­­­­

OVERVIEW:

Energetic, goal driven SAP security specialist with 15 years of solid expertise in all facets of SAP security design and implementation. Technically sound individual with exposure to a wide range of SAP platforms. Proven analytic and problem - solving skills with the ability to assess needs, define requirements, develop & execute value-added solutions that improve operating efficiency. Well versed in completing projects on time and as promised, by coordinating team efforts while working with the project team. Well versed in documenting and bridging the gap between business requirements and technical processes to meet the needs of dynamic and continuously changing environments. Experienced in production support activities like application support, process improvement, enhancements, resource optimization, SLA monitoring, service delivery, service transition etc. Hardworking and dedicated professional with strong interpersonal, communication, negotiation, and leadership skills.

SUMMARY:

• Involved in design/redesign, implementation, cutover, production support activities for wide variety of SAP platforms in multiple SAP global implementations
• Worked closely with the business / functional teams to gather security requirements.
• Designed and developed security roles for ECC 6.0, BI 7.0, HCM, Nota Fiscal, SCM, Solution Manager, TDMS, PI Systems
• Designed and developed analysis authorizations (SAP BI 7.0) at Characteristics, Key Figure, and Hierarchy node level for reporting users i.e. end users/power users /report writers
• Well-versed with troubleshooting authorization issues in BI 7.0 and updating analysis authorizations/roles
• Developed front end folder level security in SAP Business objects by creating user groups/access levels in BOBJ CMC.
• Migrated user groups/access levels/folder level security in BOBJ to QA/Production systems thru promotion management.
• Developed HR security/structural authorizations in PA, PD, ESS and MSS Modules.
• Worked extensively in GRC 10.1 in the areas of ARM (CUP), EAM (SPM), ARA(RAR)
• Developed security for ODATA services in portal and backend, updated communication channels, web services in Process Orchestration portal
• Extensively worked in Composite Environment portal - activities include creation of portal roles, setting up permissions for systems, updating user mapping for systems, updating web services, managing portal users etc.
• Developed security roles in NetWeaver Planning, NWDI, SLD, Biller Direct portals.
• Handled security defects as part of Unit and Integration test cycles
• Involved in security upgrade from 4.6C to ECC 6.0 and BW 3.5 to BI 7.0
• Developed roles and privileges (including System, Object, Analytic and Package Privileges) in HANA Studio.
• Worked on security setup for managed system configuration and BPCA in Solution Manager
• Worked on security setup for Central User Administration.
• Extensively worked on SAP GRC AC 5.3 SP10 (CUP, RAR, SPM and ERM) and VIRSA Compliance Calibrator (VRAT), VIRSA Role Expert (VRMT), Fire Fighter (VFAT) tools
• Very good understanding on segregation of duties and Sarbanes Oxley regulations on application security and business processes.
• Worked closely with auditors and modified roles to achieve SOX compliance for users and roles.
• Experience in user administration in ABAP and Portal systems, role Maintenance, analyzing and troubleshooting issues
• Created security design documents for reference and conducted knowledge transfer sessions to handover projects to Production support team

AREAS OF EXPERTISE:

• Security requirements gathering
• Security role design & develop
• Security testing support
• Troubleshooting & fixing security issues
• Cutover & Go-live Support
• Project Implementation
• Post go-live Production Support
• Identify SOD conflicts and Remediation
• Implementing Best Practices
• Audit & Compliance

KEY SAP SKILLS:

ECC 6.0 & 4.6C, BI 7.0, BW 3.5, SAP Business Objects 4.1, SAP HANA Studio 2.0, SAP HCM, SCM 7.02, SRM 5.0, SAP Nota Fiscal, SAP Test Data Migration Server 4.0, SAP Landscape Transformation, GRC Access Controls 10.1, SAP Solution Manager 7.1, SAP Process Integration, SAP Composite Environment, SAP Process Orchestration, SAP NetWeaver Planning, SAP Biller Direct and Novell Identity Management tool.

SAP PROJECT EXPERIENCE:

Confidential, Beaverton, OR

SAP Security Consultant

Environment: ECC 6.0, BI 7.0/ SAP Business Objects 4.1/ SAP Hana Studio 2.0/ SAP GRC 10.1/SAP Process Orchestration/SAP Composite environment

Responsibilities:

• Worked on security setup for SAP ODATA services in ECC 6.0 and SAP Process Orchestration systems
• Created UME roles in PO system with appropriate portal actions and mapped roles to groups.
• Setup security for technical users in PO system for webservice calls from external applications
• Created portal roles for custom apps and mapped roles to groups in Composite Environment
• Setup permissions/user mapping for systems in Composite Environment and updated webservices
• Developed and assigned analysis authorizations in BI 7.0
• Analyzed and resolved users access issues in BI 7.0.
• Configured SAP Business objects for LDAP/SAP authentication and imported appropriate backend roles to SAP BO
• Created access levels/user groups in SAP Business Objects 4.1
• Setup security for folders/connections/applications etc. in SAP BO
• Worked on migration of security to QA/production systems in SAP BO
• Experience in design and implemention of HANA-BI Security
• Created custom roles in HANA DB for Developers, and Data Base Administrators
• Created System, Object, Analytic, Package and Application Privileges
• Worked on both Catalog (Run Time) and Repository Roles (Design Time)
• Worked on HANA Application Life cycle Management
• Created and enabled Audit policy in HANA DB
• Worked on SAP GRC Access Controls 10.1 components Access Risk Analysis (ARA), Emergency Access Management (EAM) & Access Request Management (ARM) components
• Configured MSMP workflows for maintaining Rules, Agents, Paths, Route mapping etc. for access provisioning thru GRC Access Controls 10.1
• Created custom initiator rules through Business Rule Framework Plus (BRF+) for ARM.
• Configured password self-service, GRC notifications
• Setup Access Control Owners, Owners, Controlers, Firefighter Ids
• Worked on setting up GRC jobs for Authorization data/Repository Object/Action usage/Role usage/Master data/EAM workflow/EAM log synchronization/GRC notifications
• Enabled new Security roles in GRC for auto provisioning

Confidential, Beaverton, OR

SAP Security Consultant

Environment: BI 7.0/SAP GRC 5.3/SAP PI/SAP SCM7.0/SAP HR/HCM

Responsibilities:

• Worked on HCM Security to develop position based security and structural authorizations
• Assigned structural authorization profiles to user ID’s using Report RHPROFL0 to automatically assign appropriate structural authorization profile to each user id.
• Worked with BI functional team and developed the BI analysis authorizations.
• Created analysis authorizations to restrict users at Info Object level
• Developed BW roles and authorizations restricting access to infocube for specific characteristic, hierarchy node of the hierarchy etc.
• Developed new roles containing authorizations for BW reporting end users and Power users.
• Worked closely with the internal Audit team and made all the necessary corrections in security roles to meet SOX compliance.
• Created roles in SCM Event manager for new parameters like Purchase orgs/Sales Orgs/Plants event handlers.
• Designed security setup for webservices in Process Integration System
• Updated User credentials in Communication channels in Process Integration System

Confidential, Beaverton, OR

S AP Security Consultant

Environment: SAP ECC 6.0/BI 7.0/SAP GRC 5.3/EP 7.0

Responsibilities:

• Worked on SAP Securtiy redesign which includes tasks to
• Redesign existing Job/Position based roles to Task based roles
• Eliminate embedded Segregation of Duty Conflicts within Roles
• Remove unused Transaction codes in roles
• Develop/Configure Display /IT /Basis /Production support roles
• Created Task based roles(Tcode roles )
• Created Enabler Roles for Auth/Org fields like Company code/Sales Org/Purchase Org/AccountType/Plant/Movement Type/Sales Doc Type/Data restriction reporting/Condition type/Vendor type etc
• Created Test Ids for Unit/Integration/UAT Testing
• Resolved Auth Issues Using Trace i.e. ST01
• Created/updated analysis authorizations in BI 7.0 for new company codes
• Worked on SAP GRC 5.3 (Governance, Risk, and Compliance) which includes
• Running Risk Analysis and Remediation (RAR) reports (previously Compliance Calibrator).
• Extensively worked on Compliant User provisioning (CUP) previously known as Access Enforcer.
• Imported roles to CUP/Setting Role Owner/Importing Custom approver Determinators/Intitiators etc
• Setting up Connectors for Super User Privileged Management (SPM) previously known as FireFighter.
• Creating Firefighter Ids and /Configuring Firefighter Owners/Controllers/IDs etc.
• Supported issues of phased roleout(Geography wise)
• Designed and created users for RFC (ABAP/HTTP) connections for Basis team
• Opened OSS connections to SAP Systems, Created Users for OSS connections and updated passwords in Secure Area
• Set up background jobs for security maintenance/Firefighter usage logs etc
• Created portal roles and and assigned to groups
• Handled Change Management control and validated the work done by team members at onsite and Offshore
• Involved in performing cutover tasks for Go-live and handled issues during Project Stabilization

Confidential, Wilmington, DE

SAP Security Consultant

Environment: SAP R/3 ECC 5.0/BI 7.0

Responsibilities:

• Performed assessment of the current SAP Security design in place of Production System.
• Analyzed the As-Is SAP Security setup and documented the gaps and provided recommendations on AZ SAP security design and implementation.
• Analyzed the Segregation of Duty Conflicts at both role level and user level
• Did gap analysis and recommended the SAP security best practices.
• Worked extensively on authorization groups (SE54/SUCU) and customized transaction codes (SE93).
• Analyzed the impact on roles to convert autorization field to org level field
• Modified authorization of roles after converting autorization field to org level field
• Created derived roles to restrict access based on planner group/plant level
• Created Test Ids and troubleshooted authorization issues in merging of Canada system into NA system
• Cleaned up users who have not logged in SAP systems since last 1 year
• User administration in all SAP systems in landscape i.e. ECC6.0, BI7.0
• Modified roles to controll access to key authorization objects such as S BTCH ADM, S ADMI FCD, S TABU DIS, and S DEVELOP etc for batch Jobs, basis transactions, tables, and debug access.

Confidential, Gaithersburg, MD

SAP Security Consultant

Environment: SAP R/3 ECC 5.0, BIW3.1/BI 7.0, EP 7.0, SRM5.0, SM4.0, MSSQL 9.0 and SAP NetWeaver 2004s (BI 7.0 and XI)

Responsibilities:

• User Administration of all SAP systems in Landscape i.e. ECC5.0, BI7.0 as well as SRM5.0 through CUA/Solution Manager 4.0
• Created new roles and modified existing roles to meet SOX requirements to maintain SOD
• Secured and controlled access to all SAP systems to meet SOX requirements
• Weekly monitoring of SAP R/3 system which includes
• Monitoring the transports to Production system using Transaction STMS
• Monitoring all change activity with respect to user accounts without logon for 90 days and critical user accounts using Program RSUSR200
• Monitoring all change activity with respect to user accounts including changes pertaining to profiles using Transaction S BCE 68001439 (RSUSR100)
• Monitoring all change activity with respect to roles using Transaction RSSCD100 PFCG (Display Change Documents for Role Administration)
• Monitoring Changes to table T000 by using program RSVTPROT (Evaluation of change logs)
• Troubleshooting Authorization Issues using transactions SU53, ST01.
• Modified Roles to extend existing roles to new Organization units i.e. Company code/Purchasing org etc.
• Analyzed existing roles and created new roles with respect to Job responsibilities
• User administration in Portal as well as in Solution Manager.
• Testing User access automation project.
• Documenting Security policies for SOX Audit.
• Involved in SOX Compliance process to clean up user accounts which involves confirmation from Manager/Supervisors on access of users have.
• Updating SU24 for T-code authorization changes
• Documented Security Roles testing.
• Performed transports using Transaction STMS i.e. Transport Management System (STMS)
• Customized SOD matrix to meet Client’s audit requirements
• Involved in upgrading BW 3.1 to BI 7.0.
• Designed and created roles to restrict user's access by InfoAreas, InfoCubes, Queries and Workbooks.
• Worked on hierarchy authorizations and assigned to nodes using RSECADMIN.
• Created development / reporting roles using analysis authorizations concept.
• Used SAP Migration tool RSEC MIGRATION to migrate users, authorization objects.
• Developed reporting roles for FICO, MM, SD and PP modules.
• Created roles for BW developers using the authorizations objects S RS ADMWB, S RS DS, S RS ISNEW, S RS DTP, S RS TR, S RS RST, S RS PC, S RS BTMP, S RS BEXTX.
• Developed roles for reporting users using SAP standard authorization objects S RS COMP, S RS COMP1, S RS FOLD.
• Developed and assigned Analysis authorizations to users using RSECADMIN.
• Analyzed and resolved users access issues using RSECADMIN.
• Interacted with Portal developers in implementing Portal Security.
• Involved in role design for Portal Security.
• Worked on Content administration to create roles and work sets.
• Created Users and assign appropriate Roles or groups in Portals using User Administration.
• Created groups in Enterprise Portal and assigned all roles to that relevant group.
• Configured Enterprise Portal 7.0 to integrate LDAP.
• Configured Single Sign-on in Enterprise Portal.
• Sixth Avenue Electronics, Springfield, NJ SAP Security Consultant
• Worked with Functional consultants and Super Users to come up with design plan for R3 security implementation.
• Created and modified custom roles with reference to business profiles for SD, MM, FI, CO and HR modules on ERP system.
• Worked extensively and regularly with functional teams to gather user access requirements for defining new roles.
• Implemented CUA in Solution Manager 4.0 using transactions SCUA, SCUG, SCUL and SCUM.
• Worked on Migrating users from child systems to central system using the SCUG.
• Prepared job function matrix for grouping users.
• Fixed authorization issues encountered during Unit and Integration testing using transactions SU53 and ST01.
• Used SU10 for mass changes in User master records.
• Maintained authorization groups for all the critical tables in table TDDAT.
• Used transaction SUIM for various security relevant reports.
• Performed transports and mass transports of security roles.
• Provided security training and prepared the security processes & documents.
• Helped process experts in creation of Segregation of Duties (SOD) matrix.
• Analyzing the System Investigation Reports(SIRs) raised by the IT process and business process owners on SOD conflicts in Roles/Jobs/Users by running them in VIRSA VRAT (VIRSA Risk Assessment Tool) tool to analyze transaction code/authorization object level conflicts and addressing them with suitable remediation and mitigation controls.
• Handled SOD conflicts in Users and worked on Roles for Sarbanes Oxley Compliance.
• Used VRMT Tool to Create New Roles without conflicts.
• Created and Maintained Firefighter ID’s using VIRSA FF 3.0(VIRSA Firefighter Administration Tool).
• Worked with Internal Auditors in creation of User and Role Mitigations.
• Assisted Internal Auditors in framing new Rules for combination of new TCodes in ECC 6.0.
• Worked with Business experts in placing Mitigations for Conflicting and Critical TCodes.
• Created Role matrices for information and requirement gathering for Confidential .
• Created Portal Users & Roles in Enterprise portal system and assigned the Portal roles to users in DEV, QA, and PROD Systems.
• Worked on Locking & Unlocking the users in Portal Systems.
• Created SAP User Groups and assigned the Users to User Groups.
• Securing BW queries over InfoAreas, InfoCubes, ODS objects.
• Controlled access to BEx Analyzer using authorization objects (S RS COMP, S RS COMP1, and S RS ICUBE).
• Created custom reporting Authorization Objects in BW to secure reporting users.
• Secured query access with in the BEx Analyzer, BEx Browser.
• Set up security by InfoArea, InfoCube, ODS, PSA, InfoObject, Query and Workbooks.
• Implemented InfoObject Security (field-level security) for Reporting Users.
• Securing the data presented in queries by hierarchy node.
• Traced SAP provided objects and custom reporting authorization objects to debug an authorization error.
• Authorization checks by assigning reports to authorization classes (RSCSAUTH).
• Implemented Structural Authorizations using OOPS, OOAC, PPOC, PA40, SU01, PA30, OOSP, PO10, PO13, SE38 Transactions.
• Deployed Security using Structural authorizations in tandem with R/3 Standard Roles.
• Created Personal Master Record (PA40), User ID (SU01, SU10), Infotype 105 (PA30)
• Created Structural Authorization Profiles (OOSP)
• Created Infotype 1017 (PO10) for all nodes in Organizational Plan
• Assigned Authorizations to positions using PO13
• Assigned structural authorization profiles to user ID’s using Report RHPROFL0.
• Confidential - Confidential, Houston, TX SAP R3/BW Security Administrator

Environment: SAP R/3 4.6C, 4.7Ent, BW 3.5, Oracle 8i/9i.

Confidential

Responsibilities:

• Worked with SAP R/3 4.6C and BW 3.5 systems. Mainly responsible for SAP R/3 & BW Security.
• Analyzed existing security and prepared Role matrix for existing Roles.
• Created and modified roles and profiles using Profile Generator (PFCG).
• Created Users and assigned roles using transaction SU01.
• Configured Profile Generator and transported settings to all clients.
• Setup security profile parameters for production system.
• Changed passwords for Super users SAP* and DDIC.
• Maintained the authorization objects using T-Codes like SU24 and AUTH SWITCH OBJECTS.
• Performed mass user creation in production system using the CATT scripts.
• Generated profiles on mass scale using transaction SUPC.
• Supported unit and integration testing, supported go live and post go live activities and troubleshooted Authorization issues by using ST01 and SU53.
• Monitored SAP application access and security violations.
• Resolved all Production Support Authorization Issues.
• Gathered requirements, understood functional business processes and resources supported for SAP BW.
• Interacted with BW Team in design of security roles
• Developed roles for BW Administrators, Power users and Reporting users.
• Responsible for creation and maintenance of Roles to restrict access to BW queries, InfoCube, InfoAreas using Profile Generator (PFCG).
• Involved in testing of roles along with BW team.
• Created roles using authorization objects S RS ICUBE, S RS MPRO, S RS ISET, and S RS ODSO.
• Made InfoObjects authorization relevant and Created Custom Reporting Authorization Objects using transaction RSSM.
• Worked on BW objects InfoCubes, InfoObjects, Hierarchies, Update and Transfer rules, InfoAreas, InfoObject Catalog, ODS (Operational Data Store).
• Secured workbooks to provide security on Queries.
• Created hierarchy authorizations using S RS HIER.
• Troubleshooted Authorization issues using RSSM, RSSMTRACE and ST01.
• Involved in Unit testing and worked on RRMX, RSMO, RSRT, and RSA1 to optimize authority checks.
• Implemented position based security (PD Authorizations) model by creating an Org Structure.
• Created Structural Authorization Profiles (OOSP)
• Assigned structural authorization profiles to user ID’s using Report RHPROFL0

Confidential, San Antonio, TX

SAP Security Consultant

Environment: SAP R/3 4.7 Ent. / ECC 5.0, CRM 5.0, Oracle 8i/9i, VIRSA CC 4.0 and SOX

Responsibilities:

• SAP Confidential Administration over all the systems in the landscape. Responsible for providing security for FI, CO, SD, MM, WM, PP, HR modules.
• Coordinated with functional experts for creation and maintenance of roles.
• Reviewed and corrected sensitive authorizations ( S BTCH ADM, S ADMI FCD, S TABU DIS, S PROGRAM, S DEVELOP etc.), including creation and assignment of custom authorization groups for critical tables/programs.
• Extensively used CUA for user administration from one central client.
• Worked on User Roles, Profiles and Authorizations for various modules using Profile Generator (PFCG).
• Used CATT scripts & Microsoft Excel to create and maintain mass user accounts/to assign user groups and roles.
• Extracted profiles and roles information from SAP system by using SUIM.
• Generated profiles on mass scale using transaction SUPC.
• Analyzed and resolved authorization issues using SU53, SU56, ST01 and PFUD.
• Performed level 0 testing and facilitated Unit and Integration testing.
• Trained users on SAP Security related issues to work with and resolve.
• Led a project to Clean up unused roles and profiles. Developed/automated tools for ongoing cleanup.
• Transported the generated roles and profiles using SAP transport management system.
• Knowledge transfer to team members and provided ongoing security related support for all security milestones during different phases of implementation.
• Worked on identifying SOD conflicts at Role/Job and User level that are inherent within SAP Security model.
• Validating single and composite roles in VRAT tool for segregation of duties conflicts and Preparing SOD template for conflicting transactions.
• Implemented use of Critical Transaction codes combination (Table SUKRI) for monitoring SOD violations in transaction SUIM.
• Worked as part of remediation team to work closely with Business process and IT Process Owners, Role and Job Owners to help them in understanding the conflicts caused by SAP authorization objects and the options exist for remediation/mitigating the conflicts.
• Experience with VRAT rule building and maintenance.
• Modifying profiles and roles to remove the SOD conflicts present in the roles.
• Protection of Internet sales processes in Channel management in mySAP CRM thru ACE.
• Maintained User groups and Authorization data in mySAP CRM.
• User administration of IC WebClient in mySAP CRM.
• User and role management in CRM Billing.
• Eli Lilly, Indianapolis, IN SAP Security Administrator
• SAP Confidential Administration over all the systems in the landscape.
• Planned, coordinated, and implemented SAP Confidential architecture and necessary authorizations to match business requirements.
• Worked with functional teams to gather security requirements.
• Designed SAP Security profiles and business roles during the SAP 4.5B implementation.
• Created new users and maintained user master records using transactions SU01 and SU10.
• Created and modified Single roles, Composite roles and derived roles using Profile Generator (PFCG)
• Performed reconciliation of user master data using PFUD and mass generation of profiles using SUPC
• Secured company information by creating user groups and there by restricted users to work in their own group.
• Used reporting transaction SUIM to analyze the users, roles, user groups, transaction codes and profiles.
• Maintained the table USR40 for illegal passwords.
• Troubleshoot authorizations issues using the transactions SU53 and ST01.
• Experienced Go-live, War Room activities & post Go-live production support.
• Processed SAP user access requests, and supported troubleshooting of day-to-day access problems.
• Established and Maintained documentation procedures and policies.
• Provided technical SAP Security support to other SAP project team members, including business configuration team(s) and SAP development team(s).
• Coordinated transports from development (DEV) to quality assurance (QA) to production (PRD) systems.
• Documented user management process to create users, identify and remove expired user ids, lock-unlock users, processes for access approvals and change approvals.
• Involved in Production support Authorization problems.