SUMMARY

• Over 17 years of experience in SAP Security/Roles and Authorizations, GRC (Access Control) and Audit/compliance/SOX. Over 10 years of experience as a Senior SAP Security Consultant/Architect/Solution designer
• Worked on 9 SAP Application Security implementations as well as several upgrade and sustainment related projects.
• SAP implementation experience on a global scale - Federal & Provincial Government, Health care, Retail, Telecom, Manufacturing, and Infrastructure services
• Segregation of Duties (SoD), SOX/Audit/Risk/Compliance/Identity Management
• SAP S4/HANA Certified Technology Professional - System Security Architect
• SAP Certified Technology Associate - SAP HANA 2.0
• SAP Security design, implementation, role designing/build & testing, change management and Incident management in S/4HANA, SAP Fiori, ECC 6, BW 7.4/onHANA/4HANA, BOBJ 4.2/4.3, BPC 10/HANA, SAP Ariba (P2O & P2P), HCM 7, SRM 7, CRM 7, SCM 7, Solution Manager 7.2, DFPS (Defense Forces and Public security), SAP Disclosure Management (DM), PI/PO, GRC 10/12 (Access Control) and Enterprise Portal.
• Designing SAP Application Security models (Access control and Process control), Strategy and Procedural documentation
• Managing business workshops for requirement gathering and conversion of business requirements into technical design/authorization matrix and documentation
• Work closely with the Functional teams (FI, CO, AA, FM, CS, TR, SD, PS, MM, IM, WM, SD, QM, PP, PM, GTS, EWM, HCM, CRM, BW/BI, BOBJ, BPC, PI/PO) and Business Process Owners to understand & analyze business requirements, design and build security roles during all the stages of SAP implementation
• Analyzing existing SAP systems to the understand security gaps. Recommending and implementing solutions to improve security designs, policies, and procedures
• Developing authorization strategy and designs and user to business role matrices. Working closely with Organizational Change Management and BPO’s to identify and develop business roles
• Implementation and administration expertise in GRC 10/10.1 - ARA, ARM, EAM (Access Control)
• Monitoring security roles for critical transaction/objects. Segregation of Duties (SoD) analysis and fixes at user and business role levels
• Governance, process design, documentation, Audit (Internal & External) and Business Process controls
• Act as a Subject Matter Expert for SAP/Application security implementations
• SOX policies followed involved ITCC control points during processes

PROFESSIONAL EXPERIENCE

Confidential

SAP S/4 HANA Security Architect

Responsibilities:

• Lead Application security team and initiatives from design perspective. Act as a Subject Matter Expert for S/HANA security implementation including integration with other systems - SAP GRC, Hybris, Open Text, Broadcom & Service Now.
• Work with CBSA and Confidential to design and develop S/4HANA security design and integration models including SAP security strategy that adhere with CBSA security protocols and best practices
• Design, test, document and implement best practice controls for SAP security solution including Interface and Integration security.
• Recommend and develop security measures to protect information against unauthorized access
• Managing business and security workshops for business requirement gathering/planning, documentation, and conversion of business requirements into technical design/authorization matrix/Strategy documentation
• Working closely with Business Process owners (BPOs)/SMEs, Technical teams, Functional teams (FI, FM, CO, AA, SD, PSCD), Hybris and Open Text to understand security requirements and recommend best security practices
• Work with audit, Internal Controls and Risk Management to design security methodologies. Oversee application security and Integration testing including Unit testing, Integration Testing, UAT, Vulnerability and Penetration testing
• Role administration, designing, implementing, testing and change management in - Master/Derived Roles, Single roles, and composite roles
• Fiori role design and implementation - Catalogs, Groups, 0DATA services, Tiles, Apps and Enterprise Search entities
• Risk management for custom transactions, tiles, apps, interfaces, and applications
• Integration of SAP Fiori with SAP Business Objects for AO and Web Intelligence reports
• Working with business, functional teams and developers to define and design Folder hierarchies, backend roles, content, applications, and system security
• Designing and administration of User Groups, Custom Access levels (CALs) and Rights/Permissions.
• CMC configuration - importing backend roles, Groups, permissions, custom access levels and authentication mechanism
• Design, Restrict and Control authorizations for SAP HANA DB objects and Packages based on System Privileges, Object Privileges and Analytic Privileges
• Designing and build security strategy of custom user exits for controlling access to Cost Center, Profit Center and Funds center data
• Lead the solution design for SAP GRC 12 - Access Risk Analysis (ARA) and Emergency Access Management (EAM)
• Designing, build, documentation, testing and implementing SolMan roles/authorizations - SOLMAN SETUP, IT Service Management (ITSM), Change Management (CHARM), System Recommendation (SR), and Custom Development Management Cockpit (CDMC)
• Security design for Integration of S/4HANA with external Portal (SAP Hybris), SAP CRM (Case Management system) and Open Text system for document management.
• Oversee SAP security upgrades to analyze the changes, configure/update security roles and unit test to meet the security requirements.
• Security test scripts for unit testing, Integration testing, user acceptance testing (UAT) and S&A testing
• Segregation of Duties (SoD) and authorization stacking reviews/analysis on roles and users. Working closely with audit and ITGSC to implement the fixes using Integrated Financial Management System (IFMS) solution. Work with business, audit and ITGSC to mitigate Segregation of Duties (SoD) conflicts and risks
• Participate in security projects, risk management and process improvement initiatives
• Analyzing and applying security related OSS notes

Confidential

SAP S4/HANA Security Lead

Responsibilities:

• Managing security workshops for business requirement gathering/planning, documentation, and conversion of business requirements into technical design/authorization matrix/security strategy
• Lead and manage application security solution while working closely with business and system Integrator.
• Working closely with Business, Technical teams and Cross functional teams (FI, FM, CO, AA, SD, MM, PM, & HCM) to understand security requirements and recommend and implement best security practices
• Role designing, implementation, testing and change management in S4/HANA environment - Master/Derived Roles, Single roles, and composite roles
• Role designing, implementation, testing and change management in SAP Fiori - Catalogs, Groups, 0DATA Services, Tiles, Apps & Enterprise search entities
• SU24 maintenance for standard and custom transactions
• Risk management for custom transactions, tiles, apps, interfaces, and applications
• Role designing and implementation in SAP HANA for Developers, Data Modelers, Technical Administrators, Reporting Users and Power Users.
• Design, Restrict and Control authorizations for SAP HANA DB objects and Packages based on System Privileges, Objects Privileges and Analytic Privileges
• Designing Analytical privileges including SQL Analytical Privileges and Dynamic Analytical Privilege
• Designing, build, documentation, testing and implementing SolMan roles/authorizations - IT Service Management (ITSM) and Change Management (CHARM) requirements.
• Segregation of Duties (SoD) and authorization stacking analysis
• Monitoring of security roles for identifying critical transaction/objects and resolving SOD conflicts
• Analyzing SOD reports to analyze, recommend and implement solutions/redesign to resolve SOD conflicts
• Implementation and Administration of SAP GRC 10.1. Post Installation activities and parameter configuration for Access Risk Analysis (ARA), Access Risk Management (ARM) and Emergency Access Management (EAM)
• Manage workshops with business and Audit teams to understand the business requirements using Fit/Gap Analysis. Designing, defining, and documenting Controls and Implementation Strategy.
• Identifying, defining, and maintaining risks and ownership while working with business process owners, functional and audit team
• Work with business and audit to Identify Mitigations. Creating and updating mitigating controls based on the requirements to mitigate Segregation of Duties (SoD) risks.
• Configuration of rule set for Access Risk Analysis (ARA), Access Risk Management (ARM) and Emergency Access Management (EAM)
• Customizing workflows and templates for Access Risk Management (ARM)
• Configuring parameters for Access request Management (ARM)
• Maintain MSMP Workflows and BRFplus rules for Access request Management
• Creation, maintenance and setting up Firefighters for Emergency Access Management (EAM) - ID Based Firefighters and Role based Firefighter
• Maintain Access Control Owners, assign Firefight IDs to Controllers and Firefighters and maintain reason codes
• Test scripts for unit testing, Integration testing, user acceptance testing (UAT) and Vulnerability testing
• Plan and Perform Cutover activities for Go-Live and Hypercare support to business and functional teams.
• Security upgrades to analyze the changes, configure/update security roles and unit test to meet the security requirements

Confidential

Senior SAP Security Consultant

Responsibilities:

• Lead and manage security workshops for business requirement gathering/planning, documentation, and conversion of business requirements into technical design/authorization matrix
• Working closely with Business Process owners/stake holders, BW/BO/Technical teams, Functional teams (FI, FM, CO, AA, SD, MM, PS, PM, CATS, SFT & REFX) and business to understand security requirements and recommend best security practices
• Review existing security design and structure. Provide recommendation to improve the security policies and role design (access control)
• Role administration, designing, implementing, testing and change management in - Master/Derived Roles, Single roles, and composite roles
• SU24 maintenance for standard and custom transactions
• Fiori role design and implementation – Catalogs, Groups, 0DATA services, Tiles, Apps and Enterprise Search
• Fiori –maintenance of custom Tiles, Apps and Services
• Designing and maintenance of BI roles for standard/custom queries and menu/folders.
• Designing, creation and maintenance of BI analysis authorizations
• Designing and maintenance of custom user exits for controlling access to Cost Center and Funds center data
• Working with business, functional teams and data modelers to define and design Folder hierarchies in Business Objects BO 4.2/4.3
• Designing and maintenance of BO backend roles
• Designing and implementation of BO content, Application and System security
• Designing and administration of User Groups, Custom Access levels (CALs) and Rights/Permissions.
• CMC configuration - importing backend roles, Groups, permissions, custom access levels and authentication mechanism
• Design, Restrict and Control authorizations for SAP HANA DB objects and Packages based on System Privileges, Objects Privileges and Analytic Privileges
• HANA Analytical privileges including SQL Analytical Privileges and Dynamic Analytical Privileges
• Security design and implementation in SAP Disclosure Management (DM)
• Administer roles and Permissions (local permissions and global permissions) in SAP DM.
• Design, build, and maintenance of roles and authorizations for SAP Ariba P2O and P2P business processes
• Design, build and maintenance of roles and authorizations in SAP PI/PO systems
• Designing, build and implementation of SolMan RFC authorizations for satellite systems, SOLMAN SETUP and Root Cause Analysis (RCA)
• Designing, build, documentation, testing and implementing SolMan roles/authorizations – IT Service Management (ITSM), Change Management (CHARM), System Recommendation (SR), and Custom Development Management Cockpit (CDMC)
• Transporting roles/authorization objects to production using CHARMS/HPQC
• Troubleshooting and resolving authorization related issues using SU53, ST01, RSECADMIN & STAUTHTRACE
• Work on security upgrades to analyze the changes, configure/update security roles and unit test to meet the security requirements. Providing support to the Functional teams and Business during upgrade activities, Integration testing and Go-Live.
• Creating security test scripts for unit testing, Integration testing and user acceptance testing (UAT)
• Segregation of Duties (SoD) and authorization stacking reviews/analysis on roles and users. Working closely with audit and ITGSC to implement the fixes using Integrated Financial Management System (IFMS) solution.
• Working with business, audit and ITGSC to mitigate Segregation of Duties (SoD) conflicts and risks
• Participate in security projects and process improvement initiatives
• SAP ECC and EHP upgrades
• SAP BW security upgrade from BW 7.4 to BW 7.5 and BWonHANA
• SAP BO security upgrade from BO 4.1 SP3 to 4.2 SP5 and 4.3
• SAP Solution Manager upgrade from 7.1 to 7.2
• Analyzing and applying security related OSS notes