We provide IT Staff Augmentation Services!

Sap Security Analyst/ Grc Analyst Resume

Issaquah, WA


  • 10+ Years of extensive experience in SAP Security including Implementation, Production support, Post Go - live support, Role remediation, SAP GRC configuration.
  • Handled security for various modules: BI, CRM, FI,ECC,SPM, CO, MM, SD, and MDM
  • Worked on SECATT, SCAT scripts for mass user and authorizations maintenance.
  • Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues.
  • Involved in GRC configuration for RAR and SPM. Designed custom Rule sets as per the requirement.
  • Identified risks, created Business Processes, Functions and Risks in GRC system, performed risk analysis and mitigation.
  • Configuration and support of GRC 10 for EAM, ARA and ARM
  • Expertise in SAP GRC access controls 5.3 supports (Risk Analysis and Remediation (RAR) and remediation of SoD violations through detailed analysis, recommendations and Super user Privilege Management (SPM).
  • GRC implementation; automation; upgrade experience with GRC RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP GRC 5.3
  • Experienced in rating the controls/systems as part of Security Audit Self-Assessment.
  • Experience in implementing security in BW including info object level security
  • Developed tools related to SAP Security where User Administration and Role Administration has been performed 70% faster than the manual process.
  • Granting access in Confidential, Access provided at folder level
  • HANA GRC configuration, BW on HANA implementation
  • Maintained different access level for universes to folders in Confidential
  • Created backend roles in BI for Portals and implemented / mapped them in the portal for CRM upgrade project.
  • Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW. Administration of BODS.
  • Set up chaRM including technical configuration of all necessary SolMan and Remote System components.
  • Managed roles and privileges for SAP NetWeaver IDM across the landscape.
  • Integrated Identity Manager, UME and corporate LDAP and Basic HR configuration.
  • Validated ECC/BI critical Objects and transaction pre Go-Live
  • Extensive expertise in the areas of audit, SAP IDM, SOX, BW/BI Security, Portal Security, ECC/R/3 Security, CRM Security, and upgrade projects.
  • Developed Job role matrix for access request/provisioning through IDM
  • Very good knowledge in Microsoft Excel, Macros, Word, Access and PowerPoint.
  • Extensive experience on SAP license audit, SLAW and USMM usage.


ERP Packages: SAP R/3- 4.7EE, ECC 5.0 and ECC 6.0, SCM 5.0, MDM, BI 7.0, HR, CRM and BW3.5, SAP Solution Manager (7.0,7.1)

Security Tools: SAP GRC / Virsa (4.0, 5.3, 10.0) (Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter, Access Control and Process Control), SAP User Management Engine)


Confidential, Issaquah, WA

SAP Security Analyst/ GRC Analyst

Technology: ECC 7.0, BI, BW, Confidential, BODS, GRC10.1, CRM, HCM, Payer Direct, Solution manager, HANA application database, Portal, ITIM (identity management tool).


  • Designed security for ECC/BW/ Confidential for FI/MM/SD and HR reports.
  • Conduct meetings and working session workshops to discuss and implement the approved design
  • Implemented Automation tools for User administration, Role administration, Monitoring and other business requirements
  • Worked on project planning, proposals, resource planning for multiple SAP security, GRC projects
  • Work with the technical development teams to create custom function modules to enhance standard functionality to fit the complex cross process-id usage requirement
  • Designed security roles with custom tcodes/auth objects, table restrictions, etc.
  • Worked on end to end solution for GRC (ARA, EAM, ARQ)
  • Worked on SOP for User auto provisioning from GRC 10 to plugin systems when a request is submitted via ITIM/IAM
  • Designed and developed policy and procedures for GRC EAM, ARA and ARM
  • Designed and developed GRC UAR (User Access Review) solution to review the user access every quarter
  • Worked as Liaison between Business and Internal/external Auditors.
  • Developed a roadmap in implementing new technologies and tools like Hana, IDM/GRC integration, PING federation for SSO
  • Implemented Automation tools for User administration, Role administration, Monitoring and other business requirements
  • Implemented Security solutions to be compliant with SOX and PCI standards.
  • Designed and developed custom roles in HANA Database for Data Modelers, Developers, Administrators, Power Users and End Users.
  • Identified risks, created Business Processes, Functions and Risks in GRC system, performed risk analysis and mitigation.
  • Defined SLAs for response and resolution of SAP security issues
  • Documentation of security role design and GRC configuration for production support team
  • Performed extensive role redesign for ChaRM security roles
  • Analyzed the risk violations and taken precautionary actions to redesign SAP security
  • Used SQL scripting for writing stored procedures in HANA.
  • Developed security for SLT HANA replication.
  • Well versed in use of HANA Lifecycle Manager for transporting objects.

Confidential, Chicago, IL

Technology: SAP ECC, BW, GRC, APO

Sr. SAP HANA Security Consultant


  • Ball and Ardagh acquired Confidential, Worked on Security blueprint for role re-design
  • Involved in developing play book for go-live and extensively supported hyper care for post go-live.
  • Documented role design changes, User access changes, Custom development changes & approvals for audit purpose
  • Managed SAP HANA Content for SAP Customer Activity Repository (CAR). Created roles for virtual data models, Query Views.
  • Created CAR repository roles to provide access for Net sales, Inventory, category manager.
  • Involved in integration of SAP HANA with GRC using HANA Plug-in
  • Developed new HANA access requests and approval work flows
  • Created Functions, Risks and Rule sets for HANA Database
  • Proficient in implementing and technically configuring SAP GRC Access Controls 10.1 components such as Access Risk Analysis(ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business Role Management(BRM)
  • Implementation exposure of multi stage multi path workflows, configuring email notification and business rules framework plus rules.
  • Created design and training documentation for the application.
  • Configuration and analysis for risk analysis reporting.
  • Configured Access Risk Analysis module by Creating Connector, setting up Connector type, updating Global Rule sets, Updating Repository Sync (User, Role and Profile).
  • Performed User/role level Segregation of Duties (SOD) analysis using GRC ARA, remediated and mitigated SOD conflicts to address security controls for SOX (Sarbanes - Oxley) compliance.,
  • Expert in Configuring EAM and configured Fire Fighter id's, Fire Fighter owners and Fire Fighter Controllers
  • Performed workshops with Business users to make them understand how to get more benefits from GRC and let them know End to End GRC Functionality and gathered the required data from business users
  • Involved with Security Design of HANA Object privileges, Package privilege, Analytic privileges - Attribute views, Analytic views, Calculation views and Roles
  • Implemented SAP HANA User Security and Management using HANA Studio
  • Extensively used authorization dependency viewer within SAP HANA Studio (Information Models) to troubleshoot authorization errors for object types that typically have complex dependency structures like stored procedures and calculation views.
  • Worked on Core SQL-Based Security Roles for Modeling and Monitoring with the SAP HANA database.
  • Developed repository roles to provide access to database, basis and developer teams.
  • Trouble shooting data preview authorizations using Authorization trace
  • Configuring Audit Logs to record grant role, revoke role actions, critical security and sensitive data access

Confidential, Northbrook, IL

Technology: SAP ECC, BW, CRM, GRC 10.0 and Solution Manager

SAP Security Engineer II


  • Worked with Finance, Supply chain management, sales & customer service, Basis, Development, Configuration, Change Control, Training and Testing teams during role design, testing phases.
  • Responsible for Analysis, Design, Develop, Test and Implementation of roles in BI, ECC, SRM, CRM, GTS, APO/SPP and CUA applications for the Enterprise Wide implementation project.
  • Created custom rules in SAP GRC to perform the risk analysis in roles for various business processes and functions.
  • Recommended and created mitigation controls in SAP GRC
  • Assign firefighter Id's to support users in order to resolve the issue which requires sensitive access
  • Worked with Business Manager and Internal Audit in designing and developing GRC compliant composite and single roles for the company
  • Providing support in SOX monitoring reports & Automated Security SOX control monitoring.
  • Schedule BG jobs for SoD risk analysis
  • Handled License administration activities end to end. Familiar with USMM and SLAW tcodes
  • GRC Lead for implementing end to end solution to GRC (ARA, EAM)
  • Worked on SOP for User auto provisioning from GRC 10 to plugin systems when a request is submitted via ITIM/IAM
  • Designed and developed policy and procedures for GRC EAM, ARA and ARM
  • Configured MSMP and BRF+ workflows
  • Implemented end to end SAP Security for Solution Manager 7.1(ChaRM)
  • Experience in setting up Security Roles for Solution Manager & CHARM
  • Solve issues with TMS (Transport Management System), background jobs
  • Designed security roles for authorization of Incident Management, Change Management, Root Cause Analysis etc. work centers.
  • Worked with Basis team to develop Solution manager roles for Administrators, Configurators, Change Managers, and Support Desk roles.
  • Worked on 7.2 upgrade and implemented new functionailities
  • Front End and Back End Confidential integration with ECC system
  • Worked in developing security blue print, planning, requirement gathering and Implementation of end to end Confidential security In Confidential
  • Maintained group access levels for Universe, Folders as per the requirement
  • Set up security by Info Area, Info-Cube, Info-Object, QUERY and WORKBOOKS.
  • Configured roles and authorization objects to secure reporting users.
  • Limiting the Query access within the BEX Analyzer.
  • Implemented Info Object Security (field-level security) for Reporting Users and also created custom reporting authorization objects.
  • Maintaining authorizations for Hierarchies.
  • Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization.
  • Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations
  • Trained & knowledge transferred the security personnel for BW, BI Technology.
  • Building security for Administrative users using SAP provided scripts, templates.
  • Setup users in BODS with repository & troubleshooting the access issues.
  • Interacting with functional and technical consultants for problem diagnosis in BI.
  • Worked with the t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles.
  • Created roles using PFCG and Analysis Auth using RSECADMIN.
  • Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
  • Trouble shooting authorization issues using portal execution and traces in backend SAP
  • Designing the security based on CRM functional requirements in order to align with the business role design and organization’s position hierarchy
  • Built test environment and supported unit, integrating and user acceptance testing and managing defects

Confidential, Louisville, KY

Technology: SAP ECC, BW, Virsa 4.0 and IDM Quest

Sr. SAP Security Consultant


  • Automated creation and population of new Roles and users for a Rollout
  • Worked closely with IDM team and performed role reconciliation to synchronize SAP with IDM system
  • Creation and testing of customized transaction codes (Z codes) by working closely with all functional teams.
  • Trouble shoot authorization errors using trace analysis.
  • Role remediation based on the SOD analysis and Risk analysis.
  • Modified Rule set by analyzing the Risks and false positives.
  • Performed Usage analysis in VIRSA for critical transaction codes.
  • Involved in massive role re-design from the identified risks with Business process.

Confidential, Alpharetta, GA

Technology: SAP ECC, BW, GRC and ICS/Audit support

Executor & Security Lead


  • Lead for four member’s team of ICS/Audit activities.
  • Single point of contact for ICS/Audit activities.
  • Responsible for Health Care ICS/Audit execution includes Weekly/monthly/quarterly and Annual controls.
  • Review B&C type users & Emergency User
  • Check deactivated users
  • Password & Security Parameters verification
  • Review users details and process according to requirements
  • Review Initial and Reset Passwords
  • Periodic Review of User Access Rights, Terminations and Transfers
  • Review physically deleted users and process according to requirements
  • Review users having standard SAP roles / profiles and process according to requirements users with authorization to (un)lock / reset passwords for critical user groups and process according to requirements
  • Perform owner's review of limited allowed critical IT access and process according to requirements
  • Review IT related SoD combinations and process according to requirements
  • Review business related SoD combinations assigned to IT users and process according to requirements
  • Review table logging
  • Quality review of roles
  • Created System Administrator, Security, and developer roles in BI 7.0
  • BI reporting issues including setup and landscape connectivity
  • Review users with non-allowed critical IT access and process according to requirements
  • User administration & Role administration
  • SM7 request/incident/task processing
  • Through knowledge of SOX compliance and best practices in SOD remediation. Streamlined the User Access Request process by clearly defining the appropriate access for each functional team
  • Extensively worked with Sarbanes-Oxley Compliance Strategy management related to SAP business processes
  • Schedule BG jobs for SoD risk analysis
  • Run SoD reports for users based on GRC ARM requests
  • Apply mitigation controls for users with SoD conflicts
  • Design & manage MSMP ARM work flows
  • Processing of GRC 10 Access Requests
  • Assigning FFID’s to users in GRC 10 and extracting log reports in Emergency Access Management module
  • Post provisioning of idM requests.

Confidential, Deerfield, IL

Technology: SAP ECC 6.0 Security Implementation, GRC SPM and RAR

Sr. SAP GRC Consultant


  • Understanding the existing organizational ERP security policies and procedures.
  • Configured and Implemented GRC Access Control Suite
  • Implemented GRC’s Role Expert and performed a security redesign based on the CC facilitated Internal Controls Framework.
  • Function mapping for the custom risks.
  • Enabled regulated Super user access control via GRC’s Firefighter.
  • Reviewed and monitored Firefighter activities.
  • Analysis of Custom risks and standard functions.
  • Analysis of the appropriateness of the Transactions (functions) within the custom risks.
  • Utilized trace (ST01) results to identify the expected authorization values and incorporated them into the security roles after the upgrade.
  • Created users and roles in MDM repositories and restricted based on Functions and tables.
  • Performed security checklist after the client copy.
  • GRC SPM and RAR unit testing
  • Performed a mapping of the portal roles with the backend system.
  • Designed the SAP security architecture for the Finance transformation project and discussed with various functional teams to design the security for overall SAP.
  • Handled security for Business Objects (BO).
  • Worked with Dynamic actions and info type’s tables.
  • Worked on Authorization Objects P ORGIN, P ABAP, P PERNR, P ORGXX etc.
  • Maintained authorization profiles using OOSP.
  • Experience on NWBC and fixing Security related issues.
  • Setup and maintained Organizational Structure including Organizational Units, Jobs, Positions, Cost Center assignments etc.
  • Assigned tasks to positions and integrated all these into the enterprise organizational plan.
  • Assigned the various organization units and positions to cost centers.
  • Assigning roles to BP and maintaining PFCG role with relevant authorizations.

Confidential - Charlotte, NC

Technology: SAP ECC 6.0 Security Implementation

Sr. SAP Security Consultant


  • Understanding the existing organizational ERP security policies and procedures.
  • Analyzed the roles and tracked the possible issues with the role & profile naming convention, Tcode assignment via SU24, master roles with org level assignment, duplicate roles and roles without profiles.
  • Created derived roles for FI and SD modules in ECC.
  • Created roles in BI system.
  • Used transaction RSECADMIN for creating custom authorization objects for assigning authorization objects for BI query end user roles
  • Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW
  • Created roles in SRM system.
  • Performed role remediation includes deletion of obsolete roles and restriction of display only access to the display roles.
  • Analyzed and resolved the tracked issues (ex: Tcode assignment via SU24).
  • Restricted roles at Company code level.
  • Maintained users in CRM landscape and applied the best practices in CRM security administration.
  • Created Standard Operating Procedures reflecting the approval flow and policies for User Access management, Role Management and Transport management.
  • Built Analysis Authorizations using the transaction RSECADMIN.
  • Setup security at the Info objects level (field-level security).
  • Assigned the Analysis Authorizations to the role using the object S RS AUTH.
  • Troubleshoot authorizations related problems using RSECADMIN
  • Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1.
  • Troubleshoot analysis authorizations related problems using RSECADMIN.
  • Build security and successful testing of various objects related to Dashboard.

Confidential - New Brunswick, NJ

Technology: SAP SCM 5.0 Security Implementation

Team Member


  • Role design for Demand planning and supply network planning (SCM).
  • Built roles for Demand planning and supply network planning
  • Created unit test cases and updated the unit test results.
  • BI 7.0 Upgrade for custom objects securing profit center nodes restricted via hierarchy
  • Migrated SU02 profiles to BI 7.0 RSECADMIN authorizations with SAP RSEC MIGRATION tool.
  • Automated creation and population of new security Roles with BI7.0 RSECADMIN authorizations, assign users by Creating eCATT scripts
  • Create Functional and, Basis, Security Developer, Technical Team roles in BI system
  • Maintained security for BW power users and gave them authorizations for their new queries.
  • Extensively used Automatic Profile Generator (PFCG) for Role/Profile creation and modification, User Administration, Authorization Objects, BW Administration workbench.
  • Managed roles, privileges, and Single Sign on (SSO) for SAP NetWeaver IDM across the landscape.

Confidential, Peoria, IL

Technology: SAP GRC Risk Analysis & Remediation 5.3 RAR

SAP GRC & Security Consultant


  • Run the risk analysis reports at role (single & composite) and user level as per the business processes
  • Formatting the report structure and summarize the analysis
  • Performed detailed analysis of the reports and provide recommendations on remediating the SoD violations and mitigation as required
  • Performed rule set review for Confidential
  • Addressed TTTS tickets assigned to the Security Support team to ensure that the team achieves a minimum SLA of 90%.
  • Roles were grouped into bundles to decrease the risk count.
  • Analyzed the usage analysis and provided below solutions to reduce the violation count
  • Unused Transaction codes to be removed
  • Transaction used rarely used to be removed
  • Roles not used by users to be removed

Confidential, Minneapolis, MN

Technology: SAP ECC 5.0 Security Implementation

SAP Security Consultant


  • Understanding the existing organizational ERP security policies and procedures.
  • Created derived roles for FI and CO, PM, PS and SCM modules
  • Maintenance of org values in derived roles
  • Regeneration of profiles in master roles when org levels are added
  • Created SECATT scripts for Mass user creation & Role creation
  • Created customized profiles based on the role naming convention
  • Re-performed the Management testing for INVESTRAN, MAXIMIS and PRS applications.
  • Based on the evidences and testing work papers (performed by management) concluded that the controls are operating effectively or not as well as the management testing was effective or not.
  • Automated security tasks using eCATT and LSMW script

Confidential, Portland, OR

Technology: SAP ECC 5.0 security post go live and production support

SAP Security Consultant


  • Mass user creation, deletion, lock/unlock, password reset and extending validity, using macros
  • Role administration includes role creation, deletion, org level changes & role assignment.
  • Executing and updating SOX monitoring reports such as monthly, quarterly and annual reports of users and role
  • Restriction of access to functional modules like FI, CO, GL and MM etc.
  • Analyzing and troubleshooting of authorization issues
  • Created test environment in quality system for the testing of roles
  • Resetting the passwords and unlocking the users
  • Analysis of the risk and impact of the roles
  • Derived role administration
  • Monitored security audit log
  • Organizational level restrictions on roles. Eg: company code, plant etc.,
  • Monitoring the locked T-codes, incorrect logins and critical transaction codes
  • Missing authorization analysis based on the screen shots.
  • Worked on Enabler roles
  • Created multiple users using SCATT
  • Performed User license management and auditing.
  • Created user groups for easy administration and maintenance
  • Management of users, authorizations, profiles and roles
  • Prepared test cases for unit testing.
  • Performed unit testing and updated the test results.
  • Modified the roles as per the test results (failed test cases)

Hire Now