SUMMARY:

• Delivering secure and low maintenance solutions that support key business drivers
• Gathering requirements by helping customer determine priority and cost/benefit of risk mitigation
• Scalable solutions that are designed from a long term production support perspective
• Building of entitlement catalog by position across multiple SAP products, Windows Active Directory, and ancillary applications
• Creating risk based data classification schema and working with data owners to understand and participate in implementing company controls
• Development, implementation, and maintenance of comprehensive security policies with supporting standards and guidelines
• Excellent communication skills and ability to explain information security benefits in a non - technical way to personnel from line through C level executives
• Deep hands on skill, ability to work independently as well as participate and motivate team members
• Release management, project management, and change management for multiple ongoing projects
• 18 years SAP Security design, FI, CO, SD, MM, PP, PS, HCM (CATS, PY, PA,PD,LSO, Structural Authorizations) BW/BI/BOBJ, CRM, PLM, SRM, SCM, XI, APO, IS-PS, IS-U, CCS, SNC
• 10 years VIRSA/GRC experience - CUP, RAR, SPM, PC, v.4.0-10.0, Approva, and ControlPanel GRC
• Certified Information Security Manager

EMPLOYER:

Confidential

SAP/GRC Security Architect

Responsibilities:

• Sole SAP Security resource tasked with all aspects of SAP/ancillary security design, implementation and maintenance
• Support of 1000 internal users, 4000 Dealer/Sales/Service Portal users, 200 SNC Vendors (Supplier Network Collaboration)
• Audit coordination, response and remediation
• Project management, RFP, software evaluations, sourcing, and vendor negotiation
• Work with stakeholders (C and director level) to take ideas from concept to reality
• Licensing strategy, SAP annual licensing audit
• Designed/redesigned existing security model
• Implemented PLM (Product Lifecycle Management), EHS (Environmental Health and Safety), SNC (Supplier Network Collaboration)
• Integrated SAP security for 800 iPads with SAP (30 custom applications)
• Purchased and implemented GRC software to replace SAP GRC to allow more efficiency and decision making with real-time data
• Managing risk while allowing business to operate at greatest efficiency

Confidential

SAP/GRC Program Manager

Responsibilities:

• Reports - 4 employees, 3 contractors
• Manage all aspects of SAP/GRC Security design and implementation
• Support of 10,000 internal users, 50,000 portal users of City services
• Recruiting and career development
• Resource and project management
• Audit coordination and response
• Upgraded SAP GRC 5.3 to 10.0
• Upgraded services while enduring repeated budget cuts
• Helped City exit bond watch and achieve favorable credit terms due to controls implementation and audit remediation
• Interim Chief Information Security Officer (7 months) coordinated with police department, FBI, DHS, and other government agencies to safeguard City resources. Helped recruit and manage transition to successor

Confidential

SAP Security Manager

Responsibilities:

• Managed 10 employees and 2 consultants
• Support of 13,000 SAP users across 150 small business units
• Led continuing global rollout working closely with functional and CM teams
• Personnel management and career development for 10 employees
• Planning, staffing, and implementing yearly rollout plan following Lean methodology
• Coordinated annual audits and prepared responses and remediation
• Redesigned security architecture to allow SAP GRC modules to function as intended
• Redesign for process based roles eliminating SODs and reduction of support resources
• Developed stringent licensing management program
• Recruited and mentored three new security employees
• Designed and oversaw annual online user acceptance within SAP GRC
• Developed and program for 60 global SAP security administrators
• Achieved annual bonus goals by having no signification audit findings

Confidential

Project Management, SAP Security Lead

Responsibilities:

• Managed 4 integrated security projects for Identity Management solution to address SoD issues
• Applications included SAP/GRC and IBM Tivoli products
• Hiring and management of additional contractors
• Wrote and presented funding requests and project proposals >$1MM
• Handled issues with stakeholders, sponsors and champions
• Assisted in technical design
• Backfilled SAP Security Lead while on LOA
• Successfully completed GRC evaluation and software purchase
• Completed audit without significant findings

Confidential

HR Security Implementation Lead/FI Role Redesign Lead

Responsibilities:

• Led HR 4.7 Security Implementation for 25,000 users
• Gathered role requirements
• Negotiated business process redesign to meet audit concerns
• Role redesign in response to Sarbanes-Oxley compliance using VIRSA
• Found and educated business owners to security roles and responsibilities

Confidential

Sarbanes-Oxley Compliance Project Manager

Responsibilities:

• Managed project (12K hours) to reach Sarbanes-Oxley compliance reporting, directly to CIO
• Remediated and documented enterprise wide segregation of duties issues
• Developed role based security on disparate platforms (Mainframe, AS400, SAP, Employer-server applications)
• IT security policy development
• Business/IT control activity, process redesign and documentation
• Worked with Internal Audit to prepare IT department for successful external audit attestation
• Passed annual audit without deficiencies

Confidential

SAP Security Architect

Responsibilities:

• Implemented role based security on an existing 4.6 system for HR, Global Finance, and Global Supply Chain Solutions in response to Sarbanes-Oxley requirements.
• Managed all aspects of project including:
• As-is assessment and blueprint design to meet Sarbanes-Oxley requirements
• Business process development for Segregation of Duties mitigation
• Security development and testing methodology
• Knowledge transfer to development/support staff and internal audit groups
• Documentation and change management
• Completion of project on time and budget

Confidential

SAP Security Architect

Responsibilities:

• Security Architect for upgrade to SAP Enterprise (4.7) and BW 3.1
• End-user role redesign from 4.5B system, business process review regarding security requirements
• Documentation of changes from 4.5 to 4.7 and of security staff
• Integration with existing EBP system
• Development of dynamic BW authorizations generated from HR org structure
• Evaluated and recommended portal solutions

Confidential

SAP Security Architect

Responsibilities:

• Security design for upgrade/reimplementation of 4.6C SAP Global project for R/3 (FI/CO, PP, MM, SD, HR), BW and SEM
• Requirements gathering, strategy, security change management, role design, testing, alignment of R/3 and BW/SEM security, identifying and mitigating SOD/audit issues, educating executive team regarding security issues, and of security employees
• Long-term strategy for security maintenance and ongoing development for R/3 and BW/SEM including the use of HR structural authorizations, FI security user exits, master data integrity, and automated security delivery for BW/SEM

Confidential

SAP Security Consulting Manager, Release Manager

Responsibilities:

• Managed varying teams of up to 20, dotted line to up to 100
• Performed multiple full lifecycle SAP Security projects, assembled work plans and strategies based on gathering requirements, prototyping solution, testing, migration, post-implementation support, and and documentation for ongoing maintenance
• Designed the security structure (base roles, composite roles, securing sensitive transactions, etc.), gathering security requirements (mapping of t-code to roles and roles to users)
• Led COE team for SAP configuration, ABAP Development, for SAP and ancillary system security
• Led Security team through six phase, worldwide implementation for 13,000 users
• Streamlined and automated security procedures to reduce maintenance, reduce error, and -increase responsiveness to customer
• Managed licensing and contract compliance programmatically, allocating costs by user, license type, and use, to individual business units
• The demise of Confidential was caused by off-balance sheet manipulation and was in no way connected to IT or IT security

Confidential

SAP Security Consultant, Information Security Manager

Responsibilities:

• Managed 5 employees and up to 10 contractors
• Responsible for security and user administration for all applications and platforms including SAP, Oracle, and manufacturing processing applications on Unix, Novell, Mainframe, and MS Windows
• Managed conversion activities for two large mergers with companies on disparate systems
• Converted 8000 SAP users to role-based security using PD in HR module
• Implemented HR structural authorizations
• Developed security for company to face out to internet