SUMMARY:

• Having 10 years of experience in implementing SAP Security including full life cycle and Role Re - design project apart from Maintenance/Support projects
• Ten years of IT industry and SAP experience encompassing a wide range of Roles and industry verticals.
• Experience in leading and managing teams. Handled multiple Projects - Team Lead, Module Lead, Application Architect.
• Executed SAP Security projects for Telecom, Retail, Energy and Chemical industries.
• Extensively having experience with analysis, design, development, customizations and implementation of ERP applications such as ECC 5.0, ECC 6.0, SAP SRM, SAP BI, SAP SCM, SAP CRM,SAP GRC(Virsa) and Approva one(BizRights)
• Proficient in troubleshooting and handling user issues by using SU53, tracing (ST01) and user information system (SUIM), locking and unlocking users, Executing SOX reports in Excel sheets and monitoring users having access to some specific controls.
• Created customized Transaction codes and menus.
• Hands on experience with HR Security (Indirect assignment - Structural Authorizations Concept), BI 7.0 Analysis Authorization concept and Business Objects Security concept.
• Developed and documented security policies and procedures, user maintenance, activity group/role maintenance using profile generator.
• Experience in working with CUA, Identity Manager, and STMS etc.
• Hands on experience in supporting internal and external SAP Security Audits.
• Having experience in SAP Security project planning, implementation, configuration, testing and support of GRC Tools such as SAP GRC Access Control Suite 5.3/10.0/10.1 and BizRights/Approva one.
• Having Administration experience on applications like CLM,IDEAS, ARIBA, Onesource etc.
• Having experience in SOX Internal Controls and their usage with SAP Security.
• Proficient in analyzing and translating business requirements to technical requirements and architecture.
• Good communication skills, interpersonal skills, self-motivated, quick learner, team player.

TECHNICAL SKILLS:

ERP: SAP R/3 4.6C, 4.7 EE, ECC 6.0, BI 7(BI Cont.7.03), EP 7.0,CRM 4.0/5.0/7.0, XI/PI 6.0,SCM 7.0,SRM 5.0,Virsa, GRC 5.3, 10/10.1

RDBMS: Oracle8.x/9.x/10g, MS SQL Server 2000/2005.

OS: Linux,Sun Solaris 10,AIX 5.x,HP-UX 11i, Windows 2003 Advance server

WORK EXPERIENCE:

Confidential, TX

SAP Security/GRC

Environment: SAP ECC 6.0 EHP 6.0, EP 7.1 ESS/MSS, BI 7.3, SRM 7.0, SCM 7.0, SAP GRC 10/10.1, Sol Mgr 7.1, CLM 7.0, IDEAS, ARIBA, Onesource

Responsibilities:

• Designed new roles in the Role re-design project for creation of enabler roles for Profit center, Company Code, Sales Organization, Division, Plant and Organization Unit.
• Developed new Roles and redesigned the existing roles according to SOX Compliance .
• Restricted table access by creating Custom authorization groups.
• Creating derived and composite roles based on business Requirement
• Responsible for all Security - related incidents and good experience with monitoring.
• Documentation of all the procedures and involved in end user .
• GRC upgrade experience with GRC RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP GRC.
• Experience in creating and assigning Fire Fighter ID’s and extracting Fire Fighter logs.
• Provide daily EP security production support such as ID requests, access requirements and troubleshooting problems. Defined and maintained authorizations and roles.
• Upgraded GRC 10 to GRC 10.1(Access Risk Analysis and Emergency Access Management)
• Configured, implemented and automated monitoring tools as part of GRC.
• Designed and implemented the Audit Controls
• Performed Daily & Quarterly SoD conflicts review.
• User Administration and Password Management (Expiry of users and Profiles).
• Analyze Root Cause of Authorization Problems and fix the missing authorizations, User support, resolve end user problems on day-to-day basis.
• Maintain User administration and System administration for Portal systems.
• Worked with Functional Analysts to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts.
• Used SU24 and maintained check indicators for Transaction codes.
• Supported Internal and External Security audits in the production systems.
• Worked closely with the Audit Team for User-role conflict removal in SAP.
• SAP User Access Management and Auditing for Sarbanes-Oxley Compliance requirements and remediation/Mitigation of security roles for SOD conflicts.
• Assisted Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls.

Confidential, CA

SAP Security/GRC

Environment: SAP ECC 6.0, BI 7.3, SRM 7.0, SAP GRC 10.1, Sol Mgr 7.1,SAP PI 7.3

Responsibilities:

• Implemented GRC 10.1 in partnership with SAP
• Configured MSMP Settings and BRF
• Designed Catalogs roles for non-sap applications in GRC
• Assigning the Catalogs to the Approver/Task groups.
• Verifying the Workflow for the Catalogs(roles) as per the MSMP settings.
• Generation of operations report using GRAC*/GRFN* tables.
• Documentation of all the procedures and involved in end user .
• Having experience in creating roles and setting up of ids in SAP HANA Studio.
• Provide daily EP security production support such as ID requests, access requirements and troubleshooting problems. Defined and maintained authorizations and roles.
• Assigned user roles to user ids, setup security for the developers according to business requirements.
• Fixing end user Roles based on Change Requests crated for breaks/fixes.
• User Administration and Password Management (Expiry of users and Profiles).
• Analyze Root Cause of Authorization Problems and fix the missing authorizations, User support, resolve end user problems on day-to-day basis.
• Maintain User administration and System administration for Portal systems.
• Work with Functional specialists to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts
• HR structural Authorizations knowledge

Confidential, Fortworth, TX

SAP Security/GRC

Environment: SAP ECC 6.0, Net weaver 2004s, EP 7.4, PI 7.4, BI 7.4, SRM 7.1, SAP GRC 10

Responsibilities:

• Implemented Business Objects XI 3.1 and 4.0(Web Intelligence, Xcelsius, Data Federator, Business Explorer, Crystal reports, Live Office, Advanced Analysis) Security for SAP in ECC, CRM and BI and Non-SAP data source systems.
• Designed and developed roles for SAP HANA Studio
• Having experience in SAP Portal Content Administration, User Administration and System Administration.
• Setting up of control documentation in SAP GRC repository application.
• Designed and Developed HCM Security structural authorizations and assigned roles to their jobs and positions.
• Created OSSID’s for Analysts and Developer keys for ABAP developers and Objects in the SAP Service Market place and opened service connections for SAP to debug.
• Developed and documented security policies and procedures.
• Designed and developed new BI roles and BOE groups .
• Created new access levels and Security for Folders, Connections, Universe and Applications in Business objects 4.0
• Enabled SM20n logs for SAP Systems.
• Created and executed ECatt Scripts in SAP.
• Created Query’s in SQ01 for SAP BI System for AGR AGRS, AGR 1251 and RSECVAL tables.
• Designed, Developed and Implemented BW Security and created roles based on Info area and restricted data by Profit Center, Cost Center, Company Code, Sales Org,Market and Plant
• Designed, Developed and Implemented Business Objects Security and Integrated with BW and Windows Active Directory to enable Single sign on.
• Utilized Windows AD Groups to enable folder level security in BOE.
• Created Security for Folders, Connections, Universe and Applications in BOE
• Created Aliases to authenticate users using windows AD, Enterprise and SAP authentications
• Designed, Developed and Implemented Business Objects Data Services Security .Created
• Access levels and User Groups for Architect, Developer, Support, Security and Basis based on the requirement.
• Designed, Developed single, master, derived and Composite roles for SCM and APO Systems and migrated from Dev to QA and Prod Systems

Confidential

SAP Security/GRC

Environment: ECC 6.0, SRM 4.0, BW 3.5, SCM/APO 4.1, SAP GRC 5.3

Responsibilities:

• Designed and Implemented new Roles for Middle East as part of U2K2 Expansion
• Conducted comprehensive analysis of existing Security environment and Identified Security issues, recommended and implemented solutions to problems.
• Experience with Structural and Non-structural Authorizations.
• Provided SAP Security Planning, testing, and support for E.C.C 6.0.
• Created users, roles and assigned required privileges for the database access.
• Performed transports and mass transports of roles.
• Used PFCG for creation, modifying roles, composite roles, global roles, derived roles.
• Troubleshoot security/authorization related problems using SU53, ST01, RSSM (for BW) and SUIM.
• Used several transactions (SU10, SU53, SU24, SUIM, SE93 etc.) and administered Huge user base.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Created Transaction codes for the programs and ran the transactions.
• Created users and maintained user master and established security policies and procedures.
• Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
• Performed transports and mass transports of roles and Used CATT scripts for mass users and assigning roles.
• Assisted in Sarbanes Oxley Compliance - SAP System Audit and documentation of Significant Processes and controls.
• Continuously improved security configuration to reflect best practices and to prepare for system audits.
• Performed Risk Analysis at user level and Role level and to mitigate risk for the users using risk analysis and Remediation tool (RAR).

Confidential

SAP Security

Environment: SAP R3 4.7 Ext set 1, BW 3.0, CRM 4, IPC, SEM/AP and VRAT

Responsibilities:

• Troubleshoot day-to-day problems, Verification of ABAP Short Dumps and System logs.
• Managing Transport Management System (TMS).
• Provide on-call support on a rotational basis and as needed.
• Creation, modifying roles, composite roles, global roles, derived roles.
• Creating users and authorizations to the users.
• Traced user authorization errors.
• Secured roles by company code, plant, cost center etc
• Ran security reports for critical transactions and objects and for users who never logged on.
• Used several transactions (SU10, SU53, SU24, SUIM, SE93 etc.) and administered users
• Respond to requests and prepare SAP security reports based on management and department needs.
• Providing reports of daily, weekly & monthly security monitoring tasks adhering to SOX Audit guidelines
• Review critical & sensitive authorizations, implement improvements to meet audit requirements
• Knowledge of Audit information system.
• Experience with Bex analyzer, Info Objects, Info Sources, Info Packages, ODS, Info Cubes, work flows

Confidential, PA

SAP Security

Environment: SAP R3 4.6C, 4.7 Ext set 1, SAP BW 3.0 CRM 4, VIRSA 4.0

Responsibilities:

• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24.
• Performed transports and mass transports of roles.
• Established detail security plan, strategy and maintenance procedures Security, Profile Generator (PFCG) and related functions.
• Created users and maintained user master and established security policies and procedures.
• Used PFCG for creation, modifying roles, composite roles, global roles, derived roles.
• Created user locks and maintained user locks.
• Proficient in handling user issues and troubleshooting user issues.
• Traced user authorization errors.
• Used several transactions (SU10, SU53, SU24, SUIM, SE93 etc.) and administered users.
• Used Virsa tool extensively for handling SOD conflicts for each user.
• Created structural authorization profiles.
• Extensively used VIRSA/GRC access control suite to meet the SOX compliance.
• Worked with VIRSA systems VRAT tool in identifying conflicts single roles and composite roles.