AREAS OF EXPERTISE:

• SAP Security Architecture & Design
• SAP & IT Security Strategy & Planning
• SAP Security & Operations Management (ITIL, COSO, COBIT)
• SAP & IT Risk Assessment & Mitigation\Remediation (NIST, CIC, SOC 1 & 2 etc.)
• SAP Compliance Management (SOX, PII, PCI, GDPR, ISO 27002 etc.)
• SAP Security Administration and Controls
• IT Security Reviews (on - prem and cloud Systems, 3 rd -party vendors and tools, system integrations)
• IT Identity and Access Management
• IT Process Controls and Risk Management
• IT Security Monitoring and Incident Management
• IT Vulnerability and Threat Management
• Privilege Access Management (PAM)
• Policy and Patch Management
• Data Loss Prevention

TECHNICAL SKILLS

SAP Tools: SAP Fiori 2.0/3.0, SAP R/3 4.6 & 4.7, ECC 5.0, ERP 6.0 EHP7, S/4 HANA, BW 3.x, BI 7.x, SCM/APO 3.0/4.0/7.0, SEM 3.5, Enterprise Portal 6.0/7.0, SAP CRM 4.0/7.0, SAP SRM 5.0, SAP EWM 9.x, SAP Transport Management (TM) 7.0, PI 7.x, XI 3.0, SAP Solution Manager 4.0/7.x, SAP GTS 7.0, SAP GDS\MDM 7.1, SAP Business Object (BOBJ) 4.2, SAP Cloud Analytics (SAC), SAP Hybris, SAP Web-Channel 2.0, SAP Biller Direct 7.0

IDM Tools: SIM (Sun Identity Manager), SRM (Sun Role Manager), OIA (Oracle Identity Analytics), OKTA

Security Tools: Nessus Professional & Manager, Mimecast Email Protection, PHISHME Simulator, Solarwinds, SECUDE or SAP Secure Login (SSO), Thycotic Secret Server (PAM), CISCO Umbrella, Softerra LDAP Administrator 2010, OKTA Verify, SIEM tools such as Splunk, Network security tools like Snort, Metasploit, Wireshark, and Password Manager tools like Dell Password Manager, Anixis, Cyber security training tools like Ninjio etc.

Compliance Tools: SAP GRC Access Control 10.x and 11.x, 12.0, SAP GRC (Governance, Risk & Compliance) 5.3, Compliant User Provisioning (CUP) or Access Request (ARQ), Risk Analysis & Remediation (RAR), Enterprise Role Management (ERM), Business Role Management (BRM), Risk Mitigation, Risk Terminator and SuperUser Privilege Management (SPM) or EAM, VRAT 2.0, VIRSA Compliance Calibrator 4.0, Firefighter 4.0, Role Expert, SAP Access Enforcer, Process Control 5.3/10.x/11.x/12.0

Reporting Tools: Crystal Reports, SAP BEx Analyzer, Luminate 2.0, TIDAL Transaction Analyzer 1.5, Web Application Designer, SAP Business Objects (BOE\BOBJ) 4.2, Lumira Discovery 2.0, WEBI, Universe Design Tool

Languages: ABAP/4, PL/SQL, Java, HTML/DHTML, Visual Basic (VB), C/C++, VC++

OS: AIX 5.3/6.x/7.x, Red Hat EP 7.3, HPUX, Solaris, AS 390/IBM, Windows 95/98/2000/NT, XP, 7, 8, 10

RDBMS: Oracle 7.x, 8.x, 9.x, 10.x, 11.x, 12.x and MS SQL Server 20xx, MS Access

Other: ServiceNow IT Service Management, Service Desk Express (SDE)\MAGIC, Remedy Action Request System 5.0/6.0, Cherwell Service Management, Applix iEnterprise, FrontRange IT Service Management 5.0, Test Director 8.0 SP2, CSI Data Xtractor, Perl, WinRunner, ClearCase/ClearQuest, Test Director, Softerra LDAP Administrator 2010.2, Triplepoint CSL, Sabrix

Trainings: ITIL, SAP GRC AC 5.3/11/12, SAP Admin 940/960, CISA, CISM, CISSP, CSX Practitioner, Cyber Security Summit, SAP Cyber Security Conference (S/4 HANA & Fiori security), SANS GCIH (GIAC Certified Incident Handler)

PROFESSIONAL EXPERIENCE

Confidential, Golden Valley, MN

SAP Security Consultant

Responsibilities:

• Working on year-end Audit and SOX compliance with Internal and External audit teams.
• SAP ERP, EWM and BW production support and enhancements implementation.
• FSM project implementation and security assessment for SOX, PII, PCI compliance and cyber risks.
• SAP GRC administration and support.
• Upgrad e\migration from GRC 10.1 to 12.0 platform.
• SAP License measurement and user count tuning.
• IT Security assessment and operational efficiencies.

Confidential, Minnetonka, MN

SAP & IT Security Architect

Responsibilities:

• Implemented SAP Fiori, SAP GRC, SAP Business Objects and other SAP projects. Also, analyzed SAP security gaps in terms of cyber risk and reviewed SAP S/4 HANA security architecture for upgrade.
• Managed SAP security operations and compliance tasks. Worked with internal and external auditors.
• Managed off-shore resources for SAP security and collaborated with various SAP teams for projects.
• Lead several SAP security projects for roll-out such as: SAP SAC (Security Analytics Cloud), SAP RFP Mobile app, SAP Sigga mobile apps, SAP BI Upgrade, SAP GRC Upgrade, SAP Fiori P2P for Purchase Orders, Bob Evans Farms and Norwalk plant SAP integrations.
• Performed internal and external Cyber Security assessments using NIST framework, which also included Critical Infrastructure for Cybersecurity (CIC) evaluation. This included SAP landscape as well.
• Created and Implemented IT Cyber Security program with inputs from senior leadership.
• Implemented patch management and incident management processes for better visibility and tracking. Managed Threat & Vulnerability management for IT and ICS systems.
• Handled Cyber Security incidents, worked with SAP, Network, UNIX, Database, Windows, Industrial Controls, IT Support and Management teams as required.
• Performed and reported Nessus vulnerability scans on a periodic basis, tracked issue fixes. Identified and updated asset inventory on a regular basis.
• Collaborated with the holding company’s Cyber Security team to implement corporate-wide policies, processes and tools for enhancing the security posture for the organization.
• Provided regular Cyber Security updates, progress reports and metrics to the IT leadership team. Also, communicated any NEW or elevated risks to IT Leadership via a “Risk Register”.
• Implemented several IT Cyber Security initiatives via collaboration including: Privileged Access Management (PAM), OKTA 2-factor authentication, Mimecast Email Protection, CISCO Next-Gen Firewalls, IBM IPS\IDS unit upgrade, Central Logging and Monitoring solution, Phishme campaigns, Cyber Security Awareness, Vulnerability and Threat Management, Incident Management, Cyber Security Project reviews, End-Point protection etc.

Confidential, Golden Valley, MN

SAP & GRC Information Security Manager

Responsibilities:

• Developed SAP Security Roadmap and plan which was reviewed and approved by senior management.
• Managed SAP security team and consultants, and prioritized tasks for them for various projects such as EWM implementation, SAP Role Redesign for international business units, audit & compliance.
• Created and implemented IT Cyber Security program to tackle cyber risks.
• Worked with E&Y team, external vendors and IT mgmt. to conduct Cyber Security assessments.
• Formulated IT Cyber Security Roadmap based on internal & external assessment recommendations.
• Implemented several IT Cyber Security initiatives including: Cyber Security training and awareness program, Dell’s password manager plus 2-factor authentication, PCI compliance audits, SAP Patch management, Incident Management, Data Classification & Protection, Wireless Security revamp etc.
• Reviewed security of projects for SAP compliance and Cyber Security risks. Worked with IT Managers, business leaders, HR and Legal departments for policy rollouts and compliance management.
• Reported Information SAP Security & Cyber Program progress to C-suite and IT Management.

SAP Security Architect

Confidential

Responsibilities:

• Audit - Worked with Internal & External auditors as appropriate, requested data\reports were provided as required. Worked with IT and business management teams to prioritize & plan the course of action.
• Process Improvements - Lots of NEW Processes & Policies were developed to streamline year-end audits E.g. Active User Cleanup, Firefighter Policy, OSS ID logging & tracking, Non-production access policy etc.
• Implemented GRC ARM or ARQ module to automate SAP User provisioning & de-provisioning activities.
• SAP Role Re-design project was implemented for all Business Units, all locations and all modules using Business Role concept, this included EMEA, APAC and NAM roll-outs.
• SAP Machine Configuration project (SAP Hybris) implementation, including master data governance.