SUMMARY:

• As a knowledgeable professional with more than 9 years of experience in information technology and project management, I seek to bring my skills and abilities to add value to your company.
• Skilled IT professional with experience in SAP Security and Governance Risks and Compliance (GRC).
• Proven ability to oversee entire lifecycles, from development through to post - implementation assistance.
• Outstanding project management and conceptualizations skills.
• Analytical thinker, able to identify potential risks and effectively troubleshoot issues.
• Expertise in strategic planning, business requirements, configuration, testing, migration, and Go-Live and hyper-care support.
• Detail-oriented with superb organizational and time management skills.
• Adept at coordinating across teams to accomplish goals and complete projects.
• Self-motivated, reliable, and resourceful with an exceptional work ethic.

TECHNICAL SKILLS:

Operating Systems: Windows 2000/2003/XP Professional.

SAP Basis: SAP R/3 4.6C, 4.7C, ECC 5.0, ECC 6.0. GRC AC 5.3.

Areas of Work: Enterprise Portal, BW, SCM, CRM, APO, and HR.

SAP Security: User Administration, Role Management, SOD Detection, Remediation and Mitigation R/3 Security, and HR Security.

GRC: Virsa, GRC 5.3, and GRC AC 10.x

Databases: oracle8, and sql server 2000

PROFESSIONAL EXPERIENCE:

Confidential, TX

Senior SAP Security and GRC Consultant

Responsibilities:

• Deliver security and perform GRC implementation projects for various clients across industries.
• Execute full lifecycle of SAP security design, security re-designs, and GRC Access Control.
• Diagnose, troubleshoot, and resolve security issues on a daily basis.
• Address audit requests and coordinate with process owners to handle SOD concerns.
• Assist professional system integrators with all phases of implementation and serve as the security functional consultant for clients.
• Gather and utilize end-user business requirements for security authorization purposes.
• Review proposed security roles and recommend best practices for risk mitigation.
• Design custom roles (derived, composite, and master) based on approved requirements.
• Employ Automatic Profile Generator to create, maintain, upload, and download roles.
• Conduct functional testing and integration testing before deploying roles to UAT.
• Migrate all approved and validated roles to appropriate clients using transport.
• Track changes and defects via the remedy/magic/third-party management tool.
• Perform user provisioning and post-production security support as needed.
• Transfer change request from the development environment to testing/QA environments.
• Maintain user accounts by copying, renaming, altering passwords, and unlocking/locking.
• Offer end-user and transition training to client security teams.
• Collect and verify data using tables, such as AGR*.
• In corporate custom t-codes into function groupings and associated permissions.
• Coordinate with business analysts, process owners, and internal audit team to handle security role violations.
• Eliminate segregation of duties conflicts via GRC Access Risk Analysis.
• Leverage ARA for risk analysis and reports for remediating roles with the business team.
• Provide clients with key project deliverables after finalization of key implementation phases.

Confidential, TX

Senior Associates SAP Security

Responsibilities:

• Handled daily security administration tasks, such as user and authorization activities and resolution of security-related issues.
• Fulfilled internal/external audit requests and maintained security deliverables.
• Developed, implemented, and oversaw the execution of SAP Security design and GRC Access Control projects.
• Assisted with multiple full lifecycle implementations, including pre- and post-installation validation processes and hyper-care support.
• Collaborated with application development team members to implement Custom SAP Security Role and authorization objects.
• Created, modified, and deleted both users and roles.
• Maintained derived roles, single roles, and composite roles in SAP R/3 systems.
• Performed troubleshooting for roles and carefully document security issues, gaps, and actions.
• Delivered Security Design directions, strategies, and implementation capabilities to process owners and users for long-term maintenance.
• Partnered with IT teams to develop solutions for security Information Security Framework.
• Offered authentication and authorization solutions for security and business problems.
• Completed periodic reviews and revised application security roles to fit changing business needs.
• Interpreted business requirements data, mapped state business processes to the relevant GRC Access Control, and created plans to fix functional gaps.
• Researched past data and delivered presentations on how clients are leveraging GRC application to improve business performance.
• Calibrated the GRC application to meet the unique project and client needs.
• Provided advice for SOD violations, identified advance mitigating control, and CUP when appropriate.
• Supported testing and resolution of SAP security items related to audit findings.