We provide IT Staff Augmentation Services!

Sap Security Consultant Resume

Chesterbrook, PA

SUMMARY

  • Over 12 years of IT experience which involves 8 years of extensive experience in SAP security and GRC Consultant. The SAP Security & GRC consultant responsibility includes Design, Gap - Analysis, Implementation, Configuration, Upgrade, Rollout & 24X7 Production Support and handling Security for various modules: SAP ECC (HCM, HR, SD, MM, PM, FI, CO), BW/ BI, CRM, SRM, XI/ PI & Portal in Global SAP landscape environments.
  • Worked under FDA approved environment. Project management skills combine with demonstrated ability to develop and implement technical solutions to meet critical business needs. Outstanding leadership and interpersonal skills result in productive working relationships and top performance among staff. Effective communicator able to translate between technical and business units, making complex data easy to understand. Experienced to handle full access to confidential company data.
  • Completed 3 Full Life Cycle Implementations and 2 upgrades / migrations - Maintain Authorizations, Creation & Maintenance of roles, Reconciliation of roles and user master records, Transport Management System.
  • Interfaced extensively with clients to gain insight and develop solutions to meet customer business needs across the entire SAP landscape.
  • Worked extensively in different business scenarios like Order-to-Cash (OTC), Procure to Pay (PTP), FPM
  • Worked in full life cycle implementations to business scenarios within the time lines & successful Go-Lives.
  • Extensive User and Role administration experience.
  • Extensively worked on Central User Administration (CUA) to manage multiple systems/clients.
  • Working experience on VIRSA, GRC 10.0 and 10.1
  • Extensive and Hands on Experience in GRC Implementation and upgrade, Involved in redesign of the roles and architecture based on Compliance Calibrator\'s high SODs.
  • Good understating of SOD / SOX / Security Assessment / SAP Authorization.
  • Effectively worked with Cloud computing tool -Success Factors.
  • Working experience on HANA.
  • Audit - Process & follow-up on Audit requests every quarter
  • Very good experience of producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc).
  • An analytical mind with the ability to think clearly and logically and pay attention to details.
  • Extensive experience in Requirement gathering, Design, Development, and managing team to make sure deliver tasks on time.
  • Performed Quality Assurance in the area of Security and Authorizations, documenting problems and risk areas.
  • Excellent interpersonal, leadership, and communication skills.
  • Trained new joiners and team members on process, Technology as well helped them to resolve issues.
  • An analytical mind with the ability to think clearly and logically and pay attention to details.
  • Contribute to the documentation for the various tasks that we perform for daily monitoring.

TECHNICAL SKILLS

  • ECC R/3, BW, CRM, GRC 10.1, ATTP, Portal Security, FIORI, Hybris Security, Vendavo Security
  • Key Skill ECC, CRM Security, BW Security, BOBJ, HANA, GRC 10.1, Portal
  • Security, Solution Manager, SAP FIORI Security, Hybris Security
  • ERP ECC 6.0

PROFESSIONAL EXPERIENCE

SAP Security Consultant

Confidential, Chesterbrook, PA

Responsibilities:

  • Coordination and interaction with the key business users, project stakeholders, technical teams and functional consultants for gathering functional requirements and design of security architecture, naming conventions and processes in compliance with the Sarbanes-Oxley (SOX) 404 act: analyzed all business roles and mapped them to transaction codes according to the business process requirements
  • Designed, developed and maintained single roles, composite roles, master and derived roles and secured roles by the organizational levels such as company codes, plants, cost center, profit center, purchasing organization etc. for different SAP Modules, SD, MM, WM, PP, FICO, BI7.0, Business Object (BOBJ), MDM, XI/PI, Solution Manager (Sol Man) and Enterprise Portal7.0 for SAP implementation
  • Developed/created and assigned analysis authorization by characteristics (unit/time/technical), characteristics values, attributes, hierarchies, key figure, info area level, info object level, info cube, ODS, PSA, query, info providers and workbook for SAP BI reporting users, BI users, SAP BI administrators and query users
  • Used transaction RSECADMIN for creating custom authorization objects and S RS AUTH for assigning authorization objects for BI query end the user roles. Worked on BEx analyzer using transaction RRMX and restricted the users to see the queries using S RS COMP and S RS COMP1
  • Used Central User Administration (CUA) to handle user administration/maintenance activities, set up user IDs, assigned roles, reset password, locking/unlocking users.
  • Extensive user and role maintenance experience, with broad experience in maintaining single, composite and derived roles using Profile Generator (PFCG). Very good knowledge of producing and analyzing reports in SAP using SUIM and security related tables (AGR* and USR* etc.)
  • Set up the testing environment for unit testing, integration testing and UAT and managed security authorizations test defects using HP Quality Center (HPQC). Troubleshot user roles, traced the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error, resolving the issue by giving required authorizations (SUIM, SU53, ST01, RSECADMIN, RRMX) in different modules working on SAP FIORI security implementation, created services
  • Working on Hybris Security implementation
  • Involved in Implementation of AC10 Access Request Workflow to enhance the company's upgraded GRC10 system with additional functionality.
  • Hands-on Experience with GRC Business Roles, creating and maintaining BRF Rules.
  • Experience on workflow, configuration, and custom field development for GRC 10.1.
  • Hands-on Experience with Configuration of User Defaults, Setting up Connectors and Role Approvers. Maintained Connectors, Connector Groups and Connection Types.
  • Configured MSMP and BRFPlus logic to enable workflow usage as an add-on to the existing design, Drafted tested scenarios from Dev and Qa system for future use.
  • Upgraded GRC 5.3 to GRC AC 10.0 - SP11 (Emergency Access (EAM), Access Risk Analysis(ARA)
  • Using RAR produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
  • Worked with the various Business stakeholders and Audit teams in identifying risks, mitigation controls and approval workflows in consideration with current processes.
  • Defining and assigning Role Approvers, Monitors, Risk ID owners, and Business Units. - Risk ID creation and assignment to appropriate approvers & monitors for the risk. All the risks are later stored in the companies rule set.
  • Created mitigation controls for SOD issues and scheduled batch jobs to provide reports to the Management team on a quarterly basis for review.
  • Customized Rule creation for SOX audit tool SAP GRC RAR for action and permission level SOD violations in roles for various business processes and functions.
  • Recommended and created mitigation controls in SAP GRC
  • Configured Fire Fighter to capture audit logs and trigger alert
  • Review of critical and sensitive authorization, implementing improvement to meet audit requirements
  • Using RAR produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
  • Worked with the various Business stakeholders and Audit teams in identifying risks, mitigation controls and approval workflows in consideration with current processes.
  • Defining and assigning Role Approvers, Monitors, Risk ID owners, and Business Units. - Risk ID creation and assignment to appropriate approvers & monitors for the risk. All the risks are later stored in the companies rule set.
  • Created mitigation controls for SOD issues and scheduled batch jobs to provide reports to the Management team on a quarterly basis for review.
  • Customized Rule creation for SOX audit tool SAP GRC RAR for action and permission level SOD violations in roles for various business processes and functions.
  • Recommended and created mitigation controls in SAP GRC, Configured Fire Fighter to capture audit logs and trigger alert, Review of critical and sensitive authorization, implementing improvement to meet audit requirements

SAP Security Consultant

Confidential

Responsibilities:

  • Involved in revamping the security spec design, development and testing protocol design
  • Worked on users and security, including T-codes like: SU01, PFCG, PFUD, SCAT, SCEM, ST01, SUIM, SUPC, SU24, SU53, and SU56
  • Analyzed the TRACE files and identified the missing authorizations of the users, analyzed the authorization issues through SU53 screen shots and provided additional access to the users Created the individual, derived and composite roles at organizational levels
  • Developed authorization profiles for FI, CO, SD, and MM in development, test and production environments
  • Worked as SAP BPC security consultant
  • Transported profiles to test environments and carried out level-zero testing
  • Created and assigned roles (activity croups) profiles to the users using PFCG . Creation, maintenance and transported the activity groups
  • Fixed end user roles/profiles based on change requests created for breaks/fixes
  • User administration and password management (expiry of users and profiles)
  • Analyzed the root cause of authorization problems and fixed the missing authorizations
  • Setup profile generator to create authorization profiles. Created users and assigned appropriate authorizations/profiles to them
  • Performed risk analysis at User level and Role level and to mitigate risks for the users using Risk Analysis and Remediation (RAR) tool.
  • Setting up the LDAP Connector, Synchronize SU01 with LDAP, Setup GRC to use the LDAP Connector.
  • Familiar with LDAP report RSLDAPSYNC USER.
  • Worked with business process owners to identity Fire fighter ID (FFID) controllers, administrators and Owners and mapped these in SAP GRC SPM
  • Automated workflow for user maintenance using auto provisioning tool Compliant User Provisioning (CUP).
  • Extensively used VIRSA/GRC Access Control Suite to meet the SOX compliance.
  • Performed role maintenance using auto provisioning tool Enterprise Role Management (ERM).
  • Using Super user Privilege Management (SPM) tool provided Firefighter access required to address critical issues.
  • Responsible for GRC Compliance Calibrator, FireFighter and Access enforcer tools.
  • Produced SoD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using Virsa/GRC Compliance Calibrator.
  • Performing risk analysis using VIRSA Compliance Calibrator for the role assignment to the users and transaction assigning to the roles and suggesting mitigation controls or remediation when required.
  • Responsible to run Synchronization jobs by weekly basis for user master data synchronization.
  • Involved in SoD remediation project to mitigate role level and user level risks.
  • Utilized GRC Compliance Calibrator in identifying Segregation Of Duty (SOD) conflicts.

Environment: ECC 6.0, BW, HANA, CRM 7.0 and GRC 5.3

SAP Security Consultant

Confidential

Responsibilities:

  • Conducted technical requirement gathering from businesses users and prepared the business process procedure (BPP) sheet
  • Discussed issues with the functional team to find out the best way to implement the business scenario in SAP
  • Facilitated technical configuration of the business scenario in SAP
  • Supported the testing phase of the technical configuration
  • Performed a security audit in the quality system before the configurations were transported to the production system. This was done to ensure that the configurations complied with the organization’s audit requirements
  • Go-live and support
  • In the SAP security support project the responsibility included both proactive and reactive SAP technical tasks
  • Provided user administration, role administration
  • Ran SOX related reports quarterly and monthly
  • Interacted with the clients for requirement analysis and contributed to the ongoing system security improvements
  • Created the firefighter IDs and assigned the Firefighter ID’s to the user

System Analyst

Confidential

Responsibilities:

  • Evaluated and recommended testing tools and determined suitability with various development tools and the SDLC process
  • Facilitated defect tracking and reported to improve communications and reduce delays
  • Wrote test cases for functional and integration testing
  • Performed system testing and regression testing

Environment: OS/390, COBOL, JCL, DB2, VSAM and CICS

Software Engineer

Confidential

Responsibilities:

  • Served as SA and ECM team member
  • Evaluated and recommended testing tools and determined suitability with various development tools and the SDLC process
  • Wrote test cases for functional and integration testing
  • Performed system testing and regression testing
  • Loaded HCPCS codes to mainframe table, Confidential purchased the Medicare Module from First Databank (FDB). This module was loaded to the SQL server database, but for the data to be available to ABC applications, the data also needed to be available in the Mainframe
  • ABC needed the HCPCS Level II codes associated with each item to be loaded into the Mainframe so that the data would be available to COE, ECHO and other applications. The HCPCS are used by the customers to submit items for billing to Medicare
  • Designed, developed, tested and implemented software
  • Developed Flow Sequence for jobs in the conversion system
  • Provided software support

Environment: OS/390, COBOL, JCL, DB2, VSAM and CICS

Hire Now