EXPERIENCE SUMMARY:

• IT Professional with 7+ Years of experience in SAP Security and GRC. SAP Spanning across Support and implementation projects.
• Have experience in Business process Mapping, Auditing and Post implementation support in SAP.
• Experience in SOX, Segregation of Duties (SOD) issues and Audit controls.
• Firefighter assignments in GRC and retrieving Firefighter audit logs.
• Configured user data source and defined authenticaton system for requestor using ARM.
• Experience in Troubleshooting issues in R/3 architecture.
• Hands on Experience on Identity Management Tools like Novell and Tivoli IDM.
• Experience in Database and server Monitoring system backup scheduling through monitroing transactions such as SM50, SM51, DB12, DB13.
• Supporting internal and external audit requests
• Experience in GRC 10.1, Access Control functions.
• Experience in ARM,ARA,BRM and EAM setup with activation of BC sets and confuguring parameters for each module in Access control.
• Knowledge on GRC Implementation ( complete lifecycle , from designing, unit testing, integration testing, user mapping, go - live and post production support).
• Experience in using ARM to configure workflow for user access review and user SOD review.
• Good client interfacing skills and strong communication skills.
• Working on mitigation controls(Create and Maintain) and remediation process.
• Support audit by providing AGR 1251, AGR 1252, AGR AGRS, AGR DEFINE, AGR USERS, T001, TDDAT, USR* tables, AGR AGRS, AGR USERS, AGR TCODES, AGR 1251, AGR 1252, AGR DEFINE Reports
• Extensively performed and monitored transaction codes SU01,SU56,ST01,SU03,SU21,SU24,PFCG,PFUD,SUPC,STMS,SE01,SE10,SM18,SM19,SM20,SM30,SE11,SE16,SE37,SE38/SA38,SE54,SE80 and SE97.
• Producing SOD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using ARA.
• Determining and report if any risks will be introduced by simulating the assigning of transactions, Roles, or Profiles to a User ID.
• Effectively analyzing trace files and tracked missing authorization for users by communicating with users.
• Trouble shooting all types of authorization failures based on SU53 and return codes of ST01 trace
• Support/Implementation/Upgrade/Roll out - experience.
• Configured workflow, actions and rules.
• Updating Rules and function modification
• GRC Configuration experience of EAM, ARA Components
• Role import to GRC Repository from back end system
• Experience in role redesign and implementation
• Working on daily remedy tickets and providing support to client for SAP Security issues.
• Preparing Weekly SOD Compliance report to the client/Quarterly SOX Audit reports
• Preparing Invalid Mitigations GRC report to the client.
• Preparing Quarterly SOX compliance audit reports and follow up with risk owners to retain/remove users from Mitigation.
• Ensuring that the team maintains consistency in daily support for remedy tickets
• Preparing and providing the client with appropriate AUDIT reports as and when they are requested.
• Preparing weekly Stale GRC report and take appropriate action and report to client.
• Provided for new joiners in the team with affective motivation.
• Worked on Role Creation and Deletion using PFCG
• Handle Customer/Client escalations and SPOC for handling escalations for APAC/EMEA/NA regions
• Scheduling and Monitoring the Background jobs daily and weekly.
• Daily ISC report to ensure check on the configuration roles which the user has in Production and development environment.
• Collaborate with SAP business IT, SOX and internal audit teams in an effort to analyze security risks and develop mitigating strategies.
• Support UAT and SIT During role implementation project
• Knowledge in configuring MSMP with complex workflow methodology.
• Knowledge in BRF plus to configure Initiator and Agent rule and using BRF plus and BRF plus (Line by Line).
• Knowledge in FFID configuration and log Synchronization.
• Experience in mass user comparisons (PFUD), enabling audit logs and retrieving audit logs.
• Addition, Removal of Transaction Codes, authorizations, authorization objects by modifying existing roles based upon change request.
• Scheduling daily Back Ground job(s) in SAP GRC system to provide a list of error GRC requests to act as an alert mechanism.
• Creation of new Mitigation controls for various regions, assigning an Owner/Approver for the control with various Monitor’s, after taking all relevant SOX approvals.
• Supporting issues pertaining to SAP FIORI related issues for end users. Ensuring that the Owners/Approvers have the relevant access on FIORI to perform Purchase Requisition Approvals over Mobile Fiori application.
• Knowledge in Structural authorizations and supported issues pertaining to assignment of PD Profiles on the SAP landscape using OOSP, PO10 and OOSB Tcodes.
• Assisting the development team on a yearly UAR (User Access review) process and ensure that the owners are aware of the users assigned to the roles owned respectively.
• Creating OSS IDS, S-user ids, developer keys, maintain credentials in secure area at SAP Market place.
• Experience in BI Security, SAP HR and FIORI platforms.
• Experience in BI/BW Security and used rsecadmin to perform authorization analysis.
• Experience on HR security, structural profiles, Organization Structures, ESS and MSS Modules.
• Worked on t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles.

SKILLS SUMMARY:

Domain: SAP ECC6.0 with Enhancement pack 7 and GRC 10/10.1 SAP Solution Manager 7.2, windows 10 and 7

Programming Languages: C, C++, SQL, Java

Operating System / ERP Version: SAP R/3 and ECC

Tools: / DB / Packages / Framework / ERP Components: Novell and TIVOLI IDM Remedy Ticketing Tool version 7 Hyena (Windows System Management Software) User Account Manager Active Directory

WORK EXPERIENCE:

Confidential

Technical Lead

Responsibilities:

• Coordinating and interacting with key business users, project stakeholders, technical team and functional consultants for gathering functional requirements and design of Security Architecture, naming conventions and processes in compliance with the Sarbanes-Oxley(SOX) 404 act and analyzed all business roles and mapped them to transaction code according to business process requirements.
• Preparing and providing the client with appropriate AUDIT reports.
• Designed, Developed and maintained Single roles, Composite roles, Master and Derived roles and Secured roles by Organizational levels such as Company Code, Plant, Cost Center, Profit center, Purchasing Organization etc. for different SAP Modules - SD, MM, WM, PP, HR/HCM, FICO.
• Working on change requests( role creation/role modification)
• Lead an Automation team for RPA/AWS project.
• SPOC for all AUDIT/UPGRADE/Rollout tasks.
• Organization values restriction on entity level
• Carried out weekly compliance activities
• Daily ISC Reports
• Weekly SOD Compliance report
• Weekly Termination/Transfer report (adjusting user’s access as appropriate)
• Weekly Pending GRC report
• Sensitive access report and alerting BASIS Team for locking sensitive ID’s used during upgrade/recycle/patching etc.
• Weekly Stale GRC report (Closing old GRC’s raised by users)

Technology & Tools: SAP ECC6 ECC EHP 6.0 and GRC 10.1.0 with Enhancement pack 7 and GRC 10/10.1

Confidential

Responsibilities:

• Worked on SAP R/3 Architecture.
• Restrict table level access and program level
• Troubleshoot user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error, resolving the issue by giving required authorizations (SUIM, SU53,ST01, RSECADMIN,RRMX) in different modulesRole creation/ Modification using profile generator including complex design restrictions.
• Worked on NWBC access control
• ECC/BI/HR/CRM Role Development and Data Migration
• Daily support request activities
• BRF plus and MSMP Configuration experience
• Regular Upgrade/ Roll out SPOC
• Part of SOX controls testing team (Mitigation Control Review) performing a Global assessment on a quarterly Basis

Technology & Tools: SAP ECC6 ECC EHP 6.0 and GRC 10.1.0 with Enhancement pack 7 and GRC 10/10.1

Confidential

Responsibilities:

• Handling User administration Tasks, Role development and Audit related issues.
• Worked on complete ARM tasks in NWBC
• Providing extended support to GRC Implementation task.
• Ensuring that the tickets are processed and resolved within the SLA time.

Technology & Tools: SAP ECC6 ECC EHP 6.0 and GRC 10.1.0 with Enhancement pack 7 and GRC 10/10.1

Confidential

Responsibilities:

• Worked on Role Creation and Deletion using PFCG
• Handle Customer/Client escalations and SPOC for handling escalations for APAC/EMEA/NA regions

Technology & Tools:SAP ECC6 ECC EHP 6.0 and GRC 10.1.0 with Enhancement pack 7 and GRC 10/10.1