SUMMARY

• SAP Security Architect / GRC Team Lead with more than 9 years of experience which includes Design, Gap - Analysis, Implementation, Configuration, Upgrade, Rollout & 24X7 Production Support of Application Security and handling Security for various modules: SAP ECC (HCM, HR, SD, MM, PM, FI, CO), BW/ BI, SEM-BPS, CRM, SRM, XI/ PI & Portal in Global SAP landscape environments.
• Completed 7 Full Life Cycle Implementations and 3 upgrades / migrations - Maintain Authorizations, Creation & Maintenance of roles, Reconciliation of roles and user master records, Transport Management System.
• Experienced with SAP Support and Developing Security Strategies for R/3 (3.H 3.1, 4.5 - 4.7), ECC 5.0/6.0, HR/HCM (ESS/MSS), BW/BI (BI 7.0, BW 3.5/3.1/3.0), APO, CRM, CRM Web Client UI Framework, SEM, Portal and Netweaver 2004s, GRC (5.3/5.2), SRM 6.0/4.0, CRM 7.0/5.0, SCM 7.0/5.0, PI (7.1, 7.0), HCM/HR, EP 7.0/6.0 and Solution manager 7.1/7.0.
• Experience in architecting and deploying SAP Identity Management, LDAP Directories, Single/Reduced Sign-On (SSO), Provisioning and Provisioning/Identity Workflows, Access Management, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Security Infrastructure Design, Authentication and Authorization.
• Worked extensively in different business scenarios like Order-to-Cash (OTC), Procure to Pay (PTP), Make to Order (MTO). Worked in full life cycle implementations to the client business scenarios within the time lines and successful Go-Lives.
• Extensive Experience with SAP Net Weaver Business Client (NWBC) V3.0 for HTML and Desktop using ABAP role repository (PFCG) or a portal role repository (PCD). Develop and implement SAP security best practice strategies.
• I was proactively involved in tracking, analyzing, and reports security incidents, Identify and submit process improvements.
• Worked extensively with GRC (Governance Rick and Compliance) tool.
• Good understanding and experience with COBIT, COSO, ISO270012, SAS, SOX and privacy regulations.
• Knowledge and experience with SAP Access Control 10.0 / Process Control 10.0 / Risk Management 10.0. Exposure to Content Life-Cycle Management (CLM). Hands-on Experience with Auth. Objects - GRFN API, GRFN REP, GRFN CONN.
• Used Compliance Calibrator, Access Enforcer, and Firefighter and Role Expert tools.
• Gathered requirements from external auditors to identify critical reports &streamlined the reports.
• Implemented SAP R/3 Security in compliance with Sarbanes-Oxley (SOX) sections 404 and 302.
• Developed processes and procedures in compliance with the SOX act certification.
• Identified and classified the reports to address the Delegation of authority (DOA) and Segregation of Duties issues (SOD).
• Lead and actively supported teams of Security and business analysts in the implementation, use and maintenance of VIRSA continuous compliance tools to address Security, authorization, provisioning, Segregation of Duties (SOD) and other compliance issues within SAP. The VIRSA modules included;
• Compliance Calibrator: Perform configuration and maintenance; Define mitigation, functions, risks, rules, and critical transactions; Conduct risk analysis, and identify, analyze, troubleshoot and resolve all SOD and audit issues; etc.
• Access Enforcer: Perform configuration and administration; Define request types, detour, approver, workflow approval process, informer; Run risk analysis and conduct mitigation, etc.
• Firefighter: Perform the configuration; Define FF ID and Owner/approver; mitigate FF (emergency) ID users; review audit logs, follow up on FF ID usage, etc.
• Designed and Implemented security for SAP Human Resources (HR) Structural Authorizations.
• Implemented Security for the ESS (Employee Self Service) and MSS (Manager Self Service).
• Revised and Documented Security Design for HR ESS/MSS.
• Maintained Authorization Main Switches and customer specific authorization objects.
• Create Structural Authorization Profiles and assign to positions and UserID as per the organizational structure.
• Create authorizations for HR transactions that do not have their own authorization objects.
• Limit a user’s access to information according to the structure of the organization plan.
• Created new Organizational Plan (PPOM OLD) and created Organizational Units and assigned Positions.
• Created Personnel Master Records (PA40) and assigned them to Positions.
• Managed Personnel Master records and assigned them to nodes on the organizational plan
• Created and Maintained Structural Authorization Profiles (OOSP)
• Worked on Infotype 105 (PA30) to link the SAP User Ids to Personnel Master Records
• Worked on Infotype 1017 to link Structural Authorization Profile to an org unit (PO10) or Position (PO13).
• Assigned roles to users to meet business HR requirements using Authorization object P ORGIN, P ORGXX, P PERNR , P ABAP, PLOG, P APPL.
• Activated structural authorizations in OOAC (updates table T77S0)
• Created Structural Authorization profiles using TCodes OOSP (updates table T77PR).
• Assign Structural Authorization profile to User Id by running report RHRPROFL0 and update Table - T77UA.
• Created Organizational Plans by using PPOCE.
• Worked on Report RHUSERRELATIONS which tells the authorization profiles exiting for the user.
• Implemented SAP HR Symmetrical Double Verification
• Assigned Structural Authorization Profiles to User Id’s through Report RHPROFL0 (SE38, OOSB)
• Set up regular security Manager and Employee roles in SAP for access to HR Transactions.
• Extensively worked on BI 7.0 with transactions RSECADMIN, RSSMTRACE, and RSD1.
• Secured Info Area, Info Cube, Info Object, Query, Work Books by maintaining hierarchy authorizations.
• Secured Reporting users by configuring roles and authorization objects.
• Implemented Info Object security (field level security) for reporting users.
• Experience in creating reports based on different Key figures and Dimensions like time, country, company code from Business Explorer Analyzer.
• Created an Authorization Objects for reporting and maintain authorizations with values.
• Identified all the org level info objects and confirmed they are Authorization Relevant.
• Created BW reporting users using S RS ICUBE, S RS COMP, S RS COMP1 and S RS FOLD objects.
• Created administrator users using S RS ADMWB, S RS IOBJ, S RS ISOUR, S RS ICUBE, S RS MPRO.
• Identified all the existing roles and converted them to new role based on object S RS AUTH
• Developed custom Authorization Object for queries in RSSM developed by the users.
• Assigned queries to the folder roles from Business Explorer Analyzer.
• Created queries, query variables and assigning queries to authorized users.
• Performed tracing of the SAP-provided objects and custom reporting authorization objects to debug an authorization error using system trace tools like RSR TRACE tool, ST01, SU53.
• Creating Queries and restricting access through Variable filled Authorizations
• Extensively worked on security issues on System Landscape Directory, Solution Manager, worked with SAP PI Basis team to implement security on J2EE systems.
• Involved in tracing activities in the Adapter Engine and sometimes used Visual Administrator to access the J2EE Engine’s file system where the trace files are stored.
• Implemented Security on J2EE-Based Messaging Components - Runtime Workbench, Integration Server (IS), Business Process Engine, Integration Builder (Integration Repository, Integration Directory).
• Created Roles for PI Administrator, Developer, Basis, Configurator, and other users.
• Extensively used authorization object S XMB MONI (transactions SXMB MONI, SXMB ADMIN) to prevent message trace headers or message payloads being visible in the PI monitoring tools.
• Resolved security issues for service user XIREPUSER, J2EE ADMIN, and XIRWBUSER.
• Creating Portal users in Consumer and Producer Portals. Creating roles, assigning users to roles.
• Creating iViews, pages, worksets, assigning them to roles.
• Maintained/generated authorization profiles that access ABAP objects in the backend system for the portal roles.
• Migrated ABAP roles and their content (transactions, user assignments etc) to Portal Server.
• Design, Develop, Testing and Implementation of Enterprise Portal User IDs, Roles, iView’s.
• Implemented Enterprise Portal Security for SAP ECC Components as well as for BI Tool.
• Used transaction WP3R to manage authorizations and user assignments of Portal roles.

TECHNICAL SKILLS

• SAP R/3: ECC 6.0, ECC5.0, 4.7
• BW/BI: BI 7.0, BW 3.5/3.2
• Enterprise Portal: EP 7.0, EP 6.0, EP 5.0
• Solution Manager: Solution Manager 7.1
• CRM: CRM 7.0, CRM 5.0
• SCM: SCM 7.0, SCM 5.0
• GRC: Compliance Calibrator (RAR 5.3/5.2), Firefighter (SPM 5.3/5.2/5.1), Access Enforcer (CUP 5.2/5.1), Role Expert(ERM)
• PI/XI: PI 7.1, PI 7.0, XI 3.0
• Database: Oracle 10g/9i, MS - SQL 2008/2005, DB2 V8
• Operating System: Windows Server 2008/2003/2000, RHEL 5.3/4, AIX V6, HP UX-11i V3, Solaris 10.0/9.0
• Programming: Java, J2EE, SQL, PL/SQL, Perl.

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, USA

Senior Software Engineer

Environment: /Tools: SAP ECC 5.0/6.0, SAP BI, PI, SCM, Federated Portals, SAP NetWeaver, GRC Compliance Calibrator 5.3 / 10.0.

Responsibilities:

• Full life cycle experience including requirements gathering, business analysis, jobs, roles, and SOD matrix and handled SOD conflicts for Sarbanes Oxley Compliance.
• Implemented SCM - Demand Planning and Supply Chain Planning, BI, Master Data (MDM) and PI.
• Work on the Peregrine tickets to resolve all the production issues.
• Extensively work with Business Process Owner and Auditor/Controller to solve Segregation of Duty issues using Compliance Calibrator, Risk Terminator and Role Expert, and Firefighter to comply with Section 404 of the 2002 Sarbanes-Oxley Act.
• Developed and managed the security project plan (full project life cycle) and overall security strategy documentation for the implementation.
• Developed and managed the security project plan (full project life cycle) and overall security strategy documentation for the implementation.
• Developed security test schedule, to include Unit Testing and Integration Testing.
• Post Go-live support to resolve all production security-related issues and day to day technical support and resolution of Basis & Security issues.
• Monitor daily security & maintain authorization task through PFCG, SUIM & ST01, and SU01.
• Maintain transaction codes and authorization object table (USOBX C and USOBT C) through SU24.
• I was involved in different phases of PMO methodology and various Project Assessment activities -
• Phase 1: Customer Solution Strategy Gate 2 - Customer Solution Strategy Readiness Assessment
• Phase 2: Project Preparation & Blueprint Gate 3 - Blueprint Readiness Assessment
• Phase 3: Realization PRE - Production Readiness Assessment
• Phase 4: Final Preparation Production Readiness Assessment
• Phase 5: Stabilization and project Closure.
• Involved in GRC Implementation / Upgrade from 5.1 to 5.3 - GRC RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP GRC.
• Developed security test schedule, to include Unit Testing and Integration Testing
• Post Go-live support to resolve all production security-related issues and day to day technical support and resolution of Basis & Security issues.
• Worked on NWBC Navigation Tree and customizations of menu using Web client UI Applications, BSP and Web Dynpro Applications (Direct / Indirect Navigation, Navigation Targets)
• Knowledge of NWBC Active Services in the ICF, Default Pages and Service Maps.
• Mapping of PFCG Roles to the Business Client Structure - Screen Designs, Screen Customizations and Launchpad designs.
• Experience with NWBC Object-Based Navigation (OBN), Business Object Repository (BOR), Mapping of Parameters, Further Node Details, Link Collection for Folder Options and Runtime Filter and Cockpit Filter.
• Designed and Developed Security Roles on PLM - PLM 7.01 Web User Interface, Access Control Management (ACM) - SAP Engineering Change Management (ECM), Materials Management (MM), Production Planning (PP) modules within PLM, Project & Portfolio Manager (PPM 5.0), Extensive Knowledge on PLM Web UI, Access Control Context (ACC) Hierarchy - Restricting access to Objects (ECR, Change Master, BOM etc.).
• Successful Deployed Security for SNC v7.01 (Supply Network Collaboration) and Object Level Authorizations via Access Control Lists (ACLs) in Collaboration Folders / Projects - Screen Authorizations on ASN & PO Collaboration, WebDynpro Security, CFX Object Status Authorizations, & Navigation Panel User Interface (UI) Authorization Objects (POWL).
• Monitor daily security & maintain authorization task through PFCG, SUIM & SU01.
• Maintain transactions code and authorization object table (USOBX C and USOBT C) through SU24.
• Creation & Modification of Users, Profiles, (PFCG) Roles, Auth objects.
• Completely designed and implemented methodology for controlling end user access to plants, fund centers, cost centers, etc. Applied to both R/3 and BW environments. Designed security roles for FI (AR, AP, SD), CO, MM, QM, PM, and SCM - APO - Demand Planning and SCM modules.
• Conduct comprehensive analysis of existing Security environment.
• Actively Involved in XI/PI Security - Web Services (SOA- Service Oriented Architecture) - Working on Securing PI 7.0/7.3 J2EE-Based Messaging Components - Runtime Workbench, Integration Server (IS), Integration Builder (Integration Repository, Integration Directory).
• Implemented J2EE Security in a Dual-Stack SAP Net Weaver Environment, Understanding of Exchange Profile Parameters, JCo trace files, & Visual Administrator. Knowledge of SAP Web Services Security - SOA Management, WSDL, J2EE, SOAP, & XML.
• Acted as Security Focal for HR/HCM - Extensive Knowledge of HR Structural Authorizations (OOSP/ OOSB/ OOAC), Context Structural Authorizations, and HCM Payroll, Organizational Management, PA/PD, Compensation & Benefits, ESS, and HR Info Types & HR Auth. objects .
• Involved in Position based Security via Indirect Org Assignments (Infotype 0001), Context Sensitive HR solution (P ORGINCON).
• Involved in Remediation of security roles via SOX Compliance Products - SAP GRC Access Controls - GRC v5.3 / v10.0 (RAR, CUP, SPM) and Workflows, Segregation of Duties tasks or management of system roles.
• Designed and Developer Security Roles on SAP NetWeaver / Portal - J2EE Security – Experience with UME – UME Functions, LDAP. Knowledge on UME Actions, UME Roles Groups. Exposure to J2EE Security Roles / Visual Administrator & UME Trace / Audit Logs. Active Directory (AD) Account Management.
• Involved in Solution Manager Security – Knowledge of Solman Charm (Change Request), Normal Correction, NetWeaver Business Client (NWBC), Early Watch Alert, End-to-End Root Cause Analysis Reports.
• Collaborated with various Implementation Partners for Successful Deployment of CRM (Customer Relationship Management), APO (Advanced Planner and Optimizer), and EWM (Extended Warehouse Management) SRM (Supplier Relationship Management) Authorization concepts. Implemented EWM Security on Storage Types, Activity Areas, RFC/ICF Security.
• Trained Internal Audit and Role owners rule set validation and how to simulate role changes and prevent the introduction of new risks into security roles and Mitigating Controls.
• Worked extensively in securing IDocs, RFC and interfaces, NetWeaver User Master Engine UME.
• Involved in all phases of SAP GRC Identity Management implementation which includes Requirements gathering and analysis, Solution design, Deployment, Testing and go-live
• Troubleshoot security/authorization related problems using SU53, ST01, RSSM (for BW) and SUIM.
• Securing the data presented in Queries by Hierarchy node.
• Creating Queries and restricting access through Variable filled Authorizations
• Provide support and troubleshoot structural authorizations (Infotype 1017) which are configured to allow managers automatic access to only their employees via PD profiles with dynamic root ids.
• Define, create and run unit, component and assembly tests for role-based security.
• Validate the security configuration and procedures defined for the technical production environment.
• Supported Internal and External Security audits in the production systems.
• Worked closely with the Audit Team for User-role conflict removal in SAP.
• Scheduled the security background jobs that generate the reports.
• Established workflow and created documents with workflow details (created technical and functional specifications for each work detail) with in SOX regulations and SOD check.
• Designed and periodically reviewed SAP critical transactions, tables and reports in compliance with SOX.
• Conducted monthly meetings with the Business unit leads in identifying & resolving the Segregation of Duties (SODs) analysis and documented for auditing purposes.
• Revamped existing activity groups to make them compliance with SOX and SOD conflicts.
• Periodically Modify Archive or View Security Audit Log.
• Involve in Internal control meetings with Auditors to perform the Auditing and logging.
• Involve in conducting Quarterly Internal Audit and Annually External Audit for Audit pass with all area managers to re-validate roles and user profiles.
• Experience with Single Sign On, LDAP and Active Directory
• Redesign security roles to remove SoD Conflicts and simplify role maintenance
• Installed GRC 5.3 Risk Analysis and Remediation (RAR) .
• Redesign security roles to remove SoD Conflicts and simplify role maintenance
• Configured RFCs for production, Dev. and QA system in RAR.
• Set up background jobs for High and Medium Alerts and Configured sensitive Tcodes.
• Downloaded SOD matrix customized it & uploaded in RAR. Defined Risks in RAR and did cross system Analysis. Defined SOD conflicts at user level, TCodes level and Auth object level.
• Used CC to easily create, maintain, and manage Risks used to generate Rules.
• Used CC to Apply Controls to mitigate any Risk associated with a User, Role, or Profile.
• Used CC to alert the appropriate manager when activity monitoring is not performed.
• Used RAR to easily create, maintain, and manage Risks used to generate Rules.
• Used RAR to Apply Controls to mitigate any Risk associated with a User, Role, or Profile. Used RAR to alert the appropriate monitor when conflicting or critical transactions are used, or a control is assigned to mitigate a risk.
• Used RAR to alert the appropriate manager when activity monitoring is not performed.
• Configured SAP GRC Compliant User Provisioning (CUP) - Password Self Service, User Request work flows Like Basic, Detour, Escape routes, Forked and parallel work flows.
• Did Workflow specific configurations, Setting up E-mail remainders, Auto provisioning, Configuring CUA System Setting, Identify STMP server for email notification.
• Creating Initiators, Defining Stages, Defining Paths, Escape routes, Configuration of Approvals, Escalations, Next approver, Wait time, Alternate approver.
• Successfully acted as a Point of contact to the both Functional teams and Security team. Got succeeded in preparing the roles for post-production, giving trainings to the end users in short time period.
• Actively Participated and Conducted Knowledge Transfer to Other Project Teams and Stakeholders.
• Conducted Workshops to other Team Members on Access Management for Suppliers and Collaboration Folders.
• Proactively Support continuous improvement in existing and new environments by contributing to the problem management process and ensuring execution of corrective actions assigned to the team.
• Coordinate the day-to-day activities of team members, including maintenance; support and technical project work to ensure performance objectives are met.

Confidential, Saint Louis, MO

Senior SAP GRC Security Team Lead / Architect

Environment: /Tools: SAP 4.7/ECC 5.0/6.0, BI, CRM, SRM, Federated Portals, SAP Virsa/GRC, Virsa Compliance Calibrator 5.1 (Full Life cycle Implementation), Firefighter.

Responsibilities:

• Involved in role development for ECC 5.0/6.0 and Federated Portal Environment with BI and CRM.
• Interacted with Business Analysts to identify key challenges, and define project scope and deliverables.
• Developed and managed the security project plan (full project life cycle) and overall security strategy documentation for the implementation.
• Involved in designing HR Structural Authorization Check in SAP HCM, and Creating Structural Profiles, Maintaining Evaluation paths, Assigning Structural Profiles.
• Developed security test schedule, to include Unit Testing and Integration Testing
• Provided post go-live support for SAP Security and resolved authorization issues.
• Created classes and objects in SU21, authorization fields in SU20 and maintained relationship between TCodes and authorization objects in SU24. Also Created and maintained Organization Levels
• Generated reports and changed documents as required (SUIM)
• Performed Authorization/System/Performance Trace (ST01 / ST05)
• Created, Maintained and Released transports (SE01 / SE03 / SE10 / STMS)
• Transported roles/profiles between clients within R/3 systems (SCC1)
• Maintained Table Views and Technical Settings (SM30 / SM31/ SE16 / SE16N / SE13)
• Secured Tables and Programs by creating custom Transaction codes (SE93)
• Created, Assigned and Updated Authorization Groups in Tables (SE54 / SE11)
• Updated Authorization Groups assigned to a Program (SA38 / SE38 / RSCSAUTH / RSABAUTH)
• Performed Mass Generation of Profiles as required (SUPC).
• Performed repetitive tasks by recording and running SAP GUI Scripts and CATT Scripts (SCAT / SECATT)
• Configured, Deployed, Connected and Disconnected CUA (SM59 / BD64 / SCUA / SCUM / SCUL / SCUG)
• Analysis - Negotiated Business functions with the business in order to reduce SOD user Conflicts.
• Developed security test schedule, to include Unit Testing and Integration Testing.
• Experienced in Studying and Analyzing Organization structure and defining Job matrix, roles and, Transport Management with strong problem solving skills and Project Management skills
• Work with SRM team for maintaining the users in the SRM Org Structure.
• Work on creating the SAP EBP/ SRM Profiles, Roles, Authorization Security.
• Work on SRM authorizations & roles with business requirements & data.
• Create the buyer users and assigned the users to Organizational Unit (Users gen) and validate to appropriate Spending and Approval Limits in the user roles.
• Analyze missing authorization and ABAP programming errors in SAP R/3 systems (ST01, SU53, and ST22).
• Full life cycle experience including requirements gathering, business analysis, jobs, roles, high level design, and SOD matrix for the Security developed in SAP and handled SOD conflicts for Sarbanes Oxley Compliance.
• Reviewed SAP security for critical SAP BASIS transactions and recommended alternative solutions for Segregation of Duties (SOD) compliance.
• Troubleshoot security/authorization related problems using SU53, ST01, RSSM (for BW) and SUIM.
• Analyze missing authorization in BI 7.0 (RSRT, RSRTRACE, RSECAUTH, RSECADMIN, and BEx Analyzer).
• Interacted with Business Users to analyze Segregation of Duties issues (SOD) and removed the SOD from roles in SAP R/3 Enterprise environment by deleting the conflicting Transaction codes.
• Involve in developing the Developer roles & Report user roles using Single & Composite roles.
• Conversion and activation of custom objects to Analysis Authorizations.
• Proficient in use BI 7.0 Analysis Authorizations and implementation tools: RSD1, RSECADMIN.
• Involved in appropriate profile mappings, role assignments and testing through the BEx analyzer.
• Structural authorization BI analysis and BI structure conversation.
• Troubleshoot client’s issues on new analysis authorizations and concepts around security.

Confidential, Memphis, TN

SAP Security Analyst / Administration

Environment: /Tools: SAP 4.7/ECC, SAP Virsa/GRC, Virsa Compliance Calibrator 4.2 (Full Life cycle Implementation), Firefighter, MM, SD, FI, QM, CRM, BI, and Enterprise Portals.

Responsibilities:

• Creating and Assigning Roles to Users using Profile Generator.
• Analyze changes and Consolidate roles for the Go-Live. Check for new transactions and related Security Objects.
• Checking all the Security related Programs after Unicode Upgrade.
• Supported the upgrade to ECC 5.0 through Sandbox, Development, QA and Production upgrades.
• Check custom security objects are intact and are assigned to right roles
• Identify the impact of New Service Packs and make necessary changes to the Security Roles
• Upgrade all the security Roles, Test and Move to Production
• Check for Security Profile Parameters that effect the new system
• Verify Security rules are in place as per profile parameters after Go-Live
• Ensure new role-building follows business guidelines, and adhere to the controls requirement set forth by the internal audit/controls teams.
• Leading multi-module upgrade for client moving to NW 2004s on modules ECC6, BW 7.0, SEM 6.0, FSCM 6.0, CRM 5.0, SRM 5.0, and PI/XI 7.0.
• Creating and maintaining user authorization, roles and profiles for SAP R/3, SAP BW, SAP CRM, SAP XI, SAP Portals and SAP EBP.
• Ensure segregation of duties (SOD) exists in the SAP systems using the Virsa Compliance Calibrator 4.0 tool. Assigned VRAT roles to VRAT users.
• Extensively used and proficient in third party utilities and tools like RBE, VIRSA (VRAT, Compliance Calibrator & Access Enforcer), to analyze assigned access, to simulate and monitor user authorizations and reporting.
• Implement and modify existing HR structural authorizations, HR composite Roles and activity groups.

Confidential, Hopkinton, MA

SAP Security Consultant / Analyst

Responsibilities:

• Analyzed all customer programs and transaction codes for authority check and configured for Profile generator in order to automate Profile generator for customer transaction.
• Implemented Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.
• Designed and Developed several utilities to support SAP R/3 security reporting needs (Reports of user usage, profiles and authorizations, comparison report in different R/3 system).
• Configured Profile Generator and transported settings to all clients.
• Identifying and creating Functional/Application Security Roles.
• Performed Sarbanes Oxley - SAP Security Audit.
• Designed and Developed Activity Groups. Generate and unit-test Security Profiles.
• I was mainly involved in Go-Live and Post-Implementation Security Support (Help Desk Level 2).

Confidential, Chicago

SAP Security Consultant

Responsibilities:

• Building SAP security procedures in-order to minimize the post implementation maintenance.
• Created users, roles and assigned required privileges/ limitations for the database access.
• Performed Security upgrades using SU25 and Profile Generator (PFCG).
• Transported profiles between clients within R/3 system and between R/3 systems.
• Used derived activity groups to create new activity groups and to transfer TCodes from old ones to new ones.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Extensive work on R/3 4.6 B/C authorization using (PFCG, SU24, SU01, SM30, SU21, and SUIM).
• User master maintenance including creating users, deleting users, and renaming users.
• Worked on SAP Check Indicator Defaults and field values, reduced the scope of Authorization checks using transaction SU24 and maintained check Indicators for Transaction codes.
• Used Profile Generator for creating, modifying roles, composite roles and derived roles.
• Generated authorizations using Profile Generator and assigned them to authorization profiles and activity groups and in turn assigned to user master.
• Used transactions such as SUIM, SU53 to troubleshoot problems.
• Using System trace to record authorization checks in different sessions using ST01.

Confidential

QA Validation Tester

Responsibilities:

• Analyzing requirements documents and writing Test Cases.
• Involved in complete system development life cycle.
• Developed Documentation for all aspects of the computer systems Validation lifecycle.
• Involved in manual testing of functionality, GUI testing and System testing.
• Participated in documentation of the Validation Summary Report (VSR).
• Actively participated in preparing the Defect Report.
• Test case design and Execution, Performed Black Box testing.
• Conducted the D atabase Testing of the application by writing SQL Queries.

Environment: Visual Basic, Oracle, SQL, WinRunner, Load Runner, Test Director, Windows NT