SUMMARY:

• A Security and control professional with over 10 years of progressive experience augmented by a strong post - secondary background in Accounting and Business Administration. Experienced in Sap Security, IDM Sensitive Access, Segregation of Duties, Risk free role design, mitigating control and control optimization .
• Sound knowledge of SAP Security and GRC AC 10.x; with SOD analysis and remediation; with best practice of application mitigating control.
• Proven ability to function as a Strategic Enterprise Security Administrator with ability to develop and implement successful Security and Control, SAP GRC strategies to support corporate mandate
• Creative and innovative thinker with effective resources management and goal setting abilities combined with superior leadership, team building, communication, interpersonal, and presentation skills. Self-motivated with the ability to excel in a fast-paced environment; communicate effectively at all levels; manage competing priorities; and adapt readily to new challenges.

COMPUTER SKILLS

• Microsoft Office 2007 - Word, Excel, and PowerPoint
• SAP R/3 Systems
• Electronic Data Interchange (EDI) Software
• ECC 5.0, 6.0, 4.7, 4.6
• Solution Manager
• GRC AC 10.x
• SharePoint

PROFESSIONAL EXPERIENCE:

Confidential, Dallas, TX

Senior Sap Security Consultant

• Led the Analysis, Design, Development, Testing and Implementation of security roles in S4/HANA, ECC, BI, CRM, and SRM applications for the Enterprise Wide ERP System Transformation.
• Worked with Business Manager and Internal Audit and Security teams in gathering security requirements, designing, developing and testing SOX compliant composite and single roles for SAP System Enterprise wide ERP System Transformation.
• Worked with Development, Basis, Change Control and Business Technology Services teams in providing risk free SAP Security solutions with industry best practices.
• Worked with respective process owners from Finance, Procurement, Basis, Development, Configuration, Change Control management, training and testing teams during role design, testing phases.
• Monitoring interfaces between SAP IdM and other systems/applications
• Monitor the performance of the security provisioning tool for appropriate handling of provisioning and de-provisioning requests
• Create new system repositories for connection to the SAP IdM provisioning tool
• Create new re-provisioning jobs for connected systems and applications
• Configuration of Workflow. Analyze, evaluate, design, build and test SAP NetWeaver IDM.
• Configuration of the Virtual Directory Server
• Configuration of GRC workflow and SOD review
• Configure self-service user interface for Registration and password reset/synchronization
• Creating new security roles and privileges within SAP IdM
• Automated SAP Basis Security batch processes to create Audit reports periodically, consolidate user role assignments and Reconcile User Master data across various backend systems and clients in Production, Quality, Development, Training and Sandbox.
• Extensively worked on the Basis Security issues, logged in as element tool incidents, Defect Reports and/or Change Requests.
• Identified issues during GO-LIVE, provided solutions and got the changes thoroughly tested and signed off and updated applicable deliverables.
• Represented SAP Basis Security team in the bi-weekly Change Control Management meetings to review Security changes and defects.
• Member of the security migration change control: reviewed transports related to customizations, related to Security compliance.
• Performed Pre/Post validation of functional & technical business scenario in ARM, EAM, BRM and ARA with existed ECC systems.
• Responsible for the AC 10 implementation Access Risk Analysis, Emergency Access Management, and Access Request Management.
• Utilized the AC 10 ARA module in detecting Segregation of Duty (SOD) conflicts as defined by Internal and External controls.
• Worked with process owners to interpret SOD violation reports at various levels and implemented and documented agreed upon remediation.
• Led and cross-trained employees on various SAP Security aspects and performed demonstrations to train end users.

Confidential, Sandy Spring, GA

SAP Security System Administrator

• Performed User and Role maintenance for Internal and External Clients on ECC, BI, CRM Systems
• Implemented GRC10.0 implementations defining and driving governance, risk and compliance for big enterprises.
• Collaborated extensively with SOX, Internal Audit, and External Audit teams for SAP systems compliance activities.
• Handled security workshops and acted as the focal point for SAP security and compliance
• Worked with implementation of Access Control, Super user Privilege Management, Risk Analysis and Remediation.
• Interfaced extensively with clients to gain insight and develop solutions to meet customer business needs across the entire SAP landscape
• Maintained assignments of authorization objects with security roles, profiles and objects including ABAP, portal and java.
• Supported internal audits SAP information (table data etc.) during audits, ran and analyzed user ID traces.
• Supported multiple ongoing audits and perform quarterly health checks
• Helped with defining and documenting roles, run risk analysis, tack changes, review audit trails etc.
• Supported maintaining owners and controllers via Net Weaver client NWBC in GRC 10.0
• Identified and analyzed the critical transactions that are involved for resolving the SOD issues.
• Researched and applied OSS notes for security fixes.
• Provided technical solutions for business teams to design/implement SAP Security upgrade in areas of SAP ECC, BI/BW, BOBJ, SRM, CRM, and Portals, supports SAP implementation for the post go-live support and manages security for next phases of SAP deliveries.
• Re-designed user roles and classification according to system usage to improve maintenance
• Performed user administration using SU01 and SU10.
• Worked on Role maintenance, deletion and creation of new roles. Using transactions PFCG, SUIM, SE16, SU24, SE10, STMS and others.
• Handled trouble shooting user issues by using SU53, ST01 and SUIM.
• Interacted with Basis, Auditors, and project managers, CISO regularly.
• Worked on Workflow configuration & IMG configuration for AC 10.0. Also ran CCM for SOD Business Rule, created Planner for TCE (Test Control Effectiveness) & Manual Test and did Remediation Plan.
• Prepared the requirement gathering for HR triggers like (New Hire, Change of positions etc.)
• Configured the Role reaffirm and De-centralized EAM business scenarios.
• Redefined the new connector & connector group for new 15 child systems for different environment like BI, HR, CRM, ECC6.0 and R3 4.7 systems.
• Defined the SOD rule-sets for all new connector group based on customer business requirement.
• Expertise in System Auditing from Security point of view and usage of Security Workbench Tool for Mass User and Role Administration activities.