PROFESSIONAL SUMMARY:

• Strong organizational and time management skills
• Plan execute and Support SAP projects successfully
• Excellent Knowledge of user Administration, Role Administration and Security Policies
• Role creation single, composite. Master and derived according as per business requirement
• Analysis of critical Authorization tables, missing Authorization objects, User Master Record reconciliation
• Manage User Administration Utilizing SU01 and SU10 efficient usage of SE16, SUIM to retrieve data and SU24 to enable or disable security checks on audit and audit reports
• Performed all Access Control Components ARA, EAM, BRM and EAM for both GRC 10X and 12
• Access Risk Analysis (SOD/Remediation and Mitigation process. MSMP work flow configuration access request approval
• Emergency Access Management creating FFID, Assigning FFID to controllers and Fire - Fighter users, Creating Reason codes
• Worked on HR Function by setting up HR security using both General and Structural Authorizations in Payroll and ESS/MSS
• Created authorize HANA Roles for Developer, Modelers, Data base Administrators and end users
• Configure and Authenticate Hana Roles against front end reporting tool such as BOBJ with more SAP BW/HANA experience than SAP ECC Security

TECHNICAL SKILLS:

• SAP ERP Skills SAP ECC 6.0, EHP8 SAP NetWeaver GUI 720,730, 750 SAP GRC 10X AND 12
• Good Knowledge of Virtualization concept such as Virtual Box, VMware, VMware ESXI
• Post SAP Installation Activities and GRC 12 Configuration
• RFC Connections for SAP GRC Connectors for all satellite systems
• Applying ADD-ONS and various SNOTES
• Installation and Configuration of Linux SUSE 12 SP4 with S/4 HANA1809

PROFESSIONAL EXPERIENCE:

GRC & S4 Hana Security Consultant

Confidential, Houston, TX

Responsibilities:

• SAP HANA Security activities like user management, Assigning Roles to user
• Extract source system data using BODS and SLT. Data provisioning and replicating data from source to HANA
• Worked on S/4 HANA Security and developed reports
• Data Modeling in HANA Studio using Attribute, Analytical and calculation views
• Evaluation and decision detailed presentation to compare and proposed HANA Scenario
• Prepared business plans, project plans for system installation, configuration, planning and designing.
• Manage entire project in timely manner to meet deadlines.
• Lead team of six from forefront by evaluating the project scope and complexity, system strategies, software selection and successfully deliver the project with installation and configuration of the SAP systems.
• Performed configuration settings for Access risk Analysis (ARA), Emergency Access management (EAM) and maintaining.
• Scheduling back ground jobs for synchronizing authorization into Access control Repository and monitoring the jobs.
• Performed user & Role analysis to find the existing SOD violation of users and roles.
• Creating mitigation controls for customized risks as per business process owners and auditor’s suggestions, Assigning mitigation controls to users.
• Creating fire fighter-id with Emergency access. Mapping firefighter-id’s to firefighters for a limited period of time with proper approvals.
• Generated the MSMP workflow related business rules and defining the business rule framework by using BRF+ workbench. Customizing and maintain the MSMP workflows for Access control.
• Maintaining access control owners and change the approvers when they leave the organization. Performed simulation for proactive SOD analysis.
• Assist security team with role level risk analysis when needed related to creating/ updating and provisional roles including user access validations and identifying false positives.
• Monitor of rule sets, maintain critical roles and profiles, creation of mitigation control and running ad hoc risk analysis reports.
• Implementation of global SAP role structure, including standard business role, global process roles, derived roles and associated SAP security process.

GRC & Security Consultant

Confidential, Milwaukee, WI

Responsibilities:

• User Access provisioning in independent R/3 system.
• Managing user master record creating user, user groups and assigning authorization groups and roles
• Mass user management using SU10 Role maintenance creating, changing and deleting
• Creation and modification of different types of roles according to client request.
• Transporting roles from development to quality to production.
• Analysis of the users, profiles, roles, authorization, objects and change documents.
• Worked with security related tables AGR* & USR*.
• Authorization checks using transaction SU24 and maintained check indicators for transaction codes.
• Firefighter role creation and assignment through SPM (super user privilege management) Map Firefighter ID’S to owners and controllers.
• Troubleshooting User access through authorization error analysis via SU53, SU56 and system trace ST01.
• Monitor and maintained user ID through user information system SUIM.
• Finding Business related roles with the help of ECC roles for IDM users.
• User master record creation and modification.
• Assist on audit reports and logs using SM18, SM19, and SM20.

GRC & Security Consultant

Confidential, Cincinnati, OH

Responsibilities:

• Ensure application security standards are well integrated into system by incorporating SOD testing into security process.
• Monitors and maintains SAP application security policies, standards, guidelines, and procedures that are in alignment with the corporate strategic plan and supports the project team during the implementation.
• Responsible for implementation and integration of SAP GRC-SOD and other post-go live sustainment tools.
• Support and educate business areas on risks and proposed mitigating controls.
• Understand compliance related issues as it relates to SAP roles.
• Identify and evaluate business & technology risks. Raise risk awareness and made recommendations to mitigate these risks.
• Update rule sets, mitigating controls and process flows.
• Articulate security policies, procedures and guidelines to all levels.
• Configured workflow, actions and rules.
• Performed remediation and mitigation against various risks associated with roles and profiles.
• Provided limited access to FF and FFID.