SUMMARY:

• Security Professional with over 13 years of IT experience working in systems helpdesk, user support, and/or technology service field.
• Over eleven years of SAP Security experience supporting several SAP Business Suites as well as a retail ERP environment.

TECHNICAL SKILLS:

• SAP NetWeaver 7 User and Role Administration
• SAP GRC Access Controls
• ECC/ABAP Security Authorizations
• SAP Portal/Java Security
• Sarbanes - Oxley (SOX)
• Profile Generator
• SharePoint
• LaserFocus/Access Violation Management

PROFESSIONAL EXPERIENCE:

Confidential, Columbus, OH

Senior SAP GRC Consultant

Responsibilities/Deliverables:

• Perform user & role analyses to identify existing SOD violations
• Perform remediation and mitigation against various risks associated with roles
• Work with remediation plans for existing SOD violations
• Maintain required configuration settings in Confidential as business needs change
• Customize MSMP workflows per business requirements
• Customize rule set and perform risk analyses
• Manage User Access Review (UAR) process to ensure semi-annual compliance
• Participate in approval process at the Security Review stage for all access changes
• Configure request-based EAM process
• Define, implement and document security requirements and roles in line with company standards
• Perform reconciliation of user master records and roles
• Perform trouble shooting to resolve authorization issues using system traces
• Collaborate with release teams to understand future requirements and provide guidance through all phases
• Update and maintain documentation outlining the proper procedure to carry out specific tasks among team members and throughout the user community
• Maintain overall system health by conducting daily research and system checks
• Identify segregation of duties issues within complex business processes and suggest compensating controls
• Create and execute regression test plans to ensure proper functionality following a service pack upgrade
• Ensure proper maintenance of workflow for access requests and firefighter log review
• Create full SOD simulations for new role requests to ensure awareness of potential violations

Confidential, Charlotte, NC

Senior SAP Security/GRC Access Controls Consultant

Responsibilities/Deliverables:

• Performed user & role analysis to identify existing SOD violations
• Performed remediation and mitigation against various risks associated with roles and users
• Worked with business analyst on remediation plans for existing SOD violations
• Maintained required configuration settings in Confidential as business needs changed
• Lead Access Control design sessions for updating existing configuration
• Updated delivered Global rule set to include custom functions and risks
• Managed User Access Review (UAR) process to ensure semi-annual compliance
• Configured MSMP workflows in support of access request process (ARM)
• Participated in approval process at the Security Review stage for all access changes
• Configured request-based EAM process
• Configured/Updated EAM decentralized model
• Extended delivered MSMP workflow process for EAM to include multiple stages for log review
• Defined, implemented and documented security requirements and roles in line with company standards
• Created and modified single roles, composite roles, derived roles for modules such as SD, MM, HR using profile generator
• Performed reconciliation of user master records and roles
• Performed trouble shooting to resolve authorization issues using system traces

Confidential, West Palm Beach, FL

Senior SAP Security Consultant

Responsibilities/Deliverables:

• Partnered with the business and project teams in developing functional specifications as related to security concerns
• Created and maintained user roles and authorizations based on business needs
• Administered and maintained end user accounts, permissions and access rights
• Utilized AGR tables/SUIM reports to extract requirements for audit items
• Assisted with system access reviews to ensure compliance with security policies and standards
• Ran segregation of duties reports from ARA
• Ran & Provided EAM (firefighter) log reports
• Identified risk and controls issues and prepared appropriate remediation or mitigations.
• Documented and maintained security processes for all applications
• Provided production support of existing security roles and functions
• Utilized CUA to streamline user accounts across the landscape
• Utilized SU53 reports and ST01 traces to address authorization issues
• Teamed with internal and external auditors to extract reports

Confidential, Mobile, AL

Senior SAP Security Consultant

Responsibilities/Deliverables:

• Created and maintained end user roles and authorizations based on business needs
• Performed risk analysis and collaborated with systems analysts and internal auditors to determine appropriate risk mitigation strategies
• Performed user and role analysis to identify existing segregation of duties violations
• Administered and maintained end user accounts, permissions and access rights
• Created and maintained detailed security documentation, policies & procedures including segregation of duties
• Produced analytical reports on user, user groups, roles and profiles
• Utilized CUA to streamline user accounts across the landscape
• Utilized the UME to assign user groups and roles
• Resolved SSO and lock issues
• Assisted users running SU53s
• Ensured compliance to security policies and controls

Confidential, Atlanta, GA

ERP Security Analyst

Responsibilities/Deliverables:

• Analyzed current operational procedures, identify problems, and determine specific system requirements
• Served as an advisor to assigned business areas, developing strategies for General Ledger, Accounts Payable, Accounts Receivable, Payroll, Purchasing and Inventory Control
• Served as a liaison between the functional and technical staff to recommend, develop and test program modifications, or to introduce new delivered functionality to the ERP system
• Responsible for overall application architecture, solution design, configuration, and support of assigned functional areas
• Planned, designed and recommended business processes to improve and support business activities
• Create test scenarios and develops test plans to be used in testing the business applications in order to verify that client requirements are incorporated in to the system design. Assists in analyzing testing results throughout the project
• Provided input into developing and modifying systems to meet client needs and develops business specifications to support these modifications
• Prepared workflow charts and diagrams to specify in detail business processes supported by enterprise systems
• Prepared technical reports, simulations, and instructional manuals to document systems development
• Developed effective reporting tools needed to support the business unit information requirements
• Communicated project plans and requirements to functional users who will be required to test and validate system changes. Participate directly in system testing
• Coordinated and collaborated with functional users and IT staff to find solutions to problems identified in testing and resolve issues during system upgrades
• Resolved day-to-day user authorization issues assigned from Helpdesk
• Ensured that proper testing of all system functionality was completed

Confidential, Orlando, FL

SAP Security Consultant

Responsibilities/Deliverables:

• Perform SAP Security related tasks in support of large user community across several SAP Business Suites: ECC, CRM, BW/BI, SOLMAN, Enterprise Portal, GRC, and HANA
• Supported SAP modules: SD, FICO, MM, MFG, DM and WM.
• Provide support and expertise to the user community, assisting them to use BW/BO solutions
• Proposed and implemented approved revisions to SAP Finance Modules to satisfy new requirements
• Created and maintained user roles and authorizations based on business needs
• Administered and maintained end user accounts, permissions and access rights
• Provided production support of existing security roles and functions
• Configured/Installed Central User Administration
• Utilized CUA to streamline user accounts across the landscape
• Resolved day-to-day user authorization issues assigned from Helpdesk
• Assisted users running in SU53
• Created User in Enterprise Portal
• Define Java UME/Portal groups and roles
• Utilized SU53 reports and ST01 traces to address authorization issues
• Performed user creation based on User Access Request Form
• Adjusted User Master data using SU01
• Performed mass user maintenance using SU10
• Used SE16N to access security tables: USR* and AGR*
• Used SUIM to perform security access reviews
• Perform inactive user analysis (lock inactive users)
• Locked and unlocked users as required
• Performed password resets for locked accounts
• Maintained communication record (IT0105)
• Created authorization structural profiles
• Utilized RHRPROFLO report to automatically assign the appropriate structural profiles to users
• Knowledge of SOX, audit issues, and segregation of duties
• Performed user and role analysis to identify existing segregation of duties violations
• Experience in creating and assigning Fire Fighter IDs and extracting Fire Fighter logs
• Created distribution list users in LDAP and UME and assigned distribution list to roles

Confidential, Milwaukee, WI

SAP Security Administrator

Responsibilities/Deliverables:

• Perform SAP Security related tasks in support of large user community across several SAP Business Suites: ECC, CRM, BW/BI, SOLMAN, Enterprise Portal
• Supported SAP modules: SD, FICO, MM, MFG, DM and WM.
• Created and maintained user roles and authorizations based on business needs
• Administered and maintained end user accounts, permissions and access rights
• Provided production support of existing security roles and functions
• Configured/Installed Central User Administration
• Utilized CUA to streamline user accounts across the landscape
• Resolved day-to-day user authorization issues assigned from Helpdesk
• Assisted users in running SU53s
• Created User in Enterprise Portal
• Defined business partner profiles in CRM
• Maintained standard SU01 user master records in CRM
• Defined Java UME/Portal groups and roles
• Utilized SU53 reports and ST01 traces to address authorization issues
• Performed user creation based on User Access Request Form
• Adjusted User Master data using SU01
• Performed mass user maintenance using SU10
• Used SE16N to access security tables: USR* and AGR*
• Used SUIM to perform security access reviews
• Performed inactive user analysis (lock inactive users)
• Locked and unlocked users as required
• Performed password resets for locked accounts
• Maintained communication record (IT0105)
• Created authorization structural profiles
• Utilized RHRPROFLO report to automatically assign the appropriate structural profiles to users
• Added and deleted transactions from roles based on approved role change requests.
• Facilitated role test/validation on updated roles in QAS (Quality Assurance)
• Transported role changes through the landscape into Production
• Worked with several users to gather requirements and transformed them into a data model using extended star schema concept
• Supported and performed various pre and post upgrade activities related to NW BI Upgrade
• Involved in preparing Business Requirement Documents and checked business content to identify necessary Business Objects

Confidential, Denver, CO

SAP Security Administrator

Responsibilities/Deliverables:

• Perform SAP Security related tasks in support of large user community across several SAP Business Suites: ECC, CRM, BW/BI, SOLMAN, Enterprise Portal
• Supported SAP modules: SD, FICO, MM, MFG, DM and WM.
• Configured/Installed Central User Administration
• Utilized CUA to streamline user accounts across the landscape
• Resolved day-to-day user authorization issues assigned from Helpdesk
• Assisted users in running SU53s
• Created User in Enterprise Portal
• Defined business partner profiles in CRM
• Maintained standard SU01 user master records in CRM
• Defined Java UME/Portal groups and roles
• Utilized SU53 reports and ST01 traces to address authorization issues
• Utilized ST01 traces to assist in defining custom security roles for CRM processes
• Performed user creation based on User Access Request Form
• Assigned approved security roles
• Adjusted User Master data using SU01
• Performed mass user maintenance using SU10
• Used SE16N to access security tables: USR* and AGR*
• Used SUIM to perform security access reviews
• Performed inactive user analysis (lock inactive users)
• Locked and unlocked users as required
• Performed password resets for locked accounts
• Added and deleted transactions from roles based on approved role change requests.
• Facilitated role test/validation on updated roles in QAS (Quality Assurance)
• Transported role changes through the landscape into Production
• Prioritize issues as appropriate in consultation with the business leads across all departments of the company
• Analyze production issues to determine business impact and work to resolve issues on daily basis

Confidential, Dublin, OH

SAP Security Analyst

Responsibilities/Deliverables:

• Provided support to the SAP Security Team
• Worked with Security Officers and Business Analyst to defined SAP Security roles for ECC, BI, CRM, Portal, and Solution Manager
• Leveraged GRC Access Controls to provision access to production users
• Leveraged GRC Access Controls to defined SOD-free security roles during the implementation
• Facilitated Unit and Integration test sessions during the implementation process (SAP ASAP Methodology)
• Used transaction SU53, ST01, and RSECADMIN for authorization issue analysis in ECC and BI systems
• Used Remedy for SAP Security issue tracking and resolution

Confidential, Hudson, OH

SAP Security Analyst

Responsibilities/Deliverables:

• Worked with end user community to trouble shoot authorization related issues using Security tools
• Produced user access reports for upper manager (last logon dates, locked/expired accounts) for auditing purposes
• Worked with internal audit/compliance group to review critical IT controls for Basis and Security
• Trained junior full time employee on SAP Security best practices
• Produced CATT scripts for mass user loads and maintenance

Confidential, Sandpoint, ID

SAP Security Analyst

Responsibilities/Deliverables:

• Worked with business analysis and power users to generate SAP security roles from business process documents.
• Assisted in unit and integration security role testing sessions
• Provided on-call support during project phases
• Utilized security tools to assist in resolving authorization related issues (SU53, SM19, SM20, ST01)

Confidential, Richmond, VA

Help Desk Specialist / ERP Security Analyst

Responsibilities/Deliverables:

• Uploaded software applications to OSA servers and troubleshot OSA servers & applications
• Monitored and tracked security events and applied system changes in accordance with the client’s IT security standards
• Created documentation on how to enable drives from mapped network folder options
• Created documentation for quick access to the corporate email, calendars, and shared network drives
• Partnered with business analyst to determine which roles should be created
• Served as a liaison between the functional and technical staff to recommend, develop and test program modifications, or to introduce new delivered functionality to the ERP system
• Created test scenarios and developed test plans used in testing the applications
• Assisted in analyzing testing results throughout the project
• Developed the post implementation go-live support environment