CAREER SUMMARY:

• SAP Security/GRC Architect with 20 years of experience developing and implementing highly complex SAP Security designs across various r egulated industries including Aerospace and Defense, Pharmaceutical, Chemical Manufacturing, and the Railroad, for domestic and international global implementation projects.
• My motivation and drive are in helping companies establish flexible, enterprise SAP Security controls that comply with regulatory requirements and enable the business to grow and succeed.

PROFESSIONAL EXPERIENCE:

Confidential, South Bend, IN

Vice President and Chief Information Security Officer

Responsibilities:

• Establishing IT control procedures and risk management initiatives at a regionally managed $7B Confidential in Northern Indiana / Southern Michigan for a highly - complex multi-platform IT environment.
• Providing oversight of Information Security governance program leveraging Confidential 800(53) framework. Authoring Information Security policy and program material for Board of Directors review and approval.
• Maturing corporate roadmap for risk management, Cyber, and Information Security initiatives as co-chair of the Information Security Committee, a sub-committee to the Board of Directors, to achieve business operational and compliance objectives.
• Producing Information Security Program content for quarterly Board of Directors meeting. Crafting and communicating the GRC roadmap and vision.
• Establishing IT RCM, PoAM, Risk Register, regulatory compliance catalogue with cross-walk against numerous industry regulatory control frameworks (e.g., FTC, SEC, FFIEC, PCI, SOX, HIPAA, SEC, and GLBA).
• Conducting compliance gap analysis on vendor-managed systems, performing review of IT vendor service contract and vendor SOC reports.
• Implementing RSA Archer tool to automate GRC processes. Serving as IT liaison for Fed (Federal Reserve Confidential ), PCI, and Internal Audit exams. Overseeing enterprise Information Security Awareness Program.

Confidential, Chicago, IL

Consulting IT Manager

Responsibilities:

• Providing oversight and project management of client IT risk assessments, Cybersecurity assessments, and IT SOX audits.
• Managing as many as 5 department IT staff and senior resources across multiple client audit engagements and providing feedback on performance.
• Coordinating and leading collaborative sessions and presentations with client and other audit entities or regulatory agencies.
• Outlining risks associated with IT processes while designing and implementing compliant security, disaster recovery, operations and change management controls for clients.
• Managing client portfolio budgets, resources and delivery against contracts for monthly Partner review and invoicing.
• Developing and editing client proposals and contracts for services and participating in client sales meetings.
• Establishing new ERP security audit services in alignment with corporate goals and the RIAC practice playbook.

Confidential, Fort Worth, TX

Senior Manager, SAP Security and Controls

Responsibilities:

• Reduced 100% technical reliance on contractors by fully staffing an experienced and motivated SAP Security team in under 2 years, closed a technical knowledge gap and eliminated a high Security risk for Confidential executive leadership.
• Managed team of 25 with offshore and onsite resources, and budget of $1.5M.
• Established vision and strategic objectives for the SAP Security and Controls department in alignment with CIO 2020 SAP Roadmap and IT initiatives.
• Served as technical lead for GRC Process and Access Control 10.1/NW740 implementation.
• Served as technical lead for SAP HANA S4 upgrade from SAP ECC 6.0 preserving security role structure, architecture, and controls.
• Served as technical security lead in configuration and business-case testing for the implementation of FIORI’s Simple Procurement and Simple Logistics FIORI portal apps.
• Provided recommendations for hardening SAP Security for application, OS, database. Defined SAP Security control self-audit procedures using COBIT and SOX frameworks.
• Delivered a new set of SAP Key SOX audit control measures for major business process areas such as Accounts Payable, Accounting, Financial Reporting, Corporate Procurement, Vendor and Material Master Data, Confidential and Treasury Systems, Inventory Management, and IT, reducing overall SAP audit deficiencies by 90% in under 2 years and achieving an ‘Effective Controls’ rating by the external audit agency in 2014, a first in the history of the Confidential SAP SOX program.

Confidential, Tucson, AZ

SAP Security Manager

Responsibilities:

• Managed SAP Security team of 10 architects and administrators providing project management, configuration, testing, change control, audit, and production support SAP Security activities for Confidential enterprise operations.
• Redesigned key manual SAP Security processes resulting in ¼ Confidential labor hours/year cost savings for Confidential and increased productivity.
• Utilized industry expertise and knowledge to lead the Confidential Competency Center SAP Security Upgrade from 4.7x to ECC 6.0.
• Identified and escalated an ECC 6.0 technical core system issue resulting in SAP repackaging and releasing a new version of ECC 6.0 EhP 4.
• Trained SAP Security personnel in ECC 6.0 SAP Security tools.
• Implemented the SAP Security architecture for all foreign and domestic Confidential business units.
• Organized and deployed multiple SAP Security implementation projects simultaneously ensuring all projects were delivered on time for Confidential .
• Conveyed SAP Security resource needs and technical requirements to executive leadership on all Confidential Competency Center project implementations and deployments ensuring more precise IT funding requests.

Confidential, Indianapolis, IN

Global Security Architect

Responsibilities:

• Expert level proficiency with all SAP Security, controls and monitoring tools such as PFCG, SE93, SU24, SU25, SUIM, SU53, and SU01 through more than 30 unique and separate implementations globally.
• Gathered LOB security requirements, translated business transactions and requirements into functional and technical specifications.
• Obtained Global Director sign-off for all technical design features ahead of schedule for each major implementation cycle.
• Developed SAP Security training material and led training sessions for each foreign affiliate SAP Security Steward to support and maintain the production SAP Security requests while keeping the design intact post go-live.
• Worked with internal compliance and audit teams to capture SOD requirements and constructed all SAP roles without inherent SOD issues through use of the VIRSA tool, and ensured all roles complied with SOX, OSHA, and cGMP regulatory requirements.
• Reduced p ost go-live maintenance costs be solving complex security design issues with workflow and configuration instead of additional customization in SAP modules such as APO 4.0/5.0, IM, QM, WM, AOP, EHS, MM, MO, IM, WM, PM, and PP.
• Managed multiple implementation projects simultaneously, created test accounts and assisted with automated and manual positive and negative unit, integration, and UAT testing using Mercury Test Director and SAP CATT tool.
• Developed SOP, SOD, SOX, and Change Management control matrix with cross-walk of regulatory controls for compliance purposes.
• Provided global SME guidance for domestic and offshore SCM Security team.
• Provided SME knowledge as core-team member of Confidential Six-Sigma black-belt project resulting in business operational savings of over 185k per year.
• Served as Team Lead and trained others in SAP Security principals.

Confidential, Cleveland, OH

Senior IT Auditor

Responsibilities:

• Developed IT audit strategies and IT audit programs for assessing company compliance stance with government regulatory requirements for GLBA and Sarbanes-Oxley through IT controls’ testing and IT risk assessment validation.
• Developed work plans and project approaches necessary in analyzing multi-platform systems and provided detailed reports on the vulnerabilities to the client.
• Performed analytical steps aimed at validating manual and systemic controls of the client’s IT operations.
• Provided industry best-practice recommendations necessary for regulatory compliance.

Confidential, Cleveland, OH

Senior SAP HR Information Systems Specialist

Responsibilities:

• Managed SAP system security configuration for the HR, MSS/ESS, BW-HR and TE modules.
• Developed and administered HR ABAP Query system for various business units.
• Recommended web-based information system solutions to optimize business productivity in various business units.
• Managed multiple projects simultaneously, affecting federal regulatory compliance of the company.

Confidential, Nashville, TN

Information Security Analyst

Responsibilities:

• Configured and managed the internal Confidential SAP security architecture.
• Monitored SAP environment for threats of unauthorized attempts to access SAP, unauthorized critical SAP transactions, critical business data, and vital dialog processes.
• Performed security analysis of SAP, external applications, and web-based applications for any security risks.
• Authored SAP Security policies and performed self-audit reviews for all SAP Security control processes to ensure compliance with regulatory and corporate Information Security standards.
• Supported multiple new SAP module implementations by analyzing business problems and providing SAP Security configuration solutions.

Confidential, Nashville, TN

Senior Consultant

Responsibilities:

• Utilized PwC risk-based methodology in determining and quantifying risk factors and security threats to SAP systems and IT business processes.
• Performed SAP Security role redesign and implemented SAP Security designs for clients such as:
• Authored SAP Security Audit Matrix, which became a standard practice aid, SAP Security business process controls work plans and practice aids used by the Operational and Systems Risk Management Practice to effectively and efficiently identify security control risks and compliance gaps for SAP Security.
• Produced executive dashboards for all final client engagement meetings.
• Consistently exceeded expectations by managing client projects independently, remaining over 100% chargeable to client engagements, delivering projects on-time, and creating SAP security control audit work plans unique to each client’s infrastructure and regulatory compliance needs.
• Generated detailed work papers according to PCAOB and COBIT standards that incorporated information flow diagrams, security system risk heat maps, and IT process control gaps.