SUMMARY:

• Over 14 years of experience in IT Industry with 10 years specifically on SAP 3.1H, 4.6B, 4.6C, 4.7 & 6.0 as an SAP Security & Compliance Administrator.
• Implemented SAP Compliance Calibrator - 4.0 VIRSA Risk Assessment Tool for analyzing security issues and SOD Conflicts. Maintained Rule Architect, Risk IDs, Function IDs, Critical transactions, Roles and Profiles.
• Working with customers to configure SAP GRC (VIRSA) Super User Access (Firefighter), Risk Analysis and Remediation (Compliance Calibrator), and CUP (Access Enforcer).
• Has working knowledge of SAP´s add-on tool for SOX compliance: Management of Internal Controls (MIC).
• Good understanding of business processes within SAP like Order to Cash & Purchase to Pay and working knowledge of Application controls of those business processes.
• Understanding of risk-based approach to application system security and integrity aspects to design, evaluate, test and document controls.
• Proven track records of successful completion of the project before or within the timeframe.
• Worked extensively on SAP Security in various SAP R/3 environments (4.6B, 4.6C, 4.7, ECC 5 & 6)
• Experienced in AIS (Audit Information System), CTS (Change Transport System), Profile administration using Profile Generator - PFCG.
• Worked on the Security aspects of SAP NetWeaver and Enterprise Portals.
• Knowledge in the area of User management and Security across different product offerings from SAP like BW and Enterprise Portals.
• BI 7.0 Analysis Authorization using RSECADMIN.
• Working knowledge of CHARM (Change Request Management).

TECHNICAL SKILLS:

ERP: SAP 4.6B to 4.7, ERP 2004, 2005.

Tools: SAP Compliance Calibrator - VIRSA Risk Assessment Tool (3.0C, 4.0, 5.x), Firefighter (3.0, 4.0), Risk Terminator (1.2), Access Enforcer 3.0

DBMS: MS-Access, Oracle 8x & 9x, MS-SQL Server 7 & 2000.

OS: Dos, Win 95/98/XP/, Win-NT/2000/2003.

Language: PL/SQL, Visual Basic, HTML, C.

Packages: M.S. Office, MS-Visio, Net meeting, WEBEX.

Protocols: TCP/IP, FTP, HTTP, DNS.

Hardware: HP-9000, HP-DL580, Intel, IBM.

EXPERIENCE:

Confidential, San Francisco, CA

Sr. SAP Security Analyst

Responsibilities:

• HR role redesign from structural to HR Context security.
• Assist in HR Rules configuration, updates and analyst.
• Using SAP GRC RAR, run simulation and document security and SOD conflicts. Advised customers of role remediation or mitigation.
• Configured SPM (Firefighter) background jobs to extract detailed history Log Report from data in STAT and CDHDR tables.
• Roles design and remediation in 4.6C, 4.7, ECC 6, BI.
• Create and maintain BI 7.0 Analysis Authorization.
• Provide documentation to external auditors.
• Lead security project for E-Recruiting. Other Work Areas:
• Identifying the critical transactions along with the authorization objects and its values.
• Identifying the critical functions within SAP & related transactions. Mapping them with SAP Compliance Calibrator (VRAT) VIRSA Risk Assessment Tool to analyze the conflicts occurring in Segregation of Duties in various processes.
• Identify SOD Conflicts from Compliance Calibrator report. Advise customer on how to redesign the roles or mitigate roles if necessary.
• Made recommendations to the management and the process owners that how to execute different programs and reports (by creating variants to run various compliance reports) to monitor as a preventive control.
• Work BASIS team in understanding the current system environment and the correct GRC Installation and Support Packages. Provide recommendation in upgrade plans for customer.

Confidential, Fremont, CA

SAP GRC Consultant

Responsibilities:

• Review system study of current environment by looking into audit reports issued by the external auditors and based on the audit findings defined the scope of project to target the deficiencies identified.
• Test GRC Support Packages and Release Notes to insure issues have been addressed.
• Using VIRSA Compliance Calibrator, test and document security and SOD conflicts. Advised customers of the existing reports provided.
• Configured Firefighter 4.0 background jobs to extract detailed history Log Report from data in STAT and CDHDR tables.
• Roles design and remediation in 4.6C, 4.7, ECC 5.
• Involved in the documenting processes, extracting user access lists with user counts and remediation process. Other Work Areas:
• Identifying the critical transactions along with the authorization objects and its values. Identifying the critical functions within SAP & related transactions. Mapping them with SAP Compliance Calibrator (VRAT) VIRSA Risk Assessment Tool to analyze the conflicts occurring in Segregation of Duties in various processes.
• Identify SOD Conflicts from Compliance Calibrator report. Advise customer on how to redesign the roles or mitigate roles.
• Made recommendations to the management and the process owners that how to execute different programs and reports (by creating variants to run various compliance reports) to monitor as a preventive control.
• Worked closely with the CIO and the Chief Controller in mapping their requirements into SAP Compliance Calibrator Tool to generate accurate reports based on the business requirements.
• Work BASIS team in understanding the current system environment and the correct GRC Installation and Support Packages. Provide recommendation in upgrade plans for customer.

VIRSA Technical Security Engineer

Confidential, Fremont, CA

Responsibilities:

• Extensively Provide support Confidential ’ application (Compliance Calibrator, Firefighter, Role Expert, Access Enforcer, Confidence Compliance).
• Performing activities related to User Administration (Creation of users, Creation of Profiles with Profile Generator, Assigning Roles/Profiles to Users, etc.)
• Installation and configuration of Virsa’s Compliance Calibrator and Firefighter.
• Design and test roles against default or custom rules with Compliance Calibrator 4.0.
• Identifying the critical functions within SAP & related transactions. Mapping them with SAP Compliance Calibrator (VRAT) VIRSA Risk Assessment Tool to analyze the conflicts occurring in Segregation of Duties in various processes.
• Create and update solution in knowledge base.
• Create FAQs for Virsa’s applications (Firefighter, Compliance Calibrator, Role Expert, and Access Enforcer).
• Schedule WEBEX conference to review customer issues and provide training.
• Simulate adding roles and/or transactions to users to find SOD prior to adding authorization.
• Security upgrades using SU25 and Profile Generator (PFCG).Optimized security roles.
• Provide Compliance Calibrator custom reports and SUIM reports to identify SOD conflicts.

Confidential, Sunnyvale, CA

SAP/Baan Security Administrator

Responsibilities:

• Implement SAP R/3 4.7 Security for SD and FI module.
• Setting up SAP roles authorization base on previous Baan roles and review the “Segregation of Duties” process.
• Did system study of current process by reviewing audit reports by external auditors and based on the audit findings defined the scope of project.
• Review critical and sensitive authorizations, implement improvements to meet audit requirements.
• Understand the requirements of Sarbanes Oxley Act (SOX), COSO & CoBiT Frame works and the Internal Controls in SAP.
• Developed Audit checklist and methodology for SAP System in compliance with Sarbanes Oxley Act under Sec 301, 302 and 404.
• Differentiating SAP controls as Implementation, System operations, Audit, Preventive and deductive controls while defining the SAP controls.
• Knowledge of Installation and Configuration of MIC (Management of Internal Controls tool) an Add-on tool for SAP to support SOX .

Confidential, Santa Clara, CA

SAP Security Administrator

Responsibilities:

• Extensively worked in the area of security, set up authorizations for users based on segregation of duties and on a ‘need to know basis’.
• Verified the internal controls pertaining to user’s access for program changes and maintained the integrity of the Transport Management System.
• Security upgrades using SU25 and Profile Generator (PFCG).Optimized security roles.
• Review critical and sensitive authorizations, implement improvements to meet audit requirements.
• Implementation of role based security. Evaluated and used SAP standard roles as templates for customer roles.
• Auditing assignments of critical combination of transaction assigned to users.
• Auditing and maintenance of critical transactions using tools like AIS(Audit Information System), and SUIM transaction.