SUMMARY:

• 10+ years of experience in SAP R/3 security, GRC Implementation and administration.
• Implemented preventative, mitigating and compensation controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy
• Extensive expertise in the areas of ECC/R/3 Security, CRM Security, SRM/EBP security, BW/BI 7.0 security, APO Security, upgrade activities and compliance issues.
• Used compliance calibrator to identify the business risks and worked with audit and business with the remediation process to meet the Sarbanes - Oxley section (SOX) 404 compliance.
• Worked with Audit in creating mitigation control and worked custom control review reports.
• Created Firefighter IDs for each business process areas and assigned necessary roles and profiles to carry out Fire Fighter Tasks
• Extensive Knowledge in SAP Portal, UME.
• Used ECATT and SCATT scripts for user master record changes
• Developed security strategy as per SOX compliance
• Analyzed SOD conflicts and worked with developers in correction methods.
• Worked on authorization security using custom T codes
• Expertise in managing user groups and table security
• Used SAP Profile Generator to create, generate and assign authorization profiles
• Created and maintained users using SU01 and SU10
• Designed and Assigned Derived roles, Composite roles and Single Roles using Profile Generator (PFCG) for FI, SD, MM, PP, PM,APO,SCM,BI, CRM modules
• Expert in user administration, end user support, transporting roles and computer aided test tools (CATT)
• Performed integration and Implementation of SSO in Enterprise Portal with R/3 4.6C, 4.7 5.0 and ECC6.0 EHP6, CRM, BI7.0
• Maintain User administration and System administration for Portal systems (UME).
• Worked on BW security
• Provided day to day security support and administration for all security modules
• Excellent problem solving, analytical, technical and trouble shooting skills, team player with good communication skills
• Designing/Implementing/managing SAP GRC Access Control 10.0 and 10.1 Access Risk Analysis (ARA), Emergency Access Management (EAM), Access Request Management (ARM) and Business Role Management (BRM)

TECHNICAL SKILLS:

• SAP ECC 7.0
• SAP R/3 4.7/4.6C/4.6A,B/5.0/6.0
• GRC 5.2/5.3/10.0/10.1
• SAP Enterprise Portal 7.0/6.0
• CRM
• SRM
• HCM
• BI 7.0, BW 3.5
• SAP IDM 7.0/7.1
• Portals
• PI, XI
• Approva Bizrights
• BPC

PROFESSIONAL EXPERIENCE:

Confidential, Houston, Texas

Senior SAP Security consultant

Responsibilities:

• End-to-end Planning and Execution of designing of the Business/Client IT roles (IT Team roles for all the modules including, Finance, Logistics, ABAP-Developer, BW, CHaRM Transport, BASIS, Security roles). Right from the requirement gathering to the post-delivery Hyper-care support with client interaction. Project Structure, Planning and Execution:
• Requirements Gathering: Requirements for the role creation for the various domains have been collected based on the functional modules. (Finance, Logistics, BW, ABAP- Developer, CHaRM Transport, BASIS, Security etc.)
• Transaction execution analysis: User transaction analysis approach has been done with a team of 3 members using GRC tool and SM20 within SAP system, for a particular duration.
• Role Designing: Interaction with the functional and understanding of the daily tasks that need to be performed. Identification of the critical tasks and restrictions for the same based on Activity values for the objects S TABU DIS, S DEVELOP, S BTCH NAM, S BTCH ADM, S USER ADM, S USER GRP, S USER AGR, S USER AUT, S USER PRO, etc.
• Identification of the tcodes accessing the critical objects using SU24, SU25, tables like USOBT, USOBX and restriction of the tcodes. Customized tcode identification and development of the Add-on role for the same specific to the system.
• Designing of the composite role structure (Add-on, Global, Slave, Temp) (tcode PFCG) and designing of the menu structure for single role based on the functional module of the tcode.
• Role Testing and Follow-up: Interaction with the module testers and the functional for understanding the function and the related role functionality and the access issues. (tcodes: ST01, SU53)
• Role Deployment: Deployment of all the roles on over 10 systems using Solution Manager (CHaRM) and communication to business and external users about their migration to the roles developed.
• Extensive Hyper-care: An extensive hyper-care for 4 weeks for the faster resolution of the Go-Live issues. Was single point of contact for client queries/issues/
• Working with GRC tool to check the IT SOD Role conflicts and correcting the conflicting role assignments

Confidential, Houston, Texas

Senior SAP Security co nsultant

Responsibilities:

• Created and uploaded custom rule set in RAR GRC 10.0
• Acted as a liaison between the SAP Security Team and other business teams to meet business needs while providing a secure and auditable SAP Environment
• Expertise in Composite roles, Derived roles
• Good understanding and experience in both Technical and Functional aspects of SAP Security
• Worked extensively on setting up role concepts based on SOD.
• Configured and supported Risk Analysis and Remediation (RAR), Compliant User Provisioning (CUP)/ Super User Privilege Management (SPM) Firefighter Administration in SAP GRC 5.3
• Worked closely with customer to update the rules in Compliance Calibrator for different modules in R/3 System based on SOX.
• Mitigating the risks for roles and users using RAR in SAP GRC 5.3.
• Proactive support and solving of authorization issues/tickets during different testing Phases
• Maintaining company approved audit standards for SAP Application security.
• Resolved BI security related issues using BI trace and analysis of Info Areas and Info Cubes.
• Worked extensively with RSECADMIN in SAP BI 7.0
• Modifying/ changing roles via Profile Generator (PFCG) as per business requirement to suit user needs.
• Reviewed and corrected sensitive authorizations for ECC, BI, XI/PI, SCM.
• Utilization of SU53, System traces and Debug utilities to Optimize authorization checks
• Work with business managers in changing SAP roles and ensuring appropriate work flow in GRC ARM
• Reviewed critical and sensitive authorizations, implementing improvements to meet audit requirements.
• Customized Rule creation for SOX audit tool SAP GRC ARA for action and permission level SOD violations in roles for various business processes and functions.
• Recommended and created mitigation controls in SAP GRC
• Configured Fire Fighter to capture audit logs and trigger alert
• SAP GRC SPM: Assign firefighter Id's to support users in order to resolve provisionally broad issue.
• Make use of Role Creation Role Change Request form in order create a new role or make changes to an existing role; Change Request Board approvals mandatory for transports. Simulate the role using GRC before moving the changes to quality environment.
• Worked with the SAP Security team and business process owners to identity Fire fighter ID (FFID) controllers, administrators and Owners and mapped these in SAP GRC SPM
• Identify the roles with new authorization objects added and for which there are changes transactions.
• Manually maintain authorization d Confidential for all these roles; maintain authorization values for new objects depending upon the transactions provided in the role.
• Created test user Id's in CUA and performed security testing positive and negative ; followed by user acceptance testing.
• Create/ Modify/ termination of user accounts.
• Modifying the existing user master records, roles and responsibility

GRC and SAP Security

Confidential, Atlanta, GA

Responsibilities:

• Leading CCR’s SAP Security development team from technical prospective. Following CCR’s SDLC policies for any projects for major release or off release.
• Responsible for delivering any assigned project from SAP security prospective for all phases of project life cycle in CCR which includes Requirement gathering, Design, Build, Testing and Deployment
• Also responsible for overall delivery and success of all projects from SAP Security when playing PM role for whole release.
• Playing role of PM/DM as SAP Security service provider for CCR’s any SAP Projects.
• Taken additional responsibility as approver for any SAP Security development work as support prospective and monitoring team’s support responsibilities.
• Subject Matter Expert for CCR’s SAP landscapes and providing useful SAP security solution and define process for the same.
• Managing external resources in the team for their time and appropriate utilization in projects and making sure they stay well in CAPAX budget.
• Over seeing SAP Security support team for defining any support process or update any existing process and any escalation for that. Attending weekly support meetings and approvals for SAP Security support team.
• Taken responsibility of putting together templates and process in place to improve team’s performance as well as to have effective communication with different functional team of projects
• Managed all security team activities from blueprint phase to post go-live support utilizing best practices
• Designed, developed, and implemented security strategy and processes for the SAP implementation project
• Developed security policies and operating procedures
• Executed security strategies and processes for user administration, role administration, background jobs, and emergency access
• Conducted security workshops with business process owners to capture the security requirements
• Defined security roles design concept in the blueprint and documented them in role matrices for each business area
• Mapped security roles to the business roles during workshops with business process owners
• Implemented single and derived security roles for the FI, CO, MM, WM, LE, SD, PP, HR modules
• Implemented support team roles and fire fighter access roles for production and non-production systems for ECC, BI, and PI/XI systems
• Documented critical access monitoring and audit strategy
• Analyzed audit report and worked with management to provide required documentation and clarification for critical access and security configuration reports
• Configured and maintained central user administration (CUA)
• Diligently updated the check indicators and authorization objects for the T-codes in SU24
• Developed custom authorization objects for plant based restriction
• Developed ad-hoc queries for security reporting
• Performed unit testing of all security roles before handing them over to the business process owners
• Coordinated with QA team and business process owners to in corporate security in the final cycle of the integration testing
• Documented in detail all the cutover tasks for the security team and executed them
• Consistently reported the security team status to the management
• Provided go-live, post go-live support, and 24/7 on-call support
• Assessed urgency of break-fix issues and requests
• Trained helpdesk team to capture information required for security issues and route the tickets to the appropriate teams
• Created security material, provided knowledge transfer, and mentored the security personnel and helpdesk team at client location
• Designed, developed, and maintained roles for HR / HCM (Organizational Management, Personnel Administration, Succession Planning, Compensation Management, Performance Management), BI / BW, ESS, MSS, and Portal
• Developed project team roles for HR and BI
• Created custom authorization objects and fields in ECC to secure custom programs.
• Created security Ad-Hoc Reports (SQVI, SQ01, SQ02, SQ03) for monitoring user maintenance and their HR organizational information
• Developed LSMW and ECATT scripts for mass user creation, password resets, role assignments to positions and users, and BI analysis authorization
• Enterprise portal UME administration for portal roles and groups (ABAP Roles) assignment.
• Created test scripts and unit tested to validate all the security roles and authorizations
• Assisted in the security processes for User Acceptance Testing
• Managed security authorizations test defects using Mercury Quality Center (MQC) tool
• Communicated with Off-Shore project teams to implement the security roles and resolve authorization issues during the testing phase
• Handled highest priority security issues during post go-live critical period
• Validated the complex security model and role assignments synchronization between the ECC and BI systems during post go-live critical period
• Configured and maintained Central User Administration (CUA) to handle user maintenance for non-production systems
• Reviewed the systems compliance for SAS 70 audit requirements
• Provided Knowledge Transfer and to off-shore and on-shore resources for the entire security design and maintenance process
• Provided Knowledge Transfer and to off-shore and on-shore resources for the entire security design and maintenance process
• Configured and administered Access control "SAP GRC"
• Implemented SOD conflicts administration strategies and remediation.
• Defined risks and rule sets in Access control
• Performed access control risk analysis
• Maintained configuration settings and connector setting in Access control
• Configured workflow access control
• Designed and implemented SAP GRC Process Control suite of programs,
• Performed various assessment techniques
• Configured Workflow, actions and rules
• Created connectors for custom Business rule sets
• Created RFC connection between SAP ECC system and SAP GRC
• Added SAP connections to SAP standard and custom connectors
• Used ABAP scripts to debug and trouble shoot the error in Access control and process controls
• Providing deep hands-on, while leading the team, to document, design, build, test, implement and deliver SAP security and GRC 10.1, using standard SAP security roles and authorization concepts, for the large global implementation of multiple SAP products
• Compared the Role based and ID based approaches for implementing GRC Firefighter and recommended the best approach
• Reviewed and analyzed the deficiencies in the existing security processes and recommended process improvements.
• Streamlined the User Access Request process by clearly defining the appropriate access for each functional team.
• Define User Roles and role Management Procedures (Role Owners, etc. )
• Did user analysis for all users and cleaned up users from SOD violation (60,000 users)
• Worked with Internal Audit in designing mitigating controls and assigned users.
• Setup SOD weekly batch job’s that for all parts of the business.
• Worked with Audit in providing SOD reports for SOX audit.
• Worked with BPO’s and Senior Management on mitigation/remediation of SOD conflicts.
• Assign Firefighter ID’s to owners and fire fighters.
• Role Analysis & Object level security to build Production security roles
• Created a Functional Spec for Security Automation program for Business approval
• Identified & Built Functional controls in each business process with the help of audit team
• Extensive user and role clean-up and remediation support for Sarbanes-Oxley Act (Section 404) using VIRSA / GRC (Compliance Calibrator / Risk Analysis and Remediation, Fire Fighter / Super user Privilege Management, Access Enforcer / Compliant users Provisioning),
• Developed GRC roles for different category of users
• Maintained GRC rule architect and implemented client specific rule-sets
• Analyzed client approval processes and set-up workflows in GRC Access Enforcer
• Broad experience in working with Auditors in keeping the SAP systems audit compliant
• SAP security Technical Auditing and Remediation experience in highly demanding complex environments
• Knowledge transfer to offshore team
• Created Ad-hoc reports in SAP for auditors when required
• Onsite contact for any emergency production issues
• Define Production support process
• SAPSUP IDS process for SAP
• Manage off shore team
• Submit weekly SLA status reports to client
• Trouble shoot production issued though SU53 and ST01
• Helping client for any development work when needed

SAP security consultant

Confidential, Seattle, WA

Responsibilities:

• SAP Security role design project according to SOX
• Designed deliverables and proposals that addressed client’s business requirements
• Engaged for CRM and HR module to re-design the technical Roles for BASIS/Security/ABAP teams and also involved in collection of base d Confidential to design structural authorization for HR Module as a part of first phase of this project
• Designed a dynamic methodology to re-design the roles without interrupting the legacy environment till GO-LIVE of this project .Design includes configuration of SAP Security system to help both business/technical customer requirements
• As per the methodology scheduled regular meetings with SAP Technical Users/Administrators about the current issues with AS-IS roles and getting the future requirements for TO-BE roles.
• Production Support tasks as User creation/termination/modification, pulled the Daily/Weekly/Monthly reports for SOX audit purpose and reviewed virsa violation using VRAT/VFAT tools on part time basis about 3 months without interrupting main tasks.
• Documented each and every process throughout the project of SAP Security/Technical and Audit reports.

SAP Security and ABAP consultant

Confidential, Milwaukee, WI

Responsibilities:

• ABAP Production support in SD and LE
• Code development, code review and performance enhancement activities
• Developed various reports in SD, MM and FI
• Extensive experience in ABAP dictionary, module pool programming, BDC, report programming, performance tuning, ALV grid, SAP query, ABAP Objects, RFC, BAPI, IDOCs, user Exits
• Management of user and authorization.
• New user group creation and new role group creation using PFCG.
• Analyzing SU53 screen shots.
• Assignment of Authorization Objects to Transactions using SU24.
• New custom authorization objects creation.
• Authorization group creation for securing critical tables and custom transactions/programs
• Trained team members on security, documenting the new security processes.
• Create SCAT scripts to make mass changes in the system
• Review critical and sensitive authorizations, implement improvements to meet audit requirements
• Experienced in coordination with Audit team for SAP Security Audit and generated Audit Information Systems logs as per Audit team requirement
• Creation of profiles, users, granting authorizations, monitoring batch jobs
• Set up of central user administration (CUA) in multi-system environment.
• Educated client personnel in R/3 Security and general basis knowledge