Sr. Sap Security Project Lead. Resume
Houston, TexaS
SUMMARY
- 7+ years of experience in SAP Security Administration, having strong hold on SAP ECC 6.0 R/3 4.7, SAP BW 3.5, BI 7.0, Enterprise Portals 7.0/6.4/6.0, SCM, SRM, CRM and Solution manager 7.1.
- Has worked on projects involving SAP Security Implementation, User Provisioning, Role Management, GRC (10.0, 10.1), Risk Remediation and Management, Business Objects, IDM, and Basis support.
- Capable of bridging the gap between the business and technical process by fine quality inter personnel and exemplary technical skills.
- Team lead experience in maintaining projects and summing up the resources that can enhance the value to the clients. Excellent communication skills and proactive in problem solving, analytical thinking and a team player.
- Train business users and team members in various areas of security.
- Worked in close associate with the PPM team for their implementation and integration with SAP functional modules, tools like SAP CATS and Project systems.
- Thorough experience at maintaining, formulating Security Policies and Procedures, User maintenance (SU01, SU10), Role maintenance using Profile Generator (PFCG), Security T - codes and Security strategy.
- Troubleshooting user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error, resolving the issue by giving required authorizations (SUIM, SU53, RSECADMIN, ST01 and ST22) in different modules.
- Profound Command on Security procedures for User administration and Central User Administration (CUA). Experienced in mass user creation and maintenance and using Computer Aided Test Tool (CATT) and LSMW scripts.
- Experience with Role Design and Modification as per SOX and SOD security requirements and compliance. Experience with GRC Access Control(10.0, 10.1) - Risk Analysis and Remediation (Compliance Calibrator), Compliant User Provisioning (Access Enforcer), Super user Privilege Management (Fire Fighter), Enterprise Role Management (Role Expert).
- Exercised with the BI Analysis Authorization (RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems.
- Dealt with Upgrade projects from R/3 4.6C to ECC 6.0, BW 3.5 to BI 7.0 and GRC v5.3 to GRC v10.0 including upgrade & post upgrade steps, assessment of authorizations and redesign. Worked with role owners to scrutinize and find the most accurate and optimum way to deliver authorizations to end users leading to successful implementation.
- Experience in Business process Control BPC (10.0). Created users with the BW account details having access to specific application levels.
- Experience in maintaining ad hoc reports for Role Owners/ Audit, Monthly, Quarterly, Half-yearly, and Yearly.
- Maintained by using Remedy Ticketing system. Also Expert with other ticketing tools like Consol.
- Expert in documenting all manuals and processes/procedures, so that they can be helpful for new team members and for future references.
TECHNICAL SKILLS
SAP Versions: ECC 6.0, Sol-Man 7.1, 7.0SAP Modules SD, MM, PP, PM, PS, FICO, QM, HR/HCM, BW 3x/BI 7.0, XI/PI, EP7.1, SCM, EWM CRM7.0, SRM7.0, SSO, BOBJ, LDAP, Solution Manager.
Operating Systems: Windows NT/98/2000/XP/7.
Tools: GRC 5.3, GRC 10.0, 10.1 RAR, CC, FF, Role Expert, Identity Management, Remedy and MS-OFFICE.
PROFESSIONAL EXPERIENCE
Confidential, Houston, Texas
Sr. SAP Security Project Lead
Environment: Role Re-design, GRC 10.1, SAP ECC 6.0 with Modules FICO, MM, SD, APO, SAP CRM, SCM, Sol-Man 7.1
Responsibilities:
- Responsible for gathering business requirements and formulating the security accordingly.
- Successfully implemented Application security in projects related to modules like MM, SD, APO, and FICO.
- Implemented security in accordance to compliance and SOX procedures.
- Performed changing the existing roles as per project security requirements.
- Developed new roles as per the need as the part of application security.
- Performed role redesign, which reduced the role count significantly. This facilitated in less anomaly and increase in scrutiny for the business over process.
- Tried to reduce the use of custom transactions as much as possible to reduce the possible security threats.
- Developed the automation system for access request.
- One Transaction in One role is developed for the purpose of ease in role recognition and simple operating procedures.
- Performed initial and final risk assessments for various application security projects.
- Assisted the Process Work Control ( Confidential ) Team during their Hyper Care support.
- Performed both positive and negative testing in testing environment to ensure security is framed properly.
- Run risk analysis every quarterly, keeping the users access record clean.
- Run user level analysis and user level simulation, checking whether the users has existing or incoming risk that are left without mitigation.
- Updated the GRC rule set when, custom transactions are brought in, by consulting the business and compliance teams.
- Updated the Critical Transaction Rule set as a part of Sensitive Business Process (SPB), based on the Compliance and Business directions.
Confidential, Albuquerque, New Mexico
Sr. SAP Security Consultant
Environment: Re-design of SAP Security Roles, GRC 10.0 Project, SOX (SME), SAP ECC 6.0 with Modules FICO, BI 7.1, 7.3 XI, SAP GRC AC 5.3/10.0, SAP CRM, SCM, Sol-Man 7.1
Responsibilities:
- Inspecting and solving the technical security requirements for SAP ECC Security.
- Performing role-building (Single, Composite and Derived) using the Profile Generator (PFCG) in accordance to the business guidelines and controls requirements set by the internal audit/controls teams for various modules like FI, CO, MM, PP and SD users.
- Authority checks are done by evaluating custom programs and transaction codes. Worked on SAP Check Indicator Defaults, Field values, and maintained check indicators for Transaction codes using (SU24, SU22, and SU21).
- Responsible for implementation of all Access Controls capabilities like review, design, develop, testing. Performed effective segregation of duties in the SAP systems.
- Project - Implementation of SAP BOBJ AC 10.0 and Central User Administration (CUA).
- Troubleshoot existing user roles, security objects and authorizations (SU53) to resolve
- Security conflicts, supporting users, setting up new accounts (SU01, SU10), password resets, and put users in appropriate groups and resolve any issues in production system.
- Usage of System trace to record authorization checks in different sessions (ST01).
- Periodically analyze user master records and develop strategies to reduce any risks to the business from an authorization perspective.
- Role creation of SAP HR based on Info type, personal area and structural authorization.
- Implemented HR triggers for User account deletion in ECC system.
- Executing the system trace ST01 for the analysis and authorization error check in SCM (EWM) for smooth operation of Supply chain system.
Confidential, Cloquet, MN
SAP Security/ GRC Analyst
Environment: SAP R/3 ECC 6.0/4.7, GRC v5.3, solution manager 7.0
Responsibilities:
- Established SAP access/approval/change processes per SOX/audit standards.
- Evolved compliance friendly process flows for approvals of all change requests.
- Made sure the processes were adhered by all teams before the changes went into production. Implemented Risk Analysis and Remediation, provisioning/de-provisioning catering to the audit needs.
- Mitigated risks & users with controls in place.
- Uploaded mitigation controls & created firefighter ids, owners & monitors.
- Batch jobs for SOD report dump & actions to eliminate existing violations/risks.
- Verifying all approvals for the Change request, SOD Simulation reports, QA tests if applicable. Performed upgrade from R/3 4.7 to ECC 6.0, Designed, implemented and maintained security for all landscapes which include SAP ECC6.0, Net Weaver2004s, Solution manager4.0, CRM5.0, SRM5.0, PI, Portal and BI 7.0.
- Security Maintenance & Support as part of Legacy System support (R/3 4.7, BW 3.5) and new system implementation (ECC 6.0, BI 7.0, etc.).
- Created Business Partner for each employee (BP) & Assigned BP to the org model (PPOMA CRM).
- Responsible for analyzing and setup of different roles, profiles and authorizations.
- Performed Upgrades, system copies, Client Copies, Correction and Transport System. Worked on CTS, STMS and all other Transportation related issues.
- Central User Administration (CUA), role maintenance & system administration.
- Trained personnel on security concepts in their respective functional areas.
- Performed extensive QA for new role and role changes before approving change requests.
Confidential, Parsippany, NJ
SAP Security Consultant
Environment: SAP ECC 6.0 and BI 7.0/BW 3.5
Responsibilities:
- Extensively used RSECADMIN in BI to build Analysis Authorizations.
- Performed the upgrade of Business reporting tool BW 3.5 to BI 7.0.
- Estimating the impact of the upgrading of system from BW 3.5 to BI 7.0., scrutinized the existing roles and authorizations and migrate these to the new authorization concept
- Assigned the Analysis Authorizations access to users using the authorization object S RS AUTH . Worked with the Authorization checks by assigning Authorization groups to Programs ( RSCSAUTH ).
- Worked on assignment of Authorization Groups to Tables ( TDDAT, VD DATA ).
- Work with client to help setup testing processes used to test out roles.
- Set up central user Administration system ( CUA ).
- Installed the Central User Administration system to have a single point control over the client systems ( SCUA ). Created tables (using SE11 ) for Tcodes, Roles and users ( AGR USERS, AGR TEXTS, AGR TCODES).
- Worked on BEx Analyzer using transaction RRMX and restricting the users to see the queries using S RS COMP and S RS COMP1 . Worked on giving custom BI authorizations S RFC, S RS AUTH, S RS COMP, and S RS COMP1.
Confidential, Bloomington, MN
Sap security administrator.
Environment: SAP R/3 ECC 6.0/4.7C, GRC, BI/ BW.
Responsibilities:
- Experience on the four-tier SAP landscape system ( DEV, ACC, QAS, PROD ).
- Execution of printer administration and Spool administration like display spool request, spool controller SPAD.
- Developed ALE environment for the purpose of Central User Administration (CUA).
- Performing User maintenance and routine daily Log audit of the Central User Administration (CUA) system with the help of SCUL.
- New roles are being created, based on concepts of task roles and position roles for ECC 6.0 systems: FI, CO, HR, MM, PP, and SD modules. For a new business process to be in par with the SOX compliance, created new roles as needed.
- The Upgrade of ECC version from 4.7c to ECC 6.0 was accomplished.
- Expertise in SAP Security and Authorizations which includes User Management, User Administration, Monitoring, User Tracing ( ST01 ).
- Implemented access control on security related tables ( AGR, USR and Custom Tables ) and sensitive authorization objects ( S TABU DIS, S TABU NAM, S PROGRAM, etc.) .
- GRC development: planning, design and implementing strategy; collaborated SAP Business Process Owners to ensure business process design is in line with business security needs to maintain integrity of SAP modules through internal controls and monitoring.
- Responsible for full lifecycle, from designing, unit testing, integration testing, user mapping, go-live and post production support. Performed role level Remediation and User level Remediation with the help of Internal Control team for Role level Remediation and User level Remediation. Supported Basis team in user master export and import, lock mass user during systems maintenance.
- Used GRC system's Compliance Calibrator tool to produce user-friendly summary and drill down reports, which makes the identification and resolution of SODs and audit issues an easy process.
- Troubleshot SAP system and provided daily monitoring and administration support.
Confidential, Miami, FL
SAP Basis/Security Consultant
Environment: ECC 5.0, GRC v5.3 BW 3.5, BI 7.0, Enterprise Portal 7.0, SRM.
Responsibilities:
- Performed every detail of SAP Security Administration work - in collaboration with business, technical and functional consultants for SAP successful implementation.
- Security requirements, SAP security design, developing a role ( PFCG ), Customizing authorizations ( SU24, SU21 ), system validation ( SU10 ), User Administration ( SU01 ), Testing, Transports ( CUA ) and troubleshoot ( SU53 ).
- Designed, Developed and maintained Single roles, Composite roles, Master and derived roles for SAP Modules HR/HCM, ESS/MSS, FICO, SD, MM, WM, PP,BI 7.0,BW 3.5
- Used SAP Security transactions - PFCG, SU01, SU10, SU24, SU21, PFUD, SUPC, SUIM, SU53, SU56, ST01, SE54, STMS, SCC1, SE09/SE10, RZ10, SM18, SM19, SM20,SE16, SM30... etc. Used Enterprise Portal 7.0, User Management Engine (UME ) Administration for setting up portal users & user groups, Assigned roles/user group to the users, Lock/Unlock. User Mapping in Portal Systems.
- Troubleshoot user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error.
- Worked with Basis team for the installation of the GRC Access Control 5.3 and configured the CUP to integrate and automate the access with R/3 system.
- Assisted Basis and configured the SUP component for streamlining the firefighter ID access.
Confidential
SAP SECURITY ADMINISTARTION AND BASIS SUPPORT
Environment: SAP ECC 6.0, SAP BI 7.0, CUA,), eCATT, ARS Remedy
Responsibilities:
- Extensive knowledge on troubleshooting security related problems using SU53, ST01, SM19, SM20 and ST22.
- Created and maintained user master records using SU01 and SU10. Creating Mass roles and users using SECATT and LSMW scripts.
- Worked with the business managers in defining access requirements for end users, maintain role design methodology and worked with Functional team members to set up end user roles. Created custom Authorization Classes and Authorization Objects (SU21).
- Worked on SAP check indicator defaults and field values using transactions SU24 and maintained user authorizations using PFUD. Transported Profiles to Test environment.
- Locked and ensured that the SAP standard Super users (SAP* and DDIC) were set-up as system or background users with passwords changed. Secured Info Area, Info Cube, Info Object, ODS, PSA, Query and Work Books by maintaining hierarchy authorizations.
- Activated the existing (OTCAACTVT, OTCAIPROV and OTCAVALID) and new info objects 0TCA* and 0TCT* and made them “authorization relevant”.
- Used VIRSA tool to detect conflicts on Segregation of Duties as part of the SOX compliance.
Confidential
SAP Security Administrator
Environment: R/3 4.6C, BW3.5.
Responsibilities:
- Role creation and maintenance with keeping in mind sap security guidelines. ( PFCG ).
- Log requests from users in a professional manner ( SU01, SU10 ).
- Maintain authorizations, determining and assigning which authorizations are required for them by analyzing authorization failure check (SU53, SU56).
- Recommended a matrix with role definitions that relate to the company functional roles and responsibilities. Identified fixes for production issues related to security and tested them in DEV and QA for transport to PROD environments.
- Customized the Z transactions according to firm’s functionalities and carefully documented the authorization objects and their respective field values as per the security rules. Creating and updating the roles of various SAP modules (SD, MM, PP and WM) based on Basis team requirements and suggestions.