OBJECTIVE:

To work in an organization where I can get exposure to more comprehensive testing & validation management and project management skills and where I will be able to utilize my skills and talent for value addition to the company as well as to myself.

PROFESSIONAL SUMMARY:

• Over 9 years of IT experience as an SAP GRC 10.0 and SAP ECC Security Administrator and SAP BI and Hana security.
• Worked on full life cycle implementation of SAP GRC 10.1 Access control component configurations (ARM and EAM components)
• Expertise in role optimization and restructuring the current design and develop new design with sod free roles and to implement SAP GRC 10 with the components Access risk Analysis, Emergency Access Management and User Access Management.
• Worked on full life cycle implementation of SAP Security projects from design phase to post implementation phase in SAP Security Realm.
• Performed SAP Security related task and Implemented Security policies and procedures, Experienced in SAP Security Maintenance (PFCG), maintained the roles for all the instance (DEV, QAS, PRD and Environments) profiles in development and production systems.
• Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc), and customized Query reports.
• Provided support for User Maintenance, Roles/Profile Maintenance using Profile generator.
• Experience with SAP HANA Security deign.
• Worked on end to end implementation on HANA Security ( HANA Database and Analytics ).
• Identify and define all privileges types ( System/Object/Package/SQL/Analytical ) at user level
• Worked on Analytical privileges, identification of views to be assigned to analytical privileges
• Create users/Modify users
• All administrative tasks related to HANA Security
• Experienced in Setting up Central User Administration (CUA) and maintenance.
• Working Experience in Role remediation and user remediation of segregation of Duties (SOD) within SAP implementation
• Experienced in troubleshooting R/3 Security issues (SU53, ST01), RSECADMIN for BI.
• Experienced with creating & working on Production Support Tickets using Solman Service desk tool.
• Self starting, highly dependable results oriented SAP Security Functional Analyst with hands on R/3 implementation, system enhancements and production support responsibilities.
• Expertise in Test Process implementation.
• Expertise in design and implementation of Requirement Traceability Matrix (RTM).
• Expertise in Computer System Validation (CSV).
• Qualifying Validation Protocols (IQ, OQ and PQ). and mentoring new resources on CSV.
• Validation of system against compliance such as 21CFR Part11, GxP and GAMP5.
• Managing Independent Validation Team at Client Place.
• Effective, imaginative problem solver with excellent problem solving skills, team player and good communication skills.
• Involved in two life cycle implementation & Post implementation activities.
• Involved in three Enhancement Pack Upgrade Projects.
• Have knowledge in CRM Authorizations and GRC.
• Excellent communication and leadership skills.
• Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations (RSRTRACE)

SKILL S:

ERP: SAP - GRC Access Control module and Process control and SAP ECC6.05 Security, BI, BODS, BPC and Hana security.

OS: Windows 10/7, Linux

Database: Oracle.

Packages: Ms-Office.

Tools: Used HP ALM, SAP Solution Manager

EXPERIENCE:

Confidential, New York

Senior SAP Security & GRC Consultant

Responsibilities:

• Support for all kind of SAP GRC related Service Orders raised by client.
• Incident resolution
• Master data changes related to role owners, Mitigation controls
• Creating connectors in GRC 10.0 for new systems
• Rule set generations, SOD check configurations.
• Creating FF ids, configuring owners and controllers
• Creating custom reports in GRC as per client requirement
• UAR and Risk Analysis Job scheduling.
• Custom BRF+ tables maintenance.
• Requirement for the Yearly Access review from the Client.
• Prepare the Process document and Presentation for the Access review .
• Extract the Role and Role Owner reports.
• Inform the Role owners for any of the role changes before starting of creating the files for review.
• Coordinate with the role owners for the backups and the role owners for the new roles.
• Run the UAR workflow for the User Access Review request generation for all systems.
• Run the UAR workflow for triggering emails to the role owners for User Access review for all systems.
• Prepare the files with the HR information for all systems and send the information to the role owners.
• Prepare the UAR files with the role owners’ roles and Role - Transactions information.
• Schedule meeting with the role owners to explain the process on the User Access review.
• Extract the Reports for all systems on a daily basis.
• Respond to the role owners questions for all systems.
• Update the review completion for all of the systems into the share point on a daily basis.
• Follow up with the role owners for the completion for doing the User Access review.
• Configuration changes in the GRC system for the role owner changes.
• Follow up with the role owners on the review completion and assist them in case of any more information
• Create the GRC requests for the role removal from the users.
• Prepare files for the Non-dialog users for all systems for access review.
• Bi-weekly meeting with the role owners and the role owners for getting status updates on the review completion.
• Provide technical information on the user access to role owners for doing the review.
• Provide the numbers on the role owners completion and review completion updates every day to the client.
• Create GRC requests for the role owner’s role assignment for the new role owners.
• Daily meeting with the client for providing the updates on the User Access Review completion on all systems
• Identify and define all privileges types ( System/Object/Package/SQL/Analytical ) at user level
• Create users/Modify users in Hana System.
• All administrative tasks related to HANA Security

Confidential, Piscataway, NJ

Senior SAP Security Consultant

Responsibilities:

• Provided support for ECC 6.0, BI, HR and CRM. Resolve Security Tickets entered into HP Quality Center within the approved SLAs.
• Resolving both End users and power user s authorization problems.
• Co-ordinate Functional Unit testing (FUT), Integration Testing (IT), for Roles and authorizations to ensure accuracy and segregation of duties.
• Have knowledge on sailpoint compliance, provisioning, password management, single sign-on (SSO) and managing unstructured or organization data
• Worked and having good knowledge on Aveksa Compliance Manager and it manages the overall process for compliance reviews across applications, platforms, and data sources
• Resolved security defects created by Tester in HPQC and periodically used HPQC progress report to monitor defects.
• Having good experience in LDAP, Active directory.
• Have knowledge on SAML, SSO, ESSO, PIM, PAM, IDM life cycle management
• Worked on IDAM Gap assessment, Business requirements gathering for the project.
• Expertise in SAP Security and Authorizations which includes User Management, User Administration, Monitoring, User Tracing (ST01)
• Implemented access control on security related tables (AGR, USR and Custom Tables) and sensitive authorization objects (S TABU DIS, S PROGRAM, etc.).
• Created system users and roles, assisted in data loads and client copies following refreshes.
• Created eCATT scripts for Go - Live user load and role assignment and maintenance.
• Develop and implement custom security and enhancements to SAP reporting with no interruption to the business Present recommendations to client management concerning systems upgrades and development opportunities.
• Audited and documented existing SOD conflicts within roles and assigned to users.
• Support Basis team for user master export and import, lock mass user during systems maintenance.
• Having experience in integration of SoD conform processes and authorization validation
• Having experience in analyzing SoD risks, identifying, approaching and mitigating controls for SoD conflicts.
• Performed Security Upgrade of roles and authorizations ECC 5.0 to ECC 6.0 .
• Adjusted SU24 Table updates found in unit and system testing and transported throughout the landscape
• Have good knowledge and worked on Identity and access management
• Worked with Basis team to develop Solution manager roles for Administrators, Configurators, Change Managers, and Support Desk roles
• Created SAP Test User Accounts and modified roles using SECATT, performed unit testing and validation.
• Review logs in CUA using SCUL.
• Implement and configure Super user Privilege Management formerly Firefighter.
• Worked with Internal Control team for Role Remediation and User Remediation.
• Worked in all risk control processes including IT general controls, testing plans, testing execution in an integration testing environment and control remediation.
• Designed Firefighter roles, business roles, Background roles and error handling roles (support services) for business area SD,PP, PM, MM and CRM. Maintaining, Creating, Modifying existing roles (Single, Composite and Derived) for project team
• Created analysis authorization RSECADMIN to implement field level security for financial report by company code and sales organization.
• Provide structural authorization through PD profile in PO13.
• Assign role in position with transaction PO13 and Run RHPROFL0, when required.
• Good understanding of SAP IT and process controls (configurable, automated and manual controls - SAP GRC)
• Implemented the "re-write of control process and remediation actions for the exceptions identified during the testing of GCCs
• Tested and assessed the control effectiveness of IT controls for 6 IT Applications prior to \'Go Live\' and assisted the teams in the remediation process.
• Part of ITGC / SOX IT controls testing team performing the testing of the effectiveness of the IT controls and helping the teams in remediation of the exceptions identified. Performing OE testing process on the SDLC controls and helping the project teams on the remediation
• Guided and trained IS teams in preparation for performing "assessment and review of IT General controls Documentation" in IT Processes that included determination of Scoping and Planning, Risk Assessment Framework, Infrastructure areas like Change management, Problem management, IS processing, Network, SDLC, Operating systems and Databases.
• Developed proactive plans to manage open issues, avoid known issues in the mitigation process.
• Walk through of the IT and financial processes from SOX perspective.
• Involve at maintaining, supporting and troubleshooting user issues for the GRC Process control for which is used for SOX compliance
• Support for all kind of GRC related Service Orders raised by business.
• Incident resolution
• Master data changes
• Creating connectors in GRC 10.0 for new systems
• Rule set generations, SOD checks configurations
• Creating FF ids, configuring owners and controllers
• Creating custom reports in GRC as per client requirement
• UAR and Risk Analysis Job scheduling.
• Custom BRF+ tables maintenance.
• Set up security by Info Area, Info-Cube, Info-Object, QUERY and WORKBOOKS.
• Configured roles and authorization objects to secure reporting users.
• Made the BI Security Roles as granular and optimum so that the Info Objects can be utilized as much as possible without creating too many Analysis Authorizations .
• Developed Custom Authorization Objects for queries developed by the users.
• Limiting the Query access within the BEX Analyzer.
• Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization.
• Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations (RSRTRACE)
• Worked with the t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles

Confidential, Washington, DC

SAP Security Consultant

Responsibilities:

• Prepared a Plan for Role Redesign to stabilize the EFL security roles.
• Identified the risks in the EFL systems and provided the inputs to minimize the risks.
• Prepared a plan for Security Optimization which is generated through ST14.
• Experience with Role based security design (role creation, transports and organization levels)
• Creation of Users and maintain Authorizations Profiles.
• User locks and password maintenance.
• Proficient in troubleshooting and handling user issues.
• Analyzed SU53 error checks during testing and to find missing authorizations and transaction codes.
• Ran authorization trace ST01.
• Provided the inputs to the team in emergency security issues.
• Worked with the t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles

Confidential, Piscataway, NJ

SAP Security Validation Consultant

Responsibilities:

• Worked on GRC Access Control 10.0 Implementation as a Quality and compliance lead for client.
• Lead for Quality and compliance team for client to take care of all the SDLC requirements.
• Review and Validation of end to end documentation.
• Review and approval of System testing and User acceptance testing scripts.
• Responsible for streamlining the Authorization concept existing in the current R/3 System
• Responsible for overseeing Implementation of GRC AC 10.0 all components (ARA,BRM,EAM,ARM)
• Creating Ruleset, Mitigation, Controls, Scheduling background jobs
• Creating FF ids, maintaining configurations for log reports etc.
• Designing workflows for user access requests and Role management process
• Responsible for post installation initial configurations in GRC AC 10.0
• Provided the knowledge transfer to support team on the project.
• Manage relationships with developers, business analysts, and user representatives in application design and document reviews.
• Conduct and review the configuration audit/baseline report to confirm release acceptance.
• Involved in user testing/validating the system upgrade as per 21CFR Part 11 activities in the GMP system. The Change Request includes multiple defects fixes, updated release management system, and multiple users requested enhancements needed to be implemented on a validated computerized system for GxP-regulated environment.
• To ensure that proper controls are in place before the start of Computer System Validation.
• Ensured proper review, impacts and approvals are in place for applying the changes on the control environment.
• Preparation of Validation plan and Validation summary report. Provided correct and complete documented evidence as needed by GAMP.
• Analyze validation deviations, deviations impacts and deviation closure.
• Worked closely with the overseas Vendor, testing the incremental builds as the functionalities were created in the application in Development, provided inputs, logged defect, retested the fixes and comprehensively validated the application to Production.

Confidential

Sap Security Consultant

Responsibilities:

• Experience in Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorizations for various landscapes using Profile Generator.
• Creation and Modification of User Master Records for Project and End Users.
• Strong in SAP application Security development by taking business requirements and building Security using the SAP Authorization Concept using Profile Generator tool (PFCG).
• Experience in user administration 24X7 on call production support, quick turnaround for end user requests, and Helpdesk support for user administration.
• Full trouble shooting support for the users authorization failures in all SAP applications and resolving the Security issues and support in integration testing of Roles/Profiles.
• Excellent communication and interpersonal skills with ability to co-ordinate activities and work in a team environment to the deliverables.
• Designed several utilities to support SAP R/3 security reporting needs. Reports of user usage profiles and authorizations, comparison reports in different R/3 system.
• Configured Profile Generator and transported settings to all clients, setup security for the developers.
• BW Security experience in Info Provider level and Info Object level (field level such as Company Code, Plants, cost center etc.,) Security
• Designing the BI roles as per the reports and folders.
• Performed user maintenance tasks, User creation, deletion, lock down, activation, password management tasks and ran various user administration reports.
• Designed the AREA MENU process especially for IATA client, basically the area menu displays all the Z reports in user menu tab.
• Working on Incidents, SCR's and Service Requests generated through Solution Manager service desk
• Providing end user day to day support.