• Extensive expertise in the areas of audit, SAP IDM, SOX, BW/BI Security, Portal Security, ECC/R/3 Security, CRM Security, and upgrade projects.
• Developed Job role matrix for access request/provisioning through IDM
• Very good knowledge in Microsoft Excel, Macros, Word, Access and PowerPoint.
• Extensive experience on SAP license audit, SLAW and USMM usage.

SKILLS:

• Domain/Function
• SAP Experience: SAP security implementation
• SAP security post go-live support
• SAP security production support
• SAP Confidential access controls production support
• Proficient with Microsoft Office (Outlook, Word, Excel, PowerPoint, Visio, and Project)

TECHNOLOGY:

ERP Packages: SAP R/3- 4.7EE, ECC 5.0 and ECC 6.0, SCM 5.0, MDM, BI 7.0, HR, CRM and BW3.5, SAP Solution Manager (7.0,7.1)

Security Tools: SAP Confidential / Virsa (4.0, 5.3, 10.0) (Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter, Access Control and Process Control), SAP User Management Engine)

PROFESSIONAL EXPERIENCE:

Confidential, Issaquah, WA

SAP Security Analyst/ Analyst

Technology ECC 7.0, BI, BW, BOBJ, BODS, GRC10.1, CRM, HCM, Payer Direct, Solution manager, HANA application database, Portal, ITIM (identity management tool).

Responsibilities:

• Designed security for ECC for FI/MM/SD and HR reports.
• Design and Implement HANA-BI Security
• Designed and developed custom roles in HANA Database for Data Modelers, Developers, Administrators, Power Users and End Users.
• Integrate BOBJ Security
• Design and Implement S/4 HANA
• Gathering FIORI Requirements from Business
• Create New users/modify existing users in HANA and S/4 HANA
• Worked on System, Object, Analytic, Package and Application Privileges
• Worked on both Catalog (Run Time) and Repository Roles (Design Time)
• Worked on License Check Properties and Activating Audit Policy.
• Strong Experience in working on HANA Studio and Development perspective
• Experience in HANA Life cycle Manager and Transport Mechanism
• Used SQL scripting for writing stored procedures in HANA.
• Developed security for SLT HANA replication.
• Conduct meetings and working session workshops to discuss and implement the approved design
• Implemented Automation tools for User administration, Role administration, Monitoring and other business requirements
• Work with the technical development teams to create custom function modules to enhance standard functionality to fit the complex cross process-id usage requirement
• Designed security roles with custom tcodes/auth objects, table restrictions, etc.
• Worked as Liaison between Business and Internal/external Auditors.
• Implemented Security solutions to be compliant with SOX and PCI standards.
• Defined SLAs for response and resolution of SAP security issues
• Performed extensive role redesign for ChaRM security roles
• Implemented AC10 Access Request Workflow to enhance the company's upgraded GRC10 system with additional functionality
• Configured MSMP and BRF plus logic to enable workflow usage as an add-on to the existing design. This BRF plus logic was setup to support multiple levels of approvals driven by request types and conditions contained within the request
• Conduct meetings and working session workshops to discuss and implement the approved design
• Draft design documents to cover all functionality configured for ongoing support
• Work with the technical development teams to create custom function modules to enhance standard functionality to fit the complex cross process-id usage requirement
• Built complex usage of multiple custom document objects using standard same message class and building custom notification template id's.
• Extensively worked with Sarbanes-Oxley Compliance Strategy management related to SAP business processes
• Executed Confidential 10 Post installation steps
• Experience in end to end implementation Confidential 10 components (ARA, ARM, EAM and BRM)
• Performed the testing after the configuration of ARA, ARM, EAM and BRM
• Performed testing of the functionality from idM to Confidential
• Configured SPRO settings for all components (ARA, ARM, EAM & BRM)
• Trouble shooting issues with SPRO configuration
• Resolved Confidential 10 issues by applying notes
• Worked on synchronization issues from LDAP to Confidential
• Configured SPRO settings for LDAP connector
• Resolved issues on FF owners not receiving email or workflow issues
• Resolved MSMP workflow issue by Debug/Audit logs
• Schedule BG jobs for SoD risk analysis
• Run SoD reports for users based on Confidential ARM requests
• Apply mitigation controls for users with SoD conflicts
• Design & manage MSMP work flows
• Processing of Confidential 10 Access Requests
• Assigning FFID’s to users in Confidential 10 and extracting log reports in Emergency Access Management module
• Conducted User access reviews(UAR)
• Certified Confidential 10.0 Access controls professional
• Extensive experience in Configuration and support of Confidential 10.0 AC Suite (EAM, ARA, ARM, BRM)

Confidential, Chicago, IL

Technology: SAP ECC, BW, Confidential, APO

Sr. SAP HANA Security Consultant

Responsibilities:

• Ball and Ardagh acquired Confidential, Worked on Security blueprint for role re-design
• Involved in developing play book for go-live and extensively supported hyper care for post go-live.
• Documented role design changes, User access changes, Custom development changes & approvals for audit purpose
• Managed SAP HANA Content for SAP Customer Activity Repository (CAR). Created roles for virtual data models, Query Views.
• Created CAR repository roles to provide access for Net sales, Inventory, category manager.
• Involved in integration of SAP HANA with Confidential using HANA Plug-in
• Developed new HANA access requests and approval work flows
• Created Functions, Risks and Rule sets for HANA Database
• Proficient in implementing and technically configuring SAP Confidential Access Controls 10.1 components such as Access Risk Analysis(ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business Role Management(BRM)
• Implementation exposure of multi stage multi path workflows, configuring email notification and business rules framework plus rules.
• Created design and training documentation for the application.
• Configuration and analysis for risk analysis reporting.
• Configured Access Risk Analysis module by Creating Connector, setting up Connector type, updating Global Rule sets, Updating Repository Sync (User, Role and Profile).
• Performed User/role level Segregation of Duties (SOD) analysis using Confidential ARA, remediated and mitigated SOD conflicts to address security controls for SOX (Sarbanes - Oxley) compliance.,
• Expert in Configuring EAM and configured Fire Fighter id's, Fire Fighter owners and Fire Fighter Controllers
• Performed workshops with Business users to make them understand how to get more benefits from Confidential and let them know End to End Confidential Functionality and gathered the required data from business users
• Involved with Security Design of HANA Object privileges, Package privilege, Analytic privileges - Attribute views, Analytic views, Calculation views and Roles
• Implemented SAP HANA User Security and Management using HANA Studio
• Extensively used authorization dependency viewer within SAP HANA Studio (Information Models) to troubleshoot authorization errors for object types that typically have complex dependency structures like stored procedures and calculation views.
• Worked on Core SQL-Based Security Roles for Modeling and Monitoring with the SAP HANA database.
• Developed repository roles to provide access to database, basis and developer teams.
• Trouble shooting data preview authorizations using Authorization trace
• Configuring Audit Logs to record grant role, revoke role actions, critical security and sensitive data access

Confidential, Northbrook, IL

Technology: SAP ECC, BW, CRM, Confidential 10.0 and Solution Manager

SAP Security Engineer

Responsibilities:

• Worked with Finance, Supply chain management, sales & customer service, Basis, Development, Configuration, Change Control, Training and Testing teams during role design, testing phases.
• Responsible for Analysis, Design, Develop, Test and Implementation of roles in BI, ECC, SRM, CRM, GTS, APO/SPP and CUA applications for the Enterprise Wide implementation project.
• Created custom rules in SAP Confidential to perform the risk analysis in roles for various business processes and functions.
• Recommended and created mitigation controls in SAP Confidential
• Assign firefighter Id's to support users in order to resolve the issue which requires sensitive access
• Worked with Business Manager and Internal Audit in designing and developing Confidential compliant composite and single roles for the company
• Providing support in SOX monitoring reports & Automated Security SOX control monitoring.
• Schedule BG jobs for SoD risk analysis
• Handled License administration activities end to end. Familiar with USMM and SLAW tcodes
• Confidential Lead for implementing end to end solution to Confidential (ARA, EAM)
• Worked on SOP for User auto provisioning from Confidential 10 to plugin systems when a request is submitted via ITIM/IAM
• Designed and developed policy and procedures for Confidential EAM, ARA and ARM
• Configured MSMP and BRF+ workflows
• Implemented end to end SAP Security for Solution Manager 7.1(ChaRM)
• Experience in setting up Security Roles for Solution Manager & CHARM
• Solve issues with TMS (Transport Management System), background jobs
• Designed security roles for authorization of Incident Management, Change Management, Root Cause Analysis etc. work centers.
• Worked with Basis team to develop Solution manager roles for Administrators, Configurators, Change Managers, and Support Desk roles.
• Worked on 7.2 upgrade and implemented new functionailities
• Front End and Back End BOBJ integration with SAP systems
• Worked in developing security blue print, planning, requirement gathering and Implementation of end to end BOBJ security
• Configure authentication, authorization, and user management in BOBJ using CMC
• Set up security by Info Area, Info-Cube, Info-Object, QUERY and WORKBOOKS.
• Configured roles and authorization objects to secure reporting users.
• Limiting the Query access within the BEX Analyzer.
• Implemented Info Object Security (field-level security) for Reporting Users and also created custom reporting authorization objects.
• Maintaining authorizations for Hierarchies.
• Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization.
• Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations
• Trained & knowledge transferred the security personnel for BW, BI Technology.
• Building security for Administrative users using SAP provided scripts, templates.
• Setup users in BODS with repository & troubleshooting the access issues.
• Interacting with functional and technical consultants for problem diagnosis in BI.
• Worked with the t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles.
• Created roles using Confidential and Analysis Auth using RSECADMIN.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• In BOBJ
• Trouble shooting authorization issues using portal execution and traces in backend SAP
• Designing the security based on CRM functional requirements in order to align with the business role design and organization’s position hierarchy
• Built test environment and supported unit, integrating and user acceptance testing and managing defects

Confidential, Louisville, KY

Technology: SAP ECC, BW, Virsa 4.0 and IDM Quest

Sr. SAP Security Consultant

Responsibilities:

• Automated creation and population of new Roles and users for a Rollout
• Worked closely with IDM team and performed role reconciliation to synchronize SAP with IDM system
• Creation and testing of customized transaction codes (Z codes) by working closely with all functional teams.
• Trouble shoot authorization errors using trace analysis.
• Role remediation based on the SOD analysis and Risk analysis.
• Modified Rule set by analyzing the Risks and false positives.
• Performed Usage analysis in VIRSA for critical transaction codes.
• Involved in massive role re-design from the identified risks with Business process.

Confidential, Alpharetta, GA

Technology: SAP ECC, BW, Confidential and Confidential Audit support

Executor & Security Lead

Responsibilities:

• Lead for four member’s team of Confidential Audit activities.
• Single point of contact for Confidential Audit activities.
• Responsible for Health Care Confidential Audit execution includes Weekly/monthly/quarterly and Annual controls.
• Review B&C type users & Emergency User
• Check deactivated users
• Password & Security Parameters verification
• Review users details and process according to requirements
• Review Initial and Reset Passwords
• Periodic Review of User Access Rights, Terminations and Transfers
• Review physically deleted users and process according to requirements
• Review users having standard SAP roles / profiles and process according to requirements users with authorization to (un)lock / reset passwords for critical user groups and process according to requirements
• Perform owner's review of limited allowed critical IT access and process according to requirements
• Review IT related SoD combinations and process according to requirements
• Review business related SoD combinations assigned to IT users and process according to requirements
• Review table logging
• Quality review of roles
• Created System Administrator, Security, and developer roles in BI 7.0
• BI reporting issues including setup and landscape connectivity
• Review users with non-allowed critical IT access and process according to requirements
• User administration & Role administration
• SM7 request/incident/task processing
• Through knowledge of SOX compliance and best practices in SOD remediation. Streamlined the User Access Request process by clearly defining the appropriate access for each functional team
• Extensively worked with Sarbanes-Oxley Compliance Strategy management related to SAP business processes
• Schedule BG jobs for SoD risk analysis
• Run SoD reports for users based on Confidential ARM requests
• Apply mitigation controls for users with SoD conflicts
• Design & manage MSMP ARM work flows
• Processing of Confidential 10 Access Requests
• Assigning FFID’s to users in Confidential 10 and extracting log reports in Emergency Access Management module
• Post provisioning of idM requests.

Confidential, Deerfield, IL

Technology: SAP ECC 6.0 Security Implementation, Confidential SPM and RAR

Sr. SAP Confidential Consultant

Responsibilities:

• Understanding the existing organizational ERP security policies and procedures.
• Configured and Implemented Confidential Access Control Suite
• Implemented Confidential ’s Role Expert and performed a security redesign based on the CC facilitated Internal Controls Framework.
• Function mapping for the custom risks.
• Enabled regulated Super user access control via Confidential ’s Firefighter.
• Reviewed and monitored Firefighter activities.
• Analysis of Custom risks and standard functions.
• Analysis of the appropriateness of the Transactions (functions) within the custom risks.
• Utilized trace (ST01) results to identify the expected authorization values and incorporated them into the security roles after the upgrade.
• Created users and roles in MDM repositories and restricted based on Functions and tables.
• Performed security checklist after the client copy.
• Confidential SPM and RAR unit testing
• Performed a mapping of the portal roles with the backend system.
• Designed the SAP security architecture for the Finance transformation project and discussed with various functional teams to design the security for overall SAP.
• Handled security for Business Objects (BO).
• Worked with Dynamic actions and info type’s tables.
• Worked on Authorization Objects P ORGIN, P ABAP, P PERNR, P ORGXX etc.
• Maintained authorization profiles using OOSP.
• Experience on NWBC and fixing Security related issues.
• Setup and maintained Organizational Structure including Organizational Units, Jobs, Positions, Cost Center assignments etc.
• Assigned tasks to positions and integrated all these into the enterprise organizational plan.
• Assigned the various organization units and positions to cost centers.
• Assigning roles to BP and maintaining Confidential role with relevant authorizations.

Confidential, Charlotte, NC

Technology: SAP ECC 6.0 Security Implementation

Sr. SAP Security Consultant

Responsibilities:

• Understanding the existing organizational ERP security policies and procedures.
• Analyzed the roles and tracked the possible issues with the role & profile naming convention, Tcode assignment via SU24, master roles with org level assignment, duplicate roles and roles without profiles.
• Created derived roles for FI and SD modules in ECC.
• Created roles in BI system.
• Used transaction RSECADMIN for creating custom authorization objects and S RS AUTH for assigning authorization objects for BI query end user roles
• Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW
• Created roles in SRM system.
• Performed role remediation includes deletion of obsolete roles and restriction of display only access to the display roles.
• Analyzed and resolved the tracked issues (ex: Tcode assignment via SU24).
• Restricted roles at Company code level.
• Maintained users in CRM landscape and applied the best practices in CRM security administration.
• Created Standard Operating Procedures reflecting the approval flow and policies for User Access management, Role Management and Transport management.
• Built Analysis Authorizations using the transaction RSECADMIN.
• Setup security at the Info objects level (field-level security).
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Troubleshoot authorizations related problems using RSECADMIN
• Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1.
• Troubleshoot analysis authorizations related problems using RSECADMIN.
• Build security and successful testing of various objects related to Dashboard.

Confidential, New Brunswick, NJ

Technology: SAP SCM 5.0 Security Implementation

Team Member

Responsibilities:

• Role design for Demand planning and supply network planning (SCM).
• Built roles for Demand planning and supply network planning
• Created unit test cases and updated the unit test results.
• BI 7.0 Upgrade for custom objects securing profit center nodes restricted via hierarchy
• Migrated SU02 profiles to BI 7.0 RSECADMIN authorizations with SAP RSEC MIGRATION tool.
• Automated creation and population of new security Roles with BI7.0 RSECADMIN authorizations, assign users by Creating eCATT scripts
• Create Functional and, Basis, Security Developer, Technical Team roles in BI system
• Maintained security for BW power users and gave them authorizations for their new queries.
• Extensively used Automatic Profile Generator ( Confidential ) for Role/Profile creation and modification, User Administration, Authorization Objects, BW Administration workbench.
• Managed roles, privileges, and Single Sign on (SSO) for SAP NetWeaver IDM across the landscape.