SUMMARY:

• Senior SAP Security and GRC consultant with 6+ years of experience in SAP Security and over 3 years experience in GRC Access Control components
• Completed 2 full life cycle implementation of SAP Security projects from planning to post implementation phase
• Handson experience in designing authorization roles for SAP ECC, SAP HR, SAP SRM, SAP CRM Enterprise portal systems
• Successfully implemented SAP Fiori Security for end - user mobile application interfacing with ECC
• Worked as Security Administrator with Strong expertise in using Profile Generator (PFCG) for creation and maintain of Roles/ Activity group as required and expertise in Security Administration activities such creating User accounts, Passwords resets, locking and unlocking users
• Experience in creating mass users and roles using LSMW, E-catt and GUI scripting
• Extensive experience in analyzing and processing SOD issues using GRC 10.0/10.1 Access tools such ARA, ARM, BRM AND EAM
• Excellent understanding of Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI) controls, policies and procedures
• Successfully configured SAP GRC Access Control 10.0/10.1 components
• Hands on experience in Rule set customizations, Configuring mitigation Controllers, Approvers, Monitors in ARA
• Experience in implementing best practice method for usage for security controls for SAP GRC Access controls
• Comprehensive knowledge in ITIL best practices coupled with excellent communication skills
• Experience in documenting monthly audit reports, audit logs, policies and procedures
• Worked using Quality Center and applied security best practices for requirement management, test planning, defect reporting and ensuring quality standards
• Enthusiastic and eager to take responsibility and initiative in any given task
• Self-motivated in handling the work assigned to adhere to SLA deliverable and deadlines
• Worked in both team and individual environments and always eager to learn new technologies and implement them in challenging environments

PROFESSIONAL EXPERIENCE:

Confidential - Gilbert, AZ

Senior SAP Security and GRC Consultant

Responsibilities:

• Host workshop with business process owners/module owners, security, internal audit and SME’s to gather requirements (As-IS > To-Be).
• Elicited security info such as Naming convention, Derived role iterations, SOD i.e. number of Orgs, Field specific actions to create Functional design document (FDD), Create the Technical design document (TDD).
• Create Single, Derived, Composite roles in Dev and Quality landscapes using PFCG or Fiori.
• Perform user administration and provisioning using S4 HANA.
• Participate in the planning phase and security implementation in DEV, SIT and QTY landscapes with client taking ownership of PROD.
• Design, author and implement security related standard procedures for the user administration, roles and profile generation.
• Secure the approvals for the FDD and TDD documents from designated stakeholders to avoid project creep.
• Work with the Business Process Owners to restrict sensitive transactions and security authorizations, and ensured segregation of duties across business areas.
• Migrate roles from Dev environment to Quality environment using Transport request.
• Perform troubleshooting on issues using SU56, SU53, SU24,SUIM,ST01,SE16N.
• Updated FDD and TDD based on the changes at the end issue resolution.
• Implement GRC AC 10.1 from start to finish ranging from defining custom sod rulesets, functions and risks in ARA and linking it to ARM and BRM for access request SOD analysis to implementing EAM for end user emergency Access.
• Responsible for remediation and mitigation of any risk or violations arising from SOD analysis.
• Secure SOD Rulesets, Functions and other critical transactions by Configuring MSMP approvals/ notifications using GRC Access Control.
• Set up GRC EAM approval process so controllers can monitor user requesting EAM access.
• Perform daily monitoring of scheduled jobs related to security and compliance activities and associated system administration task.
• Prepare all applicable deliverables such as requirement document, setup/configuration documents and weekly status reports.
• Perform post production support by troubleshooting and resolving user issues.
• Train and educate clients staff members on best practice methodology to harden their systems and minimize any future attacks.

Confidential - Atlanta, GA

GRC/SAP Security Administrator

• Supported in SAP 10.0 GRC implementation including Access control configuration
• Configured Access Risk Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business role Management( BRM)
• Performed functionality test for Access Risk Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business role Management( BRM)
• Enabled SOD Risk Analysis for users, roles and profile
• Created security roadmaps for client security program development and improvement
• Leveraged mitigation control functionality for mitigation of SOD violation at user and role level
• Assigned privileged user with Firefighter role upon approval
• Ensured workflow are configured to meet the specific business
• Integrated the data sources to GRC 10.0
• Followed SOX AUDIT COMPLIANCE GUIDELINES set by company for Quality Assurance, analyzing and resolving the user problems and dispatching the request to Next level revolver groups for resolution.
• Involved in all aspects of SAP Security from setting of naming conventions for roles, test ids and user groups to interact and work closely with various functional teams.
• Engaged with technical and business process owners to understand process steps, draft procedures, and drive toward a completed documentation that aligns with the IT Governance program of the company
• Performed Security Administration activities in SAP R/3 which includes User admin tasks and Role Admin tasks like (User Creation, modification, password resets, locking/unlocking, Maintaining, Deleting and transporting Roles Generating and maintaining authorizations profiles
• Analyzed and troubleshoot security issues using SU53, SU56, ST01, SUIM, USR*, AGR* Tables

Confidential - Atlanta, GA

SAP Security Consultant

• Implemented Role-based and User security administration, including design, testing and documentation.
• Analyzed security issues by using different scenario such as system trace, parameter change, buffer reset, and other troubleshooting Transaction codes to resolve arising issues
• Analyzed trace files and tracked missed authorizations for user's access issues and inserted missing authorizations manually
• Supported in the Transportation of newly created roles/ modified roles with STMS
• Performed User comparison in PFCG, mass user comparisons in PFUD, also by running a background job using PFCG TIME DEPENDENCY
• Supported during Go Live to troubleshoot issues arising using SU53, SU56, ST01, SUIM and table USR*, AGR*
• Designed position based security using structural authorization
• Performed Structural authorizations through PD profile and Indexing
• Analyzed structural authorization issues using PA20, PA30, PPOME, OOSP and OOSB
• Created Analysis authorizations in BI Security by using RSECADMIN.
• Designed roles in BI security and provided reports access to the users.
• Assigned query access to BI users using authorization objects S RS COMP, S RS COMP1, S RS AUTH, and S RFC
• Used Analysis tab of RSECADMIN extensively to simulate users running queries in BEX and used the Error logs to determine missing authorizations.
• Activated transaction code RSD1 to make info objects authorization relevant
• Supported in the transporting Analysis authorization from system to another system using Transport tab from RSECADMIN

TECHNICAL SKILLS

Tools: SAP GRC Access Controls 5.3 and 10.x Modules ARA, EAM, BRM, & ARM. ACL and MS Office (Word, Excel, PowerPoint, Outlook, Visio, Project)

Databases: MS SQL Server, MS Access, Oracle (9i, 10g & 11i)

Operating Systems: UNIX, MS Windows NT (2000 & 2003)

ERP Application: SAP R/3, ECC, S4 HANA, FIORI

Methodologies: AIM, SDLC, ASAP Methodology.

Regulatory/Standards: ISO 27002, FISMA, NIST, PCI-DSS, HIPPA, SOX, BASEL-II, GLBA

Frameworks: COBIT, ITGC, ITIL