SUMMARY

• Having around 16 years of IT experience including 14 years of SAP Security with strong understanding of information security practices.
• Strong technical knowledge in working for more than 10 SAP Security Full Life Cycle Implementations, Upgrade redesign and Support Projects
• Handling Go - Live, Post Go-Live, and Production Support projects.
• Worked on Basis as well as SAP S4 HANA Basis Security and GRC 5.3 and GRC 10.0
• Extensive experience in Requirement gathering, Design, Development, and Maintenance of SAP applications security.
• Handled security for various modules SAP S4 HANA N+ systems BI / BW, APO, FI, CO, MM, SD, MDM, HR /Solution manager & Enterprise Portal (EP).
• S4 HANA Security - (HANA STUDIO 2.0) Configured Standard, Technical and Restricted Users. Worked on System, Object, Analytic and Package Privileges. Knowledge in SAP Studio
• Worked on the SAP Business Objects Planning and Consolidation (a component of SAP Business Objects EPM portfolio) SAP BPC is an application for the security.
• SAP GRC 10.1 and GRC 12.0 on S4 HANA Implementation and Production support experience, with a good understanding of business processes.
• Remediation of Segregation of Duties (SOD) within SAP implementation for SOX (Sarbanes Oxley) Compliance using GRC 12.0 tool.
• Worked extensively on pre-SOX audits requirements and working with Auditors to comply the system.
• Worked on the Confidential Security for users and roles maintenance.
• Configured and documented RFC's between S4 HANA, replication server and ERP/BW sources.
• Worked on the SERVICE NOW tool for Incident management and Change management.
• Worked on implementation of I AM PORTAL for Access management, roles management and Identity management from SAP Security.
• Worked on FIORI Security Interfaced extensively with clients to gain insight and develop solutions to meet customer business needs across the S4 SAP landscape.
• Worked on the APPROVA One Compliance Management tool and handling support activities for compliance and Risk management.
• Experience in configuring Single Sign on (SSO) in HANA using SAML
• Experience in designing and implementing SAP HR Security using position based Security and ESS and MSS Modules.
• Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables AGR*, USR* etc.
• Experience setting up users and security on Enterprise Portal and creating user’s/user groups through UME for SAP NetWeaver.
• Extensive experience with resolving ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
• Experience on Audit projects and working as a liaison between the security team and auditors.
• Experienced in adhering to the Change Management Process for transporting roles and tables, security objects and maintaining the change documents.

TECHNICAL SKILLS

ERP: SAP S4, NATIVE HANA 2.0, BPC, FIORI, N+ systems, ECC 6.0, SAP R/3, BI 3.5/7. Confidential & EP 7.0

Modules: Security/Basis/FI/CO, HR/HCM, MM, SD, BW/BI & BPC

Operating Systems: Windows 2000/NT/XP/AIX 5.3

Databases: HANA 2.0, Oracle 9i/8i, SQL Server, MS Access.

Security Audit Tools: SAP GRC Access Control (12.0,10.1 & 5.3), APPROVA

PROFESSIONAL EXPERIENCE

Confidential

Senior Risk Transformation & SAP Security

Responsibilities:

• Working as member of our Risk Transformation (RT) service center part of a specialized advisory practice
• Working in the team supporting the SAP Security delivery and GRC Access Control technology solutions
• Worked in the SAP security support project for EY's global SAP Application support
• Designed and supported SAP Security project and solution providing for the technical and functional specifications
• Conducting security Kick-off Meeting and meet with the functional Business Process Owners (BPO) to discuss the SAP authorization concept and explain the strategy.
• Created Role Strategy Document for the business and IT roles for ECC 6.0.
• Designed & supported business roles in GRC 10.0 and mapping Business Roles with ECC technical roles.
• Reviewed the scope for new roles and user role report to determine the necessary project team to manage end-user role and authorization profile creation and design.
• Produced an enterprise-wide role matrix, a document that describes authorizations, detailing roles and their assignments to transactions, reports, menu paths, and organizational levels
• Drafted a technical design document of user roles and authorizations, providing the development details for the creation and changes of the roles
• Implemented new strategies for SAP HR environment. Creation of new roles and structural authorizations for the business accesses.
• Worked in all risk control processes including IT general controls, testing plans, testing execution in an integration testing environment and control remediation.
• Extensively worked on management view, risk analysis, audit reports, security reports and background jobs for analyzing the risks in role level.

Confidential

Technical Lead - SAP S4 HANA Security

Responsibilities:

• Working as SAP S4 HANA Security analyst and specialist for SAP S4 HANA Security implementation from ECC 6.0 to SAP S4 with HANA 2.0.
• Worked on SAP S4 HANA Security User Provisioning, Password Management, Privileged User Management, Generic Accounts, Role Maintenance, Authorizations, Audit Logging, User Data Encryption, Policies and Procedures.
• Reviewing and analyzing the existing SAP ECC 6.0 roles and segregating the authorizations as per new SAP S4 implementation strategy.
• Creation and modification of the SAP S4 roles. Performing unit tests and integrations tests in SAP S4 system landscape.
• Creating change requests for Non-production and production transports in SAP S4 systems landscape
• Create ECATT scripts to create test users and assign the remediated roles for testing
• Import the roles to test clients using the transaction code SCC1. Transported the generated roles and profiles in SAP S4 system.
• Designing NATIVE HANA 2.0 database roles with Object privilege, Package privilege, System Privilege and Analytical Privileges in the HANA Studio.Creation of Restricted and Standard users as per the business process requirements.Getting requirement from the HANA Developers and Basis team for assigning the privileges to the newly designed roles and HANA objects.
• Worked on HANA Security roles design for Smart Data Integration (SDI)Worked on BW on HANA for creation of roles to conduct Smart Data Integration (SDI) to enhance the process to create Remote resource and tables.Running scripts for to activate CVs and Updating Calculation views (CVs) into the roles.Securing PACKAGES while adding package privileges to SAP HANA user or role, provided access to the root package (all packages) a specific top level package or a specific sub package.
• Worked on the HANA access maintenance data is controlled by CATALOG READ Privileges and privilege to the DBA COCKPIT role.Worked on the S4 and HANA database User Unification for the DBMS user which was created in HANA DB
• Maintained Audit Logging, Parameters to prevent changes in Production.Worked on the table Logging, Specification, Authorization, and Tracking of Change Requests, Approval of Change Requests. Worked on SAP S4 HANA Batch Scheduling and Processing and Backup and Problem Management. Created the users and building the roles for SAP S4 HANA database through HANA Studio 2.0
• Assigning the privileges for particular schemas, procedures and objects for to the users according the projects. Designing authorization for different business processes and their reports. Configured and documented RFC's between S4 HANA, replication server
• Managing the SAP S4 HANA transports, creation of the delivery units. Exporting and importing SAP S4 HANA models.
• Performing Task specific customization and maintain connector and connection type.
• Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Streamlined and enhanced the corporate accounting and operations system.
• Developed and implemented security policy to adhere to business and auditing guidelines. Shared gap analysis with management and developed plan for offshore team to implement.
• Worked on the implementing ‘Single Sign On’ (SSO) with SAML configurations.Working POC SSO configuration with Infrastructure team to set up SAML Metadata and certificates.Configuration of General service provider with SAML 2.0, uploading of the metadata and POC (proof of Concept).
• Facilitated multiple training sessions on SAP S4 HANA N+ systems technology and administration to our global basis team. Advanced knowledge on SAP S4 HANA and in-memory technology across or global.
• Worked on the setting up FIORI security for the roles SAP UI2 USER 700for setting up the ODATA services like UI2/PAGE BUILDER PERS, /UI2/INTEROP & /UI2/LAUNCHPAD.
• Worked on the FIORI for setting up Auth. Object S RFCACL for trusted systems with fields RFC SYSID, RFC CLIENT, RFC USER.
• Creation of the FIORI Catalogs and groups, Target mapping - semantic object, action. Adding Catalogs and groups to the PFFCG roles.Worked on the creation of FIORI Tiles (Dynamic, New tiles & KPI tiles) and assigning those to the FIORI users.
• Creation of the FIORI different FIORI roles like UI2 FIORI CATALOGS READ, SAP UI2 FIORI CATALOGS READ, Z: FIORI ADMIN, Z:IT FIORI END USER, ZFIORI CATALOGS GROUPS and Z:TEST ROLE FIN FIORI APP.
• Worked on the /UI2/TRANSPORT- Used by SAP Fiori Launchpad designer to read and assign transport request.
• Worked on the FIORI Security in SAP Net weaver Gateway, ODATA, Web Dispatcher and Load balancer. Deep understanding of security structure for external and internal users.
• SAP Business Objects Planning and Consolidation (SAP BPC)(a component of SAP Business Objects EPM portfolio) is an application
• Worked on setting up SAP BPC Security and Audit settings to ensure user entitlements and access rights.
• Working on Creation of users, tasks, Task Profile, Data Access Profile, Team. Handling user authorizations for BPC environment
• Worked on the User administration and authentication with CMS and Active Directory domain considerations for User setup & Team setup
• Worked on the Task profile set up for roles System Admin, Primary Admin & Secondary Admin
• Worked on the Creating and modifying Member Access Profiles, also worked on the resolving Member access profile conflicts.
• Worked as Core team member for GRC 12.0 integration with S4 HANA
• GRC Access Controls 12.0 and Process Control (Finance) post installation administration.
• Worked on the Access Risk Analysis (ARA) for Segregation of Duties and Sensitive Transaction rule set. Creation of the New risks and mitigation controls as per business processes. Worked on SAP Fiori Apps in SAP S/4HANA

Confidential

Technical Lead - SAP S4 HANA Security

Responsibilities:

• Coordinating with Motorola IT and business teams to find the requirements of the business. Created Role Strategy Document for better understanding of the business and IT roles for ECC 6.0 and SAP HR for more than 900 roles.
• Conduct security Kick-off Meeting and meet with the functional Business Process Owners (BPO) to discuss the SAP authorization concept and explain that security implementation is a cross-application responsibility functional people will know what R/3 transaction codes each job role will require.
• Daily monitoring of all Prod and QA system, RFC connections, printers and buffers using Solman and CCMS.
• Resolve critical issues, escalating when necessary.
• Batch/scheduling resolution of 20k daily jobs managed by Control-M 6.2.
• Assist project team activate new jobs.
• Support emergency migration of batch jobs and or variants to Production.
• Administration of printer configuration for 3500 printers worldwide enforcing change process for any new request.
• On-call rotation between 57 onshore/offshore basis resources supporting over 175+ individual SIDs.
• Worked closely with offshore teams comprising of 2 shifts to cover our 24 X 7 coverage.
• Performed Kernel Upgrades Tuned R/3 database and buffer pool for optimum performance.
• Performance tuning of 30TB BW system during extraction/activation using a myriad of tools; treading, log/gateway/buffer analysis to identify and resolve issue.
• System Refresh support - Participate in planning/execution of quarterly system refresh of multiple concurrent refresh.
• Built execution plan from template (R/3, ECC, APO, CRM, SRM and BW) assigning on/offshore resources. Drove delivery by daily transition calls and status reporting.
• Managed logistics of shipping export data from Production to QA sites.
• Load data onto server before initiating recovery.
• Established compatibility with third party software products by developing program for modification and integration.
• Established compatibility with third party software products by developing program for modification and integration.
• Coordinated with systems partners to finalize designs and confirm requirements.
• Managed firewall, network monitoring and server monitoring both on- and off-site.
• Configured Production SAP S4 HANA systems with high-availability by adding standby host.
• Created new databases, schemas and users per project requirements.
• Migrated SAP S4 HANA content from Development, Test to Production.
• Successfully migrated SAP S4 HANA SP9 to SP10.
• Facilitated multiple training sessions on SAP S4 HANA technology and administration to our global basis team.
• Established compatibility with third party software products by developing program for modification and integration.
• Made the BI Security Roles as granular and optimum so that the Info Objects can be utilized as much as possible
• Creating Analysis Authorizations based on the business requirements.
• Optimized the Roles and Analysis Authorization for maintenance purposes.
• Used the roles as the medium to assign the analysis authorization objects rather than direct assignment.
• Created roles using PFCG and Analysis Authorizations using RSECADMIN.
• Used SAP best practices like setting the following Info Objects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• Resolved BI Authorization issues using RSECADMIN logs and worked with BI developers to modify the reports as per the business requirements and including the authorization variables in the reports.
• Researched and applied OSS Notes (SNOTE) to resolve hierarchy node security, and RSECAUTH / RSECADMIN performance issues.
• Maintained authorization fields (SU20) for the authorization object R PM NAME (Planning Folder) in BI.
• Worked on Confidential Security for users created by UI and CSV import using the data load. Confidential Users created both in Parent and Child Realms with Administrators and User admin users in the Confidential system.
• Managed Users and Groups, Generates Passwords, Managed profile requests and Manage Delegations on behalf of other users in Confidential system. Created custom group and system groups for the Confidential system.
• Worked on Confidential authorization management occurs within the organizational units, allowing the most direct and efficient method for managing multiple roles allowing the most direct and efficient method for managing multiple roles.
• Worked on the Authorization for each User set up by the unit Authorizer in each department. Authorizers grant users access on either a budget, org code, or commodity level, as per the Confidential application requirements. These roles are designed to search for the closest user authorized for a particular application. These roles will only apply to their designated budget and org code.