We provide IT Staff Augmentation Services!

Senior Sap Security And Grc Consultant Resume



  • As a knowledgeable professional with more than 9 years of experience in information technology and project management, I seek to bring my skills and abilities to add value to your company.
  • Skilled IT professional with experience in SAP Security and Governance Risks and Compliance (GRC).
  • Proven ability to oversee entire lifecycles, from development through to post - implementation assistance.
  • Outstanding project management and conceptualizations skills.
  • Analytical thinker, able to identify potential risks and effectively troubleshoot issues.
  • Expertise in strategic planning, business requirements, configuration, testing, migration, and Go-Live and hyper-care support.
  • Detail-oriented with superb organizational and time management skills.
  • Adept at coordinating across teams to accomplish goals and complete projects.
  • Self-motivated, reliable, and resourceful with an exceptional work ethic.


Operating Systems: Windows 2000/2003/XP Professional.

SAP Basis: SAP R/3 4.6C, 4.7C, ECC 5.0, ECC 6.0. GRC AC 5.3.

Areas of Work: Enterprise Portal, BW, SCM, CRM, APO, and HR.

SAP Security: User Administration, Role Management, SOD Detection, Remediation and Mitigation R/3 Security, and HR Security.

GRC: Virsa, GRC 5.3, and GRC AC 10.x

Databases: oracle8, and sql server 2000


Confidential, TX

Senior SAP Security and GRC Consultant


  • Deliver security and perform GRC implementation projects for various clients across industries.
  • Execute full lifecycle of SAP security design, security re-designs, and GRC Access Control.
  • Diagnose, troubleshoot, and resolve security issues on a daily basis.
  • Address audit requests and coordinate with process owners to handle SOD concerns.
  • Assist professional system integrators with all phases of implementation and serve as the security functional consultant for clients.
  • Gather and utilize end-user business requirements for security authorization purposes.
  • Review proposed security roles and recommend best practices for risk mitigation.
  • Design custom roles (derived, composite, and master) based on approved requirements.
  • Employ Automatic Profile Generator to create, maintain, upload, and download roles.
  • Conduct functional testing and integration testing before deploying roles to UAT.
  • Migrate all approved and validated roles to appropriate clients using transport.
  • Track changes and defects via the remedy/magic/third-party management tool.
  • Perform user provisioning and post-production security support as needed.
  • Transfer change request from the development environment to testing/QA environments.
  • Maintain user accounts by copying, renaming, altering passwords, and unlocking/locking.
  • Offer end-user and transition training to client security teams.
  • Collect and verify data using tables, such as AGR*.
  • In corporate custom t-codes into function groupings and associated permissions.
  • Coordinate with business analysts, process owners, and internal audit team to handle security role violations.
  • Eliminate segregation of duties conflicts via GRC Access Risk Analysis.
  • Leverage ARA for risk analysis and reports for remediating roles with the business team.
  • Provide clients with key project deliverables after finalization of key implementation phases.

Confidential, TX

Senior Associates SAP Security


  • Handled daily security administration tasks, such as user and authorization activities and resolution of security-related issues.
  • Fulfilled internal/external audit requests and maintained security deliverables.
  • Developed, implemented, and oversaw the execution of SAP Security design and GRC Access Control projects.
  • Assisted with multiple full lifecycle implementations, including pre- and post-installation validation processes and hyper-care support.
  • Collaborated with application development team members to implement Custom SAP Security Role and authorization objects.
  • Created, modified, and deleted both users and roles.
  • Maintained derived roles, single roles, and composite roles in SAP R/3 systems.
  • Performed troubleshooting for roles and carefully document security issues, gaps, and actions.
  • Delivered Security Design directions, strategies, and implementation capabilities to process owners and users for long-term maintenance.
  • Partnered with IT teams to develop solutions for security Information Security Framework.
  • Offered authentication and authorization solutions for security and business problems.
  • Completed periodic reviews and revised application security roles to fit changing business needs.
  • Interpreted business requirements data, mapped state business processes to the relevant GRC Access Control, and created plans to fix functional gaps.
  • Researched past data and delivered presentations on how clients are leveraging GRC application to improve business performance.
  • Calibrated the GRC application to meet the unique project and client needs.
  • Provided advice for SOD violations, identified advance mitigating control, and CUP when appropriate.
  • Supported testing and resolution of SAP security items related to audit findings.

Hire Now