- Proven experience in SAP security, IT Auditing, Risk and Compliance and Governance with major organizations and exceptional technical proficiency and astute application of Sarbanes - Oxley as well as other audit directives.
- Performed various technology analysis and conduct projected study to compare multi-possible solutions for the organizations.
- Project management skills combined with demonstrated ability to develop and implement technical solutions to meet critical business needs.
- Outstanding leadership and interpersonal skills result in productive working relationships and top performance among staff.
- Leadership, communication and collaboration skills developed in a progressively responsible career as well as International experience working in multi-national and high-tech Corporations.
- SAP R/3 (3.1, 4.0B, 4.5B, 4.6C and 4.7Enterprise)
- SAP BASIS / SECURITY
- ECC 6.0
- SAP ABAP - Inter / cross functional
- MDM (Materials Data Management)
- AIS / AMS (Audit Information Systems / Audit Management System)
- CRM / SRM / SCM
- SAP Net weaver Business Client and Portal
- Business Object (BO) / Business Warehouse (BW) / Business Intelligence (BI)
- SAP HANA - Hands on but no implementations
- SAP GTS (Global Trade sphere)
- SAP c Folders - Data Management
- SAP Confidential 5.2, 5.3, 10.0, 10.1(Governance, Risk and Compliance)
- SAP Afaria - CRM Platform
- IDM (SAP, Maxtel, Sun)
- Approva BizRights - Compliance
- CRM OMNI Channel
Platforms: Windows NT, Windows 2000, Windows 2003, Windows XP and UNIX, A+, Network+, CCNA, C++
Internet: ASP, XML, HTML, JAVA Script
RDBMS: SQL Server 2000, Oracle - 8i, Sybase and DB2
Audit Tools: CAAT, IDEA, Smart Exporter, TeamMate
Microsoft: Words, Works, Access, Excel, PowerPoint Presentation, Project, SharePoint
S/4 Project Security Lead
- Lead workshop discussions with key business process stakeholders to define security role design requirements.
- Guide Hershey as an industry leader to develop and document security requirements for Hershey’s To-Be environment, including authorization mapping, org levels fields and localization requirements, according to industry best demonstrated practices.
- Managed security build activities with on premise and off-shore resources, ensuring timelines are met appropriately.
- Validated completion of appropriate and adequate security authorization testing.
- Improved Hershey’s existing Firefighter and IS Support strategy, offering knowledge and experience to narrow the scope of firefighter users and IS support roles.
- Assisted Hershey’s Security team with around the new security concepts tied to Fiori.
- Provided documentation and audit capabilities related to security initiatives within the scope of the ERP transformation project, including Core S/4 and Success Factors.
- Managed and configured new delivered system to enable security concepts and configured CUA to include legacy and new S/4 systems.
- Perform and build custom Catalogs / Groups for Fiori apps captured during the security requirements from the business and functional.
- Educate and conduct workshops with functional team to align security for S/4 apps and business processes.
- Build and support security for Solman CHaRM.
Senior Applications Developer
- Providing Security support of production and non-production for ECC, SRM, BI/BW, Confidential and EP.
- Implemented and configured SAP Confidential 10.1 (Access Control) in terms of Approval workflow for User Provisioning, Firefighter, HR Triggers, etc.
- Custom-built HISD rule set derived from the global rule set and created custom Risk IDs and risk functions.
- Worked closely with the Controllers office and the compliance team to identify key risks and help to mitigate the risks.
- Developed strategy and standard documents for Security and Compliance.
- Support developers and configurators for system enhancements and applications UAT and troubleshoot
- Design and support SAP Security roles for various modules such as MM/INV/WM, SRM, BI/BW, HR, PM, PS, VM, and various Finance modules.
- Act as compliance and security SME for Finance and HR solutions.
- Support day-to-day support to end users and business managers.
- Provide s to business managers, school principals to perform various tasks on regular basis.
Senior IT SAP Business Analyst
- Develop Business Requirement documents and indulge in preliminary analysis and participate actively in the SAP Global implementation.
- Review Functional and Technical specifications to assure align with the compliance model as well as highlighting the Confidential business processes.
- Identify integration point of external system to SAP ECC for WRICEF changes and development standards.
- Analysed business processes to identify functional gaps and points of external integration.
- Mapped business processes to SAP functionalities.
- Review SOD Controls and develop advisory details to improve processes.
- Support Go Live SOD issues and recommends mitigation controls for the users and the security roles.
- Configure queries, reports and table merge for IT Controls.
- Review and develop Job Aide for the end users.
- Conduct SOX testing and program testing with the functional and technical team.
- Support external / internal audit to analyse Confidential SOD issues and mitigation strategies.
- Processed and develop SOP to approve IDM Users requests in terms of SOD clearance.
- Perform risks analysis on user/role level for different sectors and suggested changes to existing Confidential rule sets.
- Perform and maintain various test scripts in HP ALMQC to validate Risk Controls for transactional and reporting levels.
- Simulate and advisory on best practices and expertise for SAP Controls in terms of Finance perspective which caters the regulatory requirements for SOX.
Senior Technical Specialist
- Formulated detailed worldwide implementation plans and release strategies for the Security changes according to the global release strategy and worked closely with business teams from Europe, China, Mexico, Brazil and the US to design global and local roles based on job responsibilities.
- Conducted business analysis and aggressive research to identify gaps and fulfil them with the help of global tools to present to the higher management along with performing global risk analysis to develop Mitigations and Controls to eliminate possible financial losses.
- Created Standard Operating Procedures reflecting the approval flow and policies for User Access management, Role Management and Transport management.
- Actively support various projects with various business to identify and analyse the need of various resources both technically and functional needs, such as ABAP, Configuration and Integrators.
- Synchronized the Single Sign-On mechanism with the Enterprise Active Directory (LDAP).
- Worked on all the major go live activities (integration, upgrades, support, SAP Notes) including Mass user creations and role assignment by using ECATT Scripts.
- Created a detailed Project Plan and Implementation Strategy for implementing Analysis Authorizations.
- Worked with the various Business stakeholders and Audit teams in identifying risks, mitigation controls and approval workflows in consideration with current processes.
- Created documentation and trained the audit team and offshore support security team in all aspects of the Confidential Suite to provide for a seamless transition.
- Configured Access Enforcer and defined the user access request process.
- Configured main, forked and parallel workflows and identified escape routes for approval process.
- Defined custom attributes, workflow paths, initiators, and stages for complex site based scenarios.
- Configured Owners, Controllers and security setup along with various configuration parameters in Firefighter.
- Configured Firefighter background jobs for running in hourly to ensure the controllers get the Login Notification and Log Reports.
- Cleaned up SOD conflicts for one client by separating conflicting info types, Timesheet entry & payroll access, restricting PA20 and other access.
- Involved in mentoring and knowledge transfer on Security subordinates, business and stakeholders.
Senior Systems (IT) Auditor
- Evaluate SAP Security landscape for global implementations including technical evaluation and SOD’s issue.
- Played advisory role to improve SAP Security standards and Confidential requirements and provided expertise for SAP Security and Confidential upgrade and implementation standards.
- Performed detailed analysis on SAP transactional level data for Roles and Users to ensure compliance issues.
- Coordinated SOX IT Testing with Business Units and IT department and liaised with external auditors to communicate status and address findings during SOX audits.
- Administered continuous audits, evaluating the operating effectiveness of controls leading to increased assurance of controls in place and reduced risks.
- Performed risk assessment, general controls oversight and review to ensure compliance with SOX regulations and standards by utilized risk assessment methodology to assist in establishing the annual audit plan for areas of core competency.
- Performed analysis of Systems Development Life Cycle (SDLC) and evaluates risk in the design, testing and QA phases of Software Implementation and Upgrades.
- Prepared audit scopes, reported findings, presented recommendations and coordinated with various departments to create remediation plans for deficiencies found during audit and publish written IT audit results to senior management.
- Developed audit presentations, and prepared professional, clear and concise reports of findings.
- Assisted business process owners with documentation of new and changed processes on an on-going basis and identified risks and related controls for new, changed and existing processes.
- Advisory service towards the implementations of various ERP Modules in terms of risks associated, SOD issues, best practices, change control and business and financial impacts in combination of various transactional, technical and functional aspects.
- Performed initial level data analysis utilizing MS Excel VLOOKUP functionalities.
Associate IT Auditor
- Managed engagements to scope, facilitate, and perform procedures to prepare clients for external IT audits and compliance with the Internal Information Security Policies (ISP) by overseeing the performance of risk analyses, documenting control gaps, developing action plans to address control gaps, and designing and executing test procedures based on the IT Audit framework.
- Managed multiple audits over the testing for IT General and Application Controls (ITGC) in support of external IT, Financial and Operations audit engagements. Audit projects include those requiring compliance with SOX utilizing UNIX, SAP, Oracle, and Microsoft / Windows environments.
- Participated in SAP Transaction Code testing to perform security testing of segregation of duties to assist the organization in improving their user management, authentication management, authorization management, access management, and provisioning capabilities.
- Performed consulting for business in establishing IT compliance solutions based on company policies and standards, industry best practices, industry standards, and regulatory requirements.
- Assist in determining the overall direction and focus other audit engagements to which assigned.
- Prepares scope of audit and audit programs/procedures for own audit engagements or, as appropriate, for areas assigned while performing walk through with process owners, vendors, and consultants to assess the design and operating effectiveness of Confidential IT controls.
- Analyse data from SAP and other application databases utilizing computer assisted audit techniques (CAATs).
- Execute SAP audit and controls assessment projects to validate compliance with business policies and controls as well as design and perform advisory service to establish SOD controls and align the processes to implement Confidential 10.0 and Access Management.
- Perform testing to conduct an Audit on various SAP modules, such as Basis, MM/ SD (Vendor Management), FI/CO (Customer Master) and Resources Derivation utilizing the SAP HCM and non-SAP Solutions.
- Areas audited include Windows OS, Exchange Servers, Virtual Servers (Hypervisors), UNIX, SAP ABAP, SAP Security, SAP Confidential, SAP IDM, Project Management Methodologies and Windows based software.
SAP Technical Specialist - Lead SAP Security/ Confidential /IDM
- Bring all Systems under one team and one area of responsibility by developing and ensure a simple and consistent approach to user administration.
- Involved in SAP Confidential 10.0 implementation for Confidential by designing and developing the strategies for SOD and Security Matrix for the implementation of Confidential .
- Help facilitate and provide necessary information and support to external and internal auditors.
- SAP License administration-ensuring licenses are correctly assigned.
- Provided directions to major SAP Projects regarding Security, Roles & Authorizations while providing support as applicable.
- Manages the Authorizations Helpdesk queue, ensuring all authorization issues are addressed and resolved in a timely manner while identifying a primary point of contact for escalated SAP security incidents.
- Responsible periodic review of all security policies, standards and guidelines to ensure they remain accurate and current.
- Participate in the SAP system development lifecycle to ensure that security concerns are addressed and monitor compliance with the information security policies, processes and procedures (SAP and non-SAP).
- Leads the SAP Security consultants offshore as well as onsite.
- Identifies, recommends and promotes appropriate internal and external best practice across the SAP systems to oversee design of SAP Security Solutions, ensuring their long-term stability and suitability into the Confidential environment.
- Contribute to the SAP Change Control process where applicable.
- Ensure that Customers (business) needs are balanced against the long-term strategic vision of Confidential .
- Implemented and setup SAP Audit Information Systems (AIS) for Internal Auditors.
SAP Technical Analyst-Lead SAP Security
- Analysed and design of SAP Module specific roles while performing comprehensive testing of all profiles and authorizations to ensure accuracy and segregation of duties.
- Designed a comprehensive security Matrix that documented the security design and controlled the user requests in the production environment.
- Developed, maintained and controlled the access of the project team members in the all environments.
- Work closely with the implementations of various modules and applications such as MM, SCM, SRM, PM, PS, RE, IDM, BI, SLCM, SEM, FI, CO, Treasury, AIS, PI, and SLCM (Student Lifecycle Management).
- Design and configure controls for Access Control ( Confidential ) in collaboration with business process owners and Business Analysts. Conduct various sessions for establishing policies of Audit, Infrastructure, and HR.
- Designed the IT controls with focus of eliminating redundancy in quarterly assessments. Saved millions in this regard.
- Assisted in preparation of IT security standards / procedures to comply with control criteria that included daily monitoring and escalation of exception / closures.
- Guided and trained IS teams in preparation for performing ‘assessment and review of IT General Controls Documentation’ in IT Processes that included determination of Scoping and Planning, Risk Assessment Framework, Infrastructure areas like Change management, Problem management, IS processing, Network, Operating systems and Databases.
- Developed proactive plans to manage open issues, avoid known issues in the mitigation process. Provide guidelines to contractors and colleagues to perform various tasks.
- Review and analyse the effectiveness and efficiency of existing systems and develop strategies for improving or further leveraging these systems.
- Managed and implement IDM application implemented with SAP EP and AD which includes self-service for employees, SSO, reset and unlock account capabilities, users account provisioning and roles provisioning with detailed approval workflow.
Applications Security Analyst
- Studied the Organization structure, jobs, custom transactions, roles and the SOD matrix for the Security developed in SAP.
- Used extensively in-house developed tools & SAP tools (MDM, ACEVA, and APPROVA BIZ RIGHTS) for analysing SOD conflict, T-code assignment to roles and roles assignments to users.
- Working closely with Audit team for user-role conflict removal in SAP R/3 and SAPBW (Especially in FI/CO and MM Purchasing conflicts).
- Evaluate, build, renew and maintain Standard Operating Procedures (SOPs), policies, and user request forms to ensure adherence to policies and applicable laws.
- Use current information security best practices to optimize the management and maintenance of access control program.
- Perform monthly and quarterly IT audits on critical systems to determine access is appropriate and compliant with PCI, SOX and company guidelines. Respond to requests from internal and external Auditors.
- Managed SAP Security Projects, design and deployed SAP tools and applications such as Governance, Risk and Compliance ( Confidential 5.2/5.3) Access Controls: Access Enforcer/CUP, Firefighter/SPM, Compliance Calibrator/RAR, and Role Expert/ERM.
- Actively participating in SAP Governance Risk and Compliance Advisory Council determining enhancements to Confidential in upcoming supports packs.
SAP Security Administrator
- Gathered and documented business and functional requirements for design and development of security roles.
- Provided direction and consultation on the design and maintenance of roles.
- Created derived roles to satisfy organizational and field level restrictions.
- Analysed security authorization issues while adhering to Service Level Agreements (SLA).
- Adhered to access and change management processes for assigning and transporting roles and maintaining the change documents. Evaluated and updated security standards, guidelines, policies, procedures, and tools to meet compliance and regulatory requirements.
- Implementation of SOD audits recommendations by removing the SOD violating transactions from roles.
SAP Security Administrator
- Administer SAP Security upgrade from SAP 4.6c to 4.7.
- Updated existing roles with new transaction codes, authorization objects and define Jobs, roles and developed matrix for security authorizations.
- Compiled and delivered audit documentation and effectively completed security redesign for Sarbanes Oxley (SOX), state, and corporate compliance with the help of Internal and External Auditors.
- Supported users for the security issues in all functional modules.