SUMMARY:

• Eleven plus years of SAP Security experience across several major industries; Utility, Retail, Manufacturing, Logistics, Department of Defense
• Multiple implementations and upgrades
• ECC modules (FI, HR, SD, MM, etc)
• Business Suites (CRM, SEM, APO, BW/BI, Business Objects XI/PI, Portal, CE)
• HR Structural Authorization Design/Implementation (ESS/MSS)
• HR - ORG/Position Based Security
• Formal SAP training
• Eight plus years of SAP SOX Compliance experience across several major industries; Utility, Retail, Manufacturing, Logistics
• Multiple implementations and upgrades
• Virsa 2.0 up to current GRC10 (including GRC 5.3 Access Control)
• GRC 10 Access Control Suite: Access Risk Analysis, Business Role Management, Emergency Access Management, Access Request Management
• Formal SAP training
• Five years of Identity Management experience within the retail, pharmaceutical, and logistics industries
• Multiple implementations and upgrades
• Defined home-grown solutions using LDAP protocols, SAP and SAP HR
• SAP IdM 7.0 implementation with upgrade to SAP IdM 7.1 (Netweaver)
• SAP IdM 7.0 and 7.1 integration with GRC 5.3 Access Control Suite
• SAP IdM 7.2 integration with GRC 10 Access Control Suite
• Formal SAP training

EXPERIENCE IN DETAIL:

Confidential, West Palm Beach, Florida

Senior GRC/Security Identity Management Consultant

Responsibilities:

• Defined and maintained project plan to support the installation of GRC10, SAP IdM, and SAP SSO in a 3-tiered dual support landscape
• Performed all installation steps required to implement GRC10
• Software installation
• BC set activation
• Performed required configuration steps in support of Access Controls using SPRO
• Configured/customized MSMP workflows (leveraged BRF+)
• Customized delivered email notifications
• Migrated delivered SOD Rule set to customer name space (custom rule set)
• Performed required installation steps within IdM landscape
• Integrated IdM with Active Directory
• Developed custom JScripts to generated UserNames based on global naming standard
• Configured 7.2 VDS as required for GRC10 integration
• Lead discussions on new features/functions/options provided in the new GRC release (Blueprinting phase)
• Lead discussions around Master Data views in order to provide the correct views for varying groups/areas (Work Centers, Rules, Reports, etc)
• Lead training sessions on new features/functions for end user community
• Developed test and training scripts
• Provided post go-live support as required
• Provided knowledge transfer for Security, GRC, and Audit teams
• Configured SAP Netweaver SSO (with Kerberos) for SAPGUI, SAP Portal, and SAP NWBC using the Secure Logon Client
• Defined enterprise-wide deployment strategy for SSO

Confidential, Columbus, Ohio

Senior GRC/Security Identity Management Consultant

Responsibilities:

• Defined project plan to support the installation of GRC 10 in a 3-tiered dual support landscape
• Migrated appropriate configuration from GRC 5.3 release to GRC 10 release using the migration tool
• Performed all installation and upgrade steps required to implement GRC 10
• Performed required configuration steps in support of AC using SPRO
• Performed required installation steps within IdM landscape within the development environment
• Performed upgrade/migration from IdM 7.1 to IdM 7.2 within the Pre-Production environment
• Configured 7.2 VDS as required for GRC10 integration
• Lead discussions on new features/functions/options provided in the new GRC release (Blueprinting phase)
• Lead discussions around Master Data views in order to provide the correct views for varying groups/areas (Work Centers, Rules, Reports, etc)
• Lead training sessions on new features/functions for end user community
• Developed test and training scripts
• Provided post go-live support as required
• Provided knowledge transfer for Security, GRC, and Audit teams

Confidential, Philadelphia, Pennsylvania

Senior GRC/Security/Identity Management Consultant

Responsibilities:

• Defined project plan to support the installation of GRC 10 in a 3-tiered dual support landscape
• Migrated appropriate configuration from GRC 5.3 release to GRC 10 release using the migration tool
• Performed all installation and upgrade steps required to implement GRC 10
• Performed required configuration steps in support of AC using SPRO
• Lead discussions on new features/functions/options provided in the new GRC release (Blueprinting phase)
• Lead discussions around Master Data views in order to provide the correct views for varying groups/areas (Work Centers, Rules, Reports, etc)
• Lead training sessions on new features/functions for end user community
• Developed test and training scripts
• Provided post go-live support as required
• Provided knowledge transfer for Security, GRC, and Audit teams

Confidential, Chicago, Illinois

Senior BW/BI Portal Administrator

Responsibilities:

• Configured Knowledge Management (KM) in support of News/Announcements and BW content
• Utilized XML Builder to define xml forms for capturing user inputs
• Activated Webgui service to support Transaction based iViews
• Extended webgui configuration to align with business requirements
• Defined PCD structure to support query and web application publications
• Defined iViews, Worksets, Pages, and Roles as required
• Configured system landscape
• Defined SSO between Enterprise Portal and BW
• Defined UME user group and role matrix
• Lead all testing of defined configuration
• Migrated/transported defined portal objects through the landscape

Confidential, Philadelphia, Pennsylvania

Senior SAP IDM/GRC Consultant

Responsibilities:

• Reviewed blueprint design document for IdM solution for completeness and accuracy
• Briefed stakeholders on IdM functionality and GRC integration points
• Configured Virtual Directory Server (VDS) to integrate with Oracle Identity Management
• Extended VDS to support OIM integration
• Configured Virtual Directory Server (VDS) to integrate with GRC 5.3 Compliant User Provisioning
• Imported and configured the SAP and GRC Frameworks
• Assisted with validation of SAP’s latest version of the GRC Provisioning Framework
• Configured integration between Compliant User Provisioning with Risk Analysis and Remediation to facilitate the segregation of duty checks for user authorization requests originating within IDM
• Defined required business roles (and technical roles) for proof of concept
• Configured Secure Network Communication (SNC) in support of productive password provisioning
• Defined provisioning architecture for CRM integration
• POC for IdM/CRM integration

Confidential, San Diego, California

Senior SAP GRC Security Consultant

Responsibilities:

• Lead/Managed the installation, configuration, and final deployment of the four major components of the GRC Access Control Suite (Compliant User Provisioning - CUP Access Enforcer, Risk Analysis and Remediation - RAR Compliance Calibrator, Super-user Privilege Management Fire fighter, and Enterprise Role Management ERM Role Expert ), in a Windows environment
• Used SAP best-practices for implementation
• SAP Landscape consisted of ECC 6.0 Enhancement PK4, Solution Manager 4.0 CRM, SRM, Portal 7.0 and BI 7.0 systems
• Configured user provisioning into SAP Portal
• Completed configuration task on all components
• Lead configuration workshops
• Three-tiered landscape approach (Development, Quality Assurance, Production)
• Cross-trained client employees on all components
• Submitted SAP customer messages for product errors
• Installed GRC Launch Pad
• Deployed within Enterprise Portal for Single Sign On (SSO)
• All steps completed for post installation configuration
• Defined/Configured workflows for requests
• (Initiators, Custom Approver Determinators, Stages, Paths, Escape Routes, Detours, etc.)
• Configured Risk/Mitigation integration with RAR
• URL/URI Definitions
• Defined required connectors for backend and external (LDAP) systems
• SAP ABAP/Java, Portal (Including field mapping), ADS LDAP (Including field mapping)
• Configured Password Self Service functionality
• HR Driven and Challenge questions
• Auto-provisioning for R/3-ECC and BW-BI systems
• System specific auto provisioning
• All steps completed for post installation configuration
• Rule upload and generation
• Leverage internal/external audit requirements to define custom rule set
• Current SOD guidelines amended to delivered rule set
• Critical Alert Definition
• Particular risk violations and Mitigation review failures
• Scheduled background jobs for user/role risk analysis
• Performance tuning for optimal system/database utilization
• All steps completed for post installation configuration
• URL/URI Definitions
• Configured Risk Analysis integration with RAR
• Configured CUP Request Submission
• Aligned methodology with current role definition process
• Defined role attributes
• Organization Value definitions
• Using delivered templates
• Mass role imports
• Using delivered templates
• All steps completed for post installation configuration
• Defined SAP ABAP AS connectors
• Worked with business to (re)define firefighter ABAP security roles
• Defined role-based firefighter functionality
• Integration with CUP
• Defined Reason Codes for Fire fighter use

Confidential, Dublin, Ohio

Senior SAP Security Consultant Lead

Responsibilities:

• ECC 6.0, Enterprise Portal 6.0, Business Intelligence 7.0, Solution Manager 4.0, GRC/Virsa 5.2, Exchange Infrastructure/Process Integration Netweaver 2004s, Transportation Management System, Supply Chain Management, Netweaver Identity Management 7.0, Netweaver Business Client
• Responsible for defining SAP Security Enterprise Design across all above mentioned systems
• Lead security team with two direct reports
• Served as the Security Subject Matter Expert
• Supported Technical teams across all above mentioned systems throughout the implementation phases
• Defined Security Blue Print Document
• Defined Security Project Plan (using MS Project) by ASAP phases
• Defined security team daily activities/tasks
• Trained client resources on Security best practices
• Lead security requirements meeting with functional and technical teams
• Created required SAP Security End User roles
• Lead and defined all Security testing phases (Unit, Integration, and User Acceptance) across all applicable systems
• Define Cut-Over/Go-Live and Post Go-Live tasks and processes
• Provided complete documentation for all areas of Security (role design, GRC, IDM configuration etc)
• Installed and configured all GRC Components for Access Controls Module
• (details of these responsibilities have been outlined in below sections as this process is very similar each time it is executed)
• Installed and configured Netweaver Identity Management 7.0 (IdM) in a windows environment (MS SQL db)
• Upgrade to Netweaver Identity Management 7.1 SP3
• Lead design meetings with business to define requirements
• Developed architecture design diagrams to support IdM implementation
• Configured integration of Idm with Active Directory, SAP Enterprise Portal, and several ABAP-based systems (ECC, BI, TMS, etc)
• Developed necessary workflows and web pages in support of required IdM functionality
• Developed necessary scripts (js & vb)
• Developed IdM Business Roles to support cross-system access and provisioning
• Configured several different provisioning/de-provisioning scenarios
• Configured Self-Service functions to allow user self registration, password resets, and employee information update
• Configured IdM integration with GRC’s Access Enforcer

Confidential, Portland, Oregon

Senior SAP Security Consultant

Responsibilities:

• Configured four major components of the GRC Access Control suite (Access Enforcer, Compliance Calibrator, Fire fighter, and Role Expert)
• Used SAP best-practices for implementation
• SAP Landscape consisted of R/3 and BW systems
• Completed configuration task on all components
• Lead configuration workshops with client
• Installed suite in four separate systems
• Trained client on all components
• Held product demonstrations for project stakeholders
• Used insight from Internal Audit to configure GRC
• Post installation configuration
• Defined/Configured workflows for requests
• Configured Risk/Mitigation interaction with Compliance Calibrator
• Defined required connectors for backend and external (LDAP) systems
• Configured Password Self Service functionality
• Auto-provisioning for R/3 and BW systems
• Post installation configuration
• Installed “home-grown” Segregation of Duty Rule Set in addition to delivered rule set
• Scheduled background jobs for user/role risk analysis
• Post installation configuration
• Defined role attributes
• Mass role imports
• Configured interaction with Access Enforcer
• Post installation configuration
• Defined Reason Codes for Fire fighter use

Confidential, Hudson, Ohio

Senior SAP Security Consultant Lead

Responsibilities:

• Review current security role design to assure protection of HR data
• Train FTE on SAP Security best practices
• Defined implementation task for Position-based security
• Participated in Identity Management Solution design discussions
• Defined HR Org Structure distribution from ECC to BI
• Configured and tested HR Org Structure distribution from ECC to BI to facilitate IdM Solution and indirect role assignment
• Participated in Structured Authorization design discussions; utilizing MSS
• Drafted multiple Security awareness documents for Leadership community

Confidential, Sandpoint, Idaho

Senior SAP Security Consultant Lead

Responsibilities:

• ECC 6.0, Enterprise Portal 6.0, Business Intelligence 7.0, Solution Manager 4.0, Virsa 5.1, Exchange Infrastructure/Process Integration Netweaver 2004s
• Security team of three individuals with two direct reports
• SAP Security design using structural authorizations (HR-ORG)
• Utilized position-based role design
• Configured/Implemented CUA landscape (multi-network)
• Authored Security Blueprint Design Document
• Defined Unit and Integration Project/Test Plans
• Established Security Project Plan for remaining phases (Realization, Final Prep, and Cut-over), also Post Go-Live support
• Configured user, login, and password system parameters
• Defined ECATT scripts as needed; User Creation, Role-to-Position assignments, mass password resets, etc
• Defined Quick Test Professional (Mercury) scripts for Windows-based applications integration with SAP
• Role documentation
• Change request influence for SAP security using Remedy
• Support Basis, Developers, and Configuration teams during project phases
• Facilitated Unit testing and Integration testing for end user roles
• Support Basis, Developers, and Configuration teams during project phases (Defined Project/IT Security roles for project phases; Configuration access etc)
• Knowledge transfer for full time client employees
• Configured SSO in SAP systems
• Configured UME for connectivity to backend systems
• Deployed business packages for ESS/MSS
• Defined SAP Portal access in support of ESS and MSS
• Deployed Virsa Compliance Calibrator within Portal
• Compliance Calibrator, Firefighter, Role Expert, and Risk Terminator
• Imported Packages via SPAM
• Activated Virsa BC Sets
• Front-end/Web configuration (Netweaver) Compliance Calibrator
• Multiple system configuration (DEV QA PRD)
• Defined JCo destinations for Compliance Calibrator
• Defined background jobs and rule sync
• Facilitated SOD functional workshops to setup Compliance Calibrator risks and rules
• Worked with Internal Audit on gap analysis of delivered rules
• Defined SOD compliant roles
• Held “Lunch-n-Learns” to demonstrate the functionality/benefit of Virsa’s Application Suite
• Held training classes on Virsa functionality
• Helped define SAP Production Support strategy to leverage Firefighter
• Created “add-on” documentation for Virsa Compliance Calibrator installation and configuration
• Facilitated functional workshops for role requirement definitions
• Defined end user roles for above systems
• Defined project specific roles to support Sol Man
• Established connections for SAP support
• Defined security roles for custom developed interfaces
• Defined security roles for project members in both ABAP and Java systems
• Executed security testing for all developed security roles (unit and integration testing)
• Defined custom queries (i.e. HCM Salary and FI Cost Center Hierarchy)
• Established queries via the Web-analyzer as well as BEX
• SAP Security representative for solution
• Integration of LDAP with SAP
• LDAP/CUA Configuration and SSO
• 3rd party tool, Optimal, integration with SAP through MIIS Server

Confidential, Chester, Virginia

SAP Security/ System Integrator

Responsibilities:

• Security clearance: Confidential (Document)
• Design SAP Security infrastructure for United States Department of the Army
• Subject Matter Expert within Security arena
• Utilize new SAP Module: Defense Forces Public Security (DFPS) position-based security strategy
• Configured HR personnel positions
• Defined end user roles to be attached to HR position
• Worked with HR team to develop HR roles/process
• Utilized auth objects to construct complex HR schema
• Defined background jobs to automate personnel movements
• Defined Security Project Plan
• Defined and implemented Security system parameters (i.e. password exception table)
• Setup/configured Central User Administration
• Defined technical/configuration roles
• Defined end user role
• Facilitated Unit testing followed by Integration testing for end user and technical team roles
• Enterprise Portal 6.0 Administrator
• Defined Single Sign On (SSO) Solution
• Defined Portal end user roles
• Designed Security iViews
• Technologies include: Enterprise 4.7, ECC5, ramp up partner for ECC6, BW 3.5, Enterprise Portal 5.0 and 6.0, Netweaver 2004(s), Mobile Engine 1.0, Exchange Infrastructure, Solution Manager 4.0, ARIS
• Modules: HR, FICO, MM, PM, DIST, DFPS

Confidential, Bartlesville, Oklahoma

SAP 4.6C Security Consultant/SOX Consultant

Responsibilities:

• Performed Security start up activities to support this project
• Held kick-off meeting with functional team leads/consultants
• Defined Security Redesign project plan
• Reviewed/Modified current security procedures and processes
• Implemented SAP’s Reverse Business Engineering (RBE) tool
• Used user transaction history for baseline of role redesign
• Defined Unit Test strategy as well as User Acceptance Test strategy
• Defined new SAP Security role strategy
• Modules: FICO, MM, PM, SD