EXECUTIVE SUMMARY:

• Over 11 yrs. of exp. In Information technology, this includes Software Development/SAP Security/GRC consulting
• Have Done one SAP S4 Hana Security and Fiori Project
• Over 8 years of work experience as SAP GRC / SAP Security Consultant. Implemented 4 complete life cycle of SAP GRC implementation project, 1 GRC 4.0 to 10.1 Migration and was involved in several SAP support & maintenance projects.
• Performed SAP Security related task such as Security Audits, SOX (Sarbanes Oxley) Compliance, User maintenance, Activity group/Role maintenance using profile generator (PFCG), Upgrade from various versions, Production support
• Provided Continuous control monitoring automated solutions for various customer on finance, NERC - CIP Regulation.
• Hands on experience on Greenlight RCM (Regulatory compliance Management) and Greenlight RESQ
• Implemented 4 end to end GRC Access control implementation. 2 GRC Access control 10.1 and 2 Access controls 10.0.
• Implemented 3 end to end implementation in GRC Process Control 10.1
• 2 implementation on SAP GRC Risk Management and customization(risk Aggregation/Heat Map)
• One end to end Migration from GRC Access control 4.0 to 10.0 for module Access Risk Analysis (ARA) and Emergency Access management(EAM)
• Good understanding on Fraud Management and attended Fraud Management workshop conducted by SAP .
• Provided SAP GRC expert services to Max attention and Enterprise customers for their smooth go-live.
• In depth exp. On GRC MSMP/BRF customization using custom development.
• GRC 10.0 Access/process control integration with external applications like Remedy/eDMRM/IBM Tivoli through custom development. s for Core Team and End User for multiple customers on SAP GRC
• Setup Role based security through (Profile Generator (PFCG)) for R/3 ECC 6.0/7.x, on various modules.
• Proficient in troubleshooting and handling user issues by using SU53,tracing(ST01) and user information system (SUIM),locking and unlocking users, running reports in Excel sheets and monitoring users having access to some specific controls.
• Designing Process Controls for SAP implementations
• Conducting process and financial audits in SAP environment, Testing of controls designed to achieve SOX compliance
• Extensively worked with strategy management related to SAP business processes, transactions, Segregation of Duties (SOD) within SAP implementations, VIRSA Risk Assessment Tool (VRAT) for Sarbanes-Oxley (SOX) compliance. Good understanding of SOD /Security Assessment / SAP Authorization / Roles and SOX
• Hands on Experience on HPALM/HPQC for test plan/test labs.

TECHNICAL SKILLS:

Primary Skills: SAP Security, SAP GRC, GRC 4.0 to 10

Secondary Skills: SAP GRC Access Control, Process Control, Risk Management, IDM- GRC Integration

ERP Packages: SAP -4.6c, ECC-4.7, ECC-5.0, ECC-6.0, SAP - SCM 7.0

Operating Systems: Microsoft Windows (all), DOS, Database Oracle9i

ERP Applications: SAP-Production Planning, Advance Planner & Optimizer (APO)

Platform/Technologies: ABAP, JAVA, SAP R/3

Data Bases: Oracle 8.0, SQL server, DB2

SAP Systems: ECC 6.0, SAP Net weaver 7.02, 7.40

SAP Objects : User Exits, Badi, Data dictionary, Lock objects, Modularization, ABAP WebDynpro, Debugging Job scheduling, BAPI, RFC, ABAP SAP Technical Skills SAP WebDynpro ABAP, FPM, ABAP OOPS, Enterprise Portal.

SAP Functional: SAP GRC Access Control 5.3/10.0/10.1 , GRC Process control 10.0/10.1Risk Management 10.0/10.1, SAP Security, Role Design, SOX.

Operating Systems: Windows 2000/NT, XP, Red Hat Linux

Languages: ABAP, Java objects, File handling

EXECUTIVE EXPERIENCE:

Confidential

SAP Security and Controls Client Lead

Responsibilities:

• SAP Security Requirement Gathering, Blue print document preparation
• SAP GRC Access control Requirement Creation and provide it to Vendor
• SAP Security and GRC design review and validation
• SAP S4 Hana Security design, role matrix and implementation
• SAP Hana studio Security implementation
• SAP Fiori Security implementation
• Developing ITGC controls for IT and security including User Access Management, System Management and change controls
• Coordination with Compliance, Internal and external Audit
• SOD rule book review with business owner, including S4 hand and Fiori

Confidential

SAP GRC Lead

Responsibilities:

• Requirement Gathering, Blue print document preparation
• Interaction with various Confidential SOX business team and NERC-CIP regulation.
• Implementation and support for Risk Management and Risk aggregation/heat Map. Custom fields
• BW reporting for Access control and process control
• Designing of Business rules, Data source to Design and configure Automated rules(Continuous control monitoring) for e.g. NERC-CIP Revocation using BEX query, Criminal report(Same user should not do park and post for the same document type) using ABAP query, Configuration.
• Automated rule designing through BRF+ and through custom program development.
• Configuring/maintain master data like Organization/Process/sub-process and its entity role assignment, Assessments(Test control effectiveness, Sign-off), Multiple regulatory compliance
• Integration of Process control with eDMRM, Greenlight RCM(Regulatory compliance management system)
• Process control Security design, Workflow configuration (Reminders and escalation)
• Performed post installation activities
• Master data configuration like Organization/Process/Sub process/control/Regulation/Roles etc.
• Implementing SOX/NERC-CIP control and automated control using SAP Query and BEX query
• Confidential Security admin activity like role design, implementing roles and authorization for on boarding and off boarding process, user/role provisioning, security issue troubleshooting
• Maintain Confidential ECMS tool for compliance and integrating it with GRC Process controls
• Implementing position based request through SAP GRC, HR trigger, Qualification checks
• ARQ implementation for SAP as well as non-SAP system using Greenlight RTDS.
• Custom rule book design, BRF+ Configuration.
• Supporting ECC security, CRM security, BI security roles and maintain them based on position.
• Create and maintain test cases/test labs in HPQC
• Working on Greenlight RESQ and Greenlight RCM

Confidential

Lead Consultant

Responsibilities:

• Requirement Gathering, Blue print document preparation
• Performed post installation activities.
• Master data configuration like Organization/Process/Subprocess/control/Regulation/Roles etc.
• Implanted 5 Automated controls as part of POC and Confidential bought license on looking at POC
• Preparing functional and Technical Specification document for custom requirements.
• Discussion with Business users to finalize the PC master/transactional data to be monitored.

Confidential

Lead Consultant

Responsibilities:

• Requirement Gathering, Blue print document preparation
• Performed post installation activities.
• Master data configuration like Organization/Process/Subprocess/control/Regulation/Roles etc.
• Implemented second level authorization in GRC process control 10.1
• Preparing functional and Technical Specification document for custom requirements.
• Identify various disclosures/surveys/policies at Confidential and configured them. Assessment/sign-off/replacement feature also implemented.

Confidential

Lead Consultant

Responsibilities:

• Create Project Plan for GRC AC 10.0
• Highlighting the GRC AC features to the Core team
• Analysis of customer requirements and providing workable solutions in GRC AC
• Final Business Blueprint of the TO BE process in the GRC Access Controls scenario for all the four components CUP, ERM, RAR & SPM
• Post installation activities for GRC
• Custom Development - Mass Request creation through csv file
• ARQ workflow Configuration using custom development so Standard workflow and custom workflow work together by following different paths
• Presentations on best practices GRC access control
• SAP note implementation and Performing manual steps as suggested by Notes - if applicable
• PGLS Support

Environment: GRC Access Control 10.0(ARA, BRM, SPM, ARQ), SAP Net weaver 7.02, 7.40, ABAP OOPS, ABAP Webdynpro, Oil & GAS

Confidential

Lead Consultant

Responsibilities:

• Creating Project Plan and get sign-off
• Conducted complete GRC AC suit /workshops before start of the project for various participants from IT, business, and audit and compliance team including for the core team.
• Analysis of Customer’s ‘As Is’ process and designing ‘To Be’ workable solutions in GRC AC for e.g. Approval workflow, Mitigation Process, Fire Fighting activities, Role creation/Modification process etc.
• Implementing Remediation view in ARA and Simplified Access Request in ARM
• Defining System specific Mitigation control
• Preparation of Blue Print document based on the Business needs providing detailed To Be process.
• SOD Rule book discussion with Confidential and created custom rule book as well based on customer feedback
• Post-installation activities, Implementation, Testing and transporting Objects from GRC Dev to GRC Production
• Role Level/ User Level Risk analysis and based on that given role designing recommendation
• User/Role remediation based on SOD/SOX violations. Worked with customer’s internal audit team for user/role conflicts removal in SAP ECC.
• Determined critical activities during Customer discussion and configure them in GRC Emergency Access Management (EAM).
• Preparing Manuals/ end user manuals/ configuration documents for Access control
• Worked closely with the internal Audit team, Basis, Finance team
• Performed Sarbanes Oxley 404
• Identification of Key Controls, Risk SOD issues
• PGLS Support

Environment: GRC Access Control 10.0(ARA, BRM, SPM/EAM, CUP/ARQ), SAP Net weaver 7.02, 7.40, ABAP OOPS, ABAP Webdynpro, ECC, Security Audit, SOD Review and User Review

Confidential

Lead Consultant

Responsibilities:

• Confidential has its own developed provisioning tool (ZICE ARMS) in ABAP to assign roles to user in ECC which was not considering SOD/SOX violations during approval process, logs were maintained.
• Did Custom development to integrated ZICE ARMS with ARA to facilitate ZICE ARMS to view violation at each stage of approval which enables Approver to become more responsible.
• Custom development to create parallel request in ARQ while a request created in ZICE ARMS, send violation report to ZICE ARMS, Customization of the report based on Confidential requirement. Removal of false positive cases in SOD/SOX violation report for e.g. if there is no risk at Permission level then it should not show action level risk also.
• Custom Development at ZICE ARMS to maintain audit logs
• Custom development to send an email notification to ZICE ARMS approvers. Custom Initiator/Agent development.
• Conducted four days of dedicated for GRC Access Controls, covering all the four sub-modules including configuration to the core team.
• End user across locations for using various functionalities of GRC AC
• To deliver the GRC Access Controls solution for the new ECC 7.40 Server
• Post installation activities for GRC
• Ensuring product functionalities are operating as desired and based on requirement
• Provide post go-live support

Environment: GRC Access Control 10.1(ARA, BRM, SPM/EAM, CUP/ARQ), SAP Net weaver 7.02, 7.40, ABAP OOPS, ABAP Webdynpro, ECC, Security Audit, SOD Review and User Review, Oil& GAS

Confidential

Lead Consultant

Responsibilities:

• Walk through Confidential ’s 5.3 system and identifying master data, workflow which needs to be taken care in GRC AC 10.1
• Sharing pre-installation, security guide, sizing recommendation guides with Basis and help them into downloading GRCFND A package in GRC box
• Also guided them to download and install GRCPINW and GRCPIERP component in GRC plug-in system i.e. ECC. Portal component GRCPOR installation and portal role designing for GRC.
• First installed GRC Access control 10.0 on 731.Migrated master data and workflow configuration for ARA,BRM,EAM
• Performed intensive testing with Confidential core to team to make sure Migration is done successfully.
• Upgraded NetWeaver and GRC upgrade from 10.0 to 10.1.
• Performed post-installation activities for AC 10.0 and 10.1
• Importing ECC roles to GRC system configured various synch jobs to pull data into GRC system.
• Standard SOD rule book review with Confidential Business process owners and finalizing the rules which needs to be configured including custom rules. Handling Z transactions also into rule book.
• User/Role level risk analysis having SOD violation and share the results with corresponding Business process for e.g. FI risk with finance team or MM risks MM team etc.
• Initiated User/Role remediation for few samples and guided Confidential core team how they can perform this activity in long run.
• Conducted complete GRC AC 10.1 suit before start of the project for various participants from IT, business, and audit and compliance team including for the core team.
• End user across locations for using various functionalities of GRC AC
• Preparing Business Blue Print (BBP) document based on requirements considering workable solutions in GRC
• Ensuring product functionalities are operating as desired and based on Confidential requirements
• Provide post go-live support

Environment: GRC Access Control 10.1(ARA, BRM, SPM/EAM, CUP/ARQ), SAP Net weaver 7.02, 7.40, ABAP OOPS, ABAP Webdynpro, ECC, Security Audit, SOD Review and User Review, Oil& GAS

Confidential

Lead Consultant

Responsibilities:

• Initiated GRC Process control 3.0 system backup and identified master data which needs to be taken care in new system
• Upgraded GRC 3.0 system which includes Netweaver upgrade 731 and then to 740. GRCFND A upgrade from 3.0 to 10.0 and then 10.0 to 10.1
• Performed Post upgrade activities from 3.0 to 10.0 and then 10.0 to 10.1
• Performed post installation activities.
• Master data configuration like Organization/Process/Subprocess/control/Regulation/Roles etc.
• Implemented second level authorization in GRC process control 10.1
• Configured 10 standard automated control using configuration sub-scenario like credit check.
• Preparing functional and Technical Specification document for custom requirements.
• Developed 3 custom automated control for Continuous Control monitoring (CCM) using sub-scenario Programmed. Workflow configuration for CCM and designing remediation plan.
• Identify various disclosures/surveys/policies at Confidential and configured them. Assessment/sign-off/replacement feature also implemented.
• Planner activity was automated - custom program developed which allows a user to upload an excel file having data in predefined format and plan would be created in PC automatically.
• Position based user determination - Custom program developed to identify which user are transferred from the list of process owner/sub-process owner, and replacement happens automatically. So Manual reassignment is not required.
• Custom Development - To find list of process owners/sub-process owner/control owner based on Organization
• Conducted complete GRC PC 10.1 suit before start of the project for various participants from IT, business, and audit and compliance team including the core team.
• End user across locations for using various functionalities of GRC PC 10.1
• Preparing Business Blue Print (BBP) document based on requirements considering workable solutions in GRC
• Ensuring product functionalities are operating as desired and based on Confidential requirements
• Provide post go-live support

Environment: GRC Process control 3.0/10.0/10.1 , SAP Net weaver 7.02, 7.40, ABAP OOPS, ABAP Webdynpro, ECC, Security Audit, SOD Review and User Review, Oil& GAS, Planner Automation, Automatic assignment of users to roles when transfer happens in organization

Confidential

Lead Consultant

Responsibilities:

• Performed SU24/SU25 activities
• Role Designing activity
• Segregation of Roles based on Business process like FI/MM/SD etc. and sharing list with the business
• Identifying roles which has t-codes being obsolete by SAP and should be modified according to new t-code suggested by SAP
• Identifying roles where Tcodes are maintained manually instead of adding them through expert mode. Sharing that with the business.
• Identifying Z tcode created by Confidential but not maintained in customer tables like USOBT C and USOBX C
• Creating custom t-code using SU20/SU21
• Custom development - As Confidential has directly added tcode manually, so whenever user tries to modify role using expert mode, roles get corrupted so to prevent that custom program developed.
• Recommending best practices to design a role
• Role Modification to remove SOD/SOX violations from them.
• Identification active/inactive roles, T-code without any t-code, roles with no authorization or roles which are not assigned to any user.

Environment: ECC 7.40, Role Designing, SOD Review

Confidential

Lead Consultant

Responsibilities:

• Conducted complete GRC AC suit /workshops before start of the project for various participants from IT, business, and audit and compliance team including for the core team.
• Analysis of Customer’s ‘As Is’ process and designing ‘To Be’ workable solutions in GRC AC for e.g. Approval workflow, Mitigation Process, Fire Fighting activities, Role creation/Modification process etc.
• SOD Rule book discussion with Confidential and created custom rule book as well based on customer feedback
• Post-installation activities, Implementation, Testing and transporting Objects from GRC Dev to GRC Production
• Role Level/ User Level Risk analysis and based on that given role designing recommendation
• User/Role remediation based on SOD/SOX violations. Worked with customer’s internal audit team for user/role conflicts removal in SAP ECC.
• MSMP Workflow configuration, BRF Plus Configuration
• Emergency access management implementation for performing critical activities in ECC module wise
• Custom Development - Multiple time email reminder to user if role assignment needs to be extended
• Custom Development - ARQ role search screen, search criteria customized so only field related to business can be used for search criteria
• Custom development to determine Manager Information based on customer business logic
• Access request form customization, ARM Approver request customization
• Preparing Manuals/ end user manuals/ configuration documents for Access control
• Performed SU24/SU25 activities
• Role Designing activity using BRM
• Resolving issues in PGLS phase

Environment: GRC Access Control 10.0 implementation (ARA, BRM, SPM/EAM, ARQ/CUP),ABAP oops, ABAP WebDynpro

Confidential

Lead Consultant

Responsibilities:

• SAP GRC Process controls 10.0 installations with the help of basis team.
• Process control Post-installation configuration, Workflow configuration, BC sets activation
• SICF service activation
• Determination Org structure to be defined in the Process control
• Master data identification and configuration in GRC process control system - Organization/Business Process/ Business Sub- Process/Control
• Configuration/Implementation of Surveys/Policy/Ad-hoc issues
• Standard control activation - Continuous control Monitoring(CCM)
• Creating Process control test data and integration testing
• Resolving customer reported issues related to Process control

Environment: GRC Process control, ABAP, ABAP Dictionary, ABAP OOPS, ABAP WebDynpro

Confidential

Lead Developer/Tester

Responsibilities:

• SAP GRC Access control 10.1 User Acceptance Testing (UAT).
• Creating test scripts for Testing
• Functional testing of various featured introduced in 10.1
• Simplified Access Request configuration and testing
• Configuring Remediation view configuration/testing in ARA
• Advanced Role search criteria testing
• Integration Access control and Process control for the risk defined in PC and mitigate them in AC
• Reported and resolved issue raised during UAT phase

Environment: GRC Access control 10.1, ABAP, ABAP Dictionary, ABAP OOPS, ABAP Webdynpro

Confidential

Lead Consultant

Responsibilities:

• MSMP custom initiator and Agent Development to meet Confidential requirement.
• Confidential wanted to determine different approvals based on the requestors position/Band in the organization
• Solution designing for workflow
• MSMP Configuration and activation, Detour, Escape path configuration
• Approver stage level setting, Notification settings, Custom Email notification for various approval in GRC access control Done
• Auto Provisioning Setting, CUA Configuration, Service level agreement configured
• Password Self Service, User Access Review(UAR) and Segregation of Duties Review(SOD Review) implemented
• NWBC Launchpad customization based on customer requirement
• SAP Delivered GRC Role customization and documenting role/responsibility Matrix
• Coding and testing the custom initiator and custom Agent
• Blue print document preparation
• End user manual preparation
• PGLS Support

Environment: GRC Access control, ABAP, ABAP Dictionary, ABAP OOPS, ABAP WebDynpro, OIL & GAS

Confidential

Lead Developer

Responsibilities:

• Coding/Development based on Agile/ Scrum Methodology
• Coding, peer to peer testing and Solution design
• Preparation of Software Requirement Specifications (SRS) and Functional Requirement Specifications (FRS).
• LDAP integration with GRC ARM for user search and provisioning - Coding
• Coding to perform Synch with LDAP, retrieving user details from the LDAP based on search data source or detail data source
• Design solution for Password self service
• Coding Password Self Service - Question based and HR object based
• Screen Design and development for User Registration - Password Self Service
• DDIC designing for password selfservice and LDAP
• Coding - Email Notification feature for ARM
• Notes preparation and releasing notes to customers
• Worked on ABAP OOPS, Webdynpro for ABAP,LDAP and FPM

Environment: ABAP OOPS, WebDynpro for ABAP, LDAP, ABAP Dictionary, SAP GRC

Confidential

Lead Developer

Responsibilities:

• Coding/Design and Development based on Agile/ Scrum Methodology
• Involved in development of Enterprise role Management Module(ERM)
• Preparing requirement and Functional specification documents
• Preparing project plan to meet timelines
• Solution design document and Database design structure preparation
• Development of Derive role functionality and it’s methodology
• Peer to peer testing
• Technical coordination with local technical developers and product/solution validation
• Monitor tasks and progress of technical developers
• Provide status report to Project manager
• Attending team meetings and sprint planning meetings
• Demo to testing team/ Product owner

Environment: Webdynpro for Java, SAP Net weaver UME, Java

Confidential

Lead Developer

Responsibilities:

• Coding/Design, Development and support maintenance of GRC Access control 5.3 modules Involved in development of Enterprise role Management Module(ERM), Compliance Calibrator(CC)
• Preparing requirement and Functional specification documents
• Identify and finalize Enhancement which needs to be address during support pack
• Finalizing Support pack deliverables
• Fixing customer raised issues through CSS
• Demo to testing team/ Product owner

Environment: GRC Access control 5.3 Support, consulting, issue solving using ABAP/JAVA

Confidential

Principle Software Engineer

Responsibilities:

• Responsible to carry out SAP GRC AC 5.3 implementation at client locations.
• SAP GRC Access control 4.0,5.x, 10.0 and 10.1 Design, Development and support to customers
• Developing the SAP GRC, SOX practice of the company by doing presentations to prospective clients, preparing collaterals, case study etc.
• Highly experiences in delivering access control consulting to companies.
• Delivered SOX consulting, Clause 49 projects for I.T. companies
• Worked on JAVA/JSP/SERVLETS/Java Script/Webdynpro for Java/JCO/ABAP/ABAP OOPS/Webdynpro for ABAP/DDIC/FPM/Netweaver 6.0/7.x
• Software Engineer, SunGard, Pune ( ) Working on the design, development and testing on the product called Aceva Collection Management system.
• Integration with SAP backend system using JCO Connecters and picking up the data.
• Defining various kind of risk into the system while collecting money from the partners or customers
• Fixing customer reported issues through development/coding

Environment: GRC Access control 5.3 Support, consulting, issue solving using ABAP/JAVA

Confidential

Software Engineer

Responsibilities:

• Working on PLM domain product named as E-Matrix.
• Customization in E-Matrix product based on LG requirement.
• BOM Generation in E-Matrix.
• Design, development and coding in E-Matrix
• Preparation of Design documents and data structure
• Worked on JAVA/JSP/SERVLET/Java Script etc.

Environment: Core Java, JSP, Servlets, Tomcat