SUMMARY

• He is an achievement - oriented and self-motivated IT professional who can deliver results with minimal supervision.
• He is keen in listening and communicating effectively, which has made him particularly adaptable in team-oriented environments to achieve maximum results.
• He has over 7 years of IT experience with the last 5 years of dedicated experience in SAP Security and GRC implementation and support.
• He understands business processes in regards to technical applications and is able to facilitate collaboration between technical teams, business process owners, and various levels of decision makers using technical terminology.
• He is proficient supporting SAP Security and GRC- Access Control in Access Risk Analysis (ARA), Access Request Management (ARM), Business Role Management (BRM) and Emergency Access Management (EAM).
• He also has 2 full cycle implementations in sap security and has a good understanding of SOX compliance requirements and SOD conflict issues.

AREAS OF EXPERTISE

• SAP Implementation
• GRC AC Implementation
• ASAP Methodology
• Segregation of Duties (SOD)
• SOD Design and Remediation
• Information System Audit
• Continuous Monitoring
• Production Support
• SAP Launchpad support

TECHNICAL SKILLS

Tools: ServiceNow, C4S, SAP IDM, SAP R/3.SECC 6.0, GRC AC 10.x, and MS Office (Word, Excel, PowerPoint, Outlook, Visio, Project)

ERP Application: SAP R/3, ECC, CRM, S4 HANA FIORI (FOUNDATION)

Methodologies: ASAP Methodology, SDLC.

Regulatory Requirements: SOX, HIPPA, ISO20002, PCI-DSS, FISMA.

PROFESSIONAL EXPERIENCE

Confidential

SAP Security Analyst

Responsibilities:

• OSS connection creation and maintenance using SAP launchpad tool
• Creating/Deleting S USER ID’s
• Creating and maintaining user master data according to the security policies and procedures.
• Responsible for creating and maintaining Master/Derived/Composite Roles, and Authorizations using Profile Generator (PFCG) throughout multiple SAP Landscapes based on complex client design restrictions and security.
• Worked on Mass user Administration activities using SU10
• Running Unit testing and User Acceptance testing.
• Supporting with user administration.
• Role change support for role that need to be transported using Rev Trac.
• Checking Queues of Tickets assigned in ServiceNow and giving production support
• C4S tool support
• Generating activity log for RFC/ System user Id
• Production support using SAP IDM tool.

Confidential

SAP Security and GRC Consultant

Responsibilities:

• Creating and maintaining user master data according to the security policies and procedures.
• Responsible for creating and maintaining Master/Derived/Composite Roles, and Authorizations using Profile Generator (PFCG) throughout multiple SAP Landscapes based on complex client design restrictions and security.
• Worked on Mass user Administration activities using SU10
• Tracing, troubleshooting and assigning missing Authorizations as per User requirement using SU53, SU56, SU21, SUIM, SE16N, ST01 & STAUTHTRACE
• Creating and modifying Single Roles, composite roles and Derived roles as per change request (PFCG).
• Extensively Used SUIM (User Information System) to generate various reports for audit monitoring.
• Assigning Controllers, and Owners to Firefighter IDs assigning firefighter IDs to firefighters.
• Validating the SOD violations for the available roles & users in the landscape against the regional rule set.
• Perform the simulation to find the violations for the new roles to be created against the regional rule set.
• Performing the remediation for the roles to resolve the risks at the role level instead of mitigation.
• Generating Firefighter log reports
• Downloading various security reports from ARA and EAM
• Review and act on daily monitoring/change reports and perform regular system audits to detect deviations of established procedures, role mapping, and unauthorized changes to the SAP security and report finding to management.
• Provide knowledge transfer and train client’s personnel on security authorization concept and security design/implementation.
• Perform daily monitoring of scheduled jobs related to security and compliance activities and associated system administration tasks.
• Prepare all applicable deliverables such requirement document, setup/configuration documents and weekly status reports.
• Communicate with clients of all levels

Confidential

SAP GRC Consultant

Responsibilities:

• Perform all aspects of SAP security implementation tasks which includes but not limited to coordinating and interacting with business leads and process owners, technical and functional SMEs, Internal Audit and Security Admins for the sole purpose of gathering SAP Security requirements.
• Create functional and technical design document to ensure role-building follows business and risks and controls requirement set forth by the internal control teams and obtain functional design signoff prior to build.
• Configure various types of role such as Single Roles, Composite Roles and Derived roles using the Profile Generator (PFCG).
• Implement the SAP GRC AC ARA to ensure segregation of duties (SOD) exists and Sensitive Access in the SAP systems are enforced.
• Performs user provisioning activities which includes, setting up new accounts, password resets, assigning users to appropriate groups and assigning security roles according to employee/contractor approved positions.
• Design, develop and Activation of Rule Sets, created custom rulesets and updated the functions grouping with custom transactions as required.
• Perform Role and User Level analysis for sensitive access and SOD worked with Role owner and process owners to address risk and assisted with outright remediation, and/or mitigation.
• Provide technical support for any GRC production related issues.
• Perform Firefighter ID Provisioning Tasks and troubleshoot any issues relating to Firefighters or IDs and GRC in general.
• Monitor SAP GRC systems and troubleshoot the issues and report to the management on a timely basis.
• Review and act on daily monitoring/change reports and perform regular system audits to detect deviations of established procedures, role mapping, and unauthorized changes to the SAP security and report finding to management.
• Provide knowledge transfer and train the trainer exercise to client personnel on security authorization concept and security design/implementation.
• Worked with offshore team, led and provide daily tasks, provided knowledge transfer (KT).