Sap Security Lead/architect Resume
SUMMARY:
- 9+ years of experience as a SAP Security Consultant in various SAP ERP central components, SAP NetWeaver components, SAP Business Suite components, SAP Solution Manager, SAP IS and SAP compliance/SOX
- Comprehensive understanding of SAP Security for various modules
- Rich technical experience in SAP R/3 Security (ECC), SAP BW, HR, CRM, SRM, APO, BOBJ, HANA, Solman, PI/XI Security.
- Experienced with GRC Tool - have experience of working with Firefighter, Compliant User Provisioning (CUP), Compliance Calibrator (CC), Risk-Analysis-Remediation (RAR) components of GRC.
- Experience of working independently with Functional & Business users to understand the security requirement.
- Responsible for providing customers with Security design, Implementation, Development, Enhancement and Support activities for their SAP applications.
- Expertise in managing the security requirement gathering, technical activities and proficiency in coordinating with the clients, enhancing their process operations.
- An effective communicator with excellent relationship, management skills and strong analytical, problem solving with organizational abilities.
- Experienced in SAP R/3 and Enterprise Portal security.
- Implemented and upgraded security in R/3-ECC systems.
- Extensive use of SAP Profile Generator(PFCG) to create and maintain authorization data
- Design experience implementing single, derived and composite roles
- Worked on SAP Check Indicator Defaults and Field values using transaction SU24 to maintain check indicators & specific field values for Transaction codes.
- Frequent use of SUIM and Ad-hoc SE16, SQVi reports for analysis.
- Assisted with security on various SAP modules like SD/MM/FICO/IS-FSCD/BPC/SRM/SEM/IS RETAIL/APO
- Multiple implementations, upgrade, risk management, re-platforming and change management experience.
- Considerable SAP security role design strategy knowledge.
- Performed basic ABAP code trouble shooting and programming error determination.
- Worked with all security related tables (AGR *, USR*).
- Developed custom authorization objects (SU21/SU20) based on client’s business needs.
- Converting field RESPAREA (Profit Center / Cost Center) into Organization field using SAP standard program PFCG ORGFIELD CREATE
- Set up security by INFOAREA, INFOCUBE, ODS, INFOOBJECT, QUERY and WORKBOOKS.
- Worked and implemented BI security based on new BI 7.0 analysis authorization concept.
- Marked info objects as Authorization Relevant / Non-authorization relevant
- Created new analysis authorizations with specific info object access
- Configured and built custom roles and authorization objects to restrict data view access.
- Limit query access within the B-Ex Analyzer.
- Tracing standard and custom reporting authorization objects using ST01, RSECADMIN
- Knowledge of BI objects development methodology from a developer standpoint.
- Experienced in interacting with BI techno-functional consultants for problem diagnosis.
- Upgrade experience from BW 3.5 to BI 7.0.
- Limiting the Query access within the BEx Analyzer
- Building security for Administrative users using SAP provided templates
- Design HR Security roles - General authorization & Structural authorization
- Configure HR Security switches using Transaction OOAC
- Restrict security access by different info types owned by HR / Payroll
- Familiar with PP01, PPOME, PA20, PA30 Transactions for Organization Management (OM) and Personnel Administration (PA)
- Set up security roles for different HR modules like BSM, EDM, Recruiting, Benefits, Compensation, Payroll etc.
- Running Reports & Batch Jobs for Programs like RHBAUS00, RHBAUS01, RHBAUS02 to keep the structural authorization profile updated
- Familiar with the use of critical HR authorization objects like P ORGINCON, PLOG, P PERNR, P ABAP etc.
- Knowledge on PII (Personally Identifiable Information) info types and restricting access to them
- Running SOD reports and keeping the roles SOD free
- Setting up PFCG Security Roles mapped to Business Roles in CRM
- Running Trace from backend ABAP system when users accessing the CRM system using Web UI link
- Restricting security access to one Business Role per user
- Experience of working with Trusted RFC connections with different systems
- Design SNP (Supply Network Planning), DP (Demand Planning) & gATP (Global Available to Promise) security roles
- Restriction on access at workbook & location level
- Converting location into Organization level field using the program PFCG ORGFIELD CREATE
- Experience of using BI Security Analysis authorization concept in Demand Planning area
- Setting up MDG (Master Data Governance) Security roles for Finance, Customer & Material Management
- Restricting access based on Web Dynpro links
- Running Trace from backend ABAP system when users accessing the MDG system through Web UI link
- Restricting security access at object level
- Providing access to Master Data update Transactions only in MDG system and locking them in regular ECC system
- Controlling Master Data changes through workflow (Requestor vs Approver Roles)
- Setting up Business Object authentication by LDAP / Enterprise
- Creating new Groups with specific permissions in BOBJ system
- Providing Folder level security in different Groups - Granting permission / Blocking permission
- Setting up alias user IDs in BOBJ system to map with HANA system
- Creating HANA Security Roles as run time objects
- Creating HANA Security Roles as Repository Objects under Package
- Granting permissions to HANA privileges like System, Analytic, Package, Schema etc.
- Assignment of HANA security roles via SYS REPO user ID
- Export / Import of HANA Security package / roles across the systems
- Using Solman system as a Change Management Tool for the whole system leandscape - creating new Change Request, work on Correction requests, changing the status, creating transport from solman for all the satellite systems, releasing them, moving changes to production etc. Familiar with CRMD ORDER transaction.
- Using Solman system as a Ticketing tool - create / change new Service requests based on user request and keeping all the log of the activities.
- Using Solman system as a repository of all Documents. Familiar with SOLAR01 Transaction.
- Design Solman Security based on different Job Roles - Requestor, Approver, Change Manager, Release Manager, Developer, Tester, Solman Administrator etc.
- Using Solman system as a CUA (Central User Administration) - Configuring CUA and managing the complete user administration of the child systems from CUA. Worked extensively with CUA Transactions like SCUA, SCUL, SCUG etc.
- Creating Portal users in Database
- Creating Portal groups and map them to portal roles, assigning users to roles
- Locking/Unlocking & resetting password of user ids in portal
- Familiar with GRC Business Objects Access control v5.3 set up (BOBJ AC 5.3).
- Used GRC BO Access control version 5.3 tools RAR (compliance calibrator), SPM (Firefighter) and CUP (Access Enforcer).
- Worked with VIRSA 4.0 Rule Set & Mitigation Control set up.
- Assisted in Sarbanes Oxley Compliance in SAP System Audit’s and documented significant processes and controls.
- Familiar with ITSM Incident & Request Management Tool - creating new tickets, working on them and closing tickets.
- Worked with ClearQuest/Remedy Tool - Opening change management requests, changing their status and keep log of all activities.
- Managing SharePoint for all project documents - MS word, Excel, Power Point etc.
PROFESSIONAL EXPERIENCE:
Confidential
SAP Security Lead/Architect
Platform: SAP ECC, SCM, CRM, SRM, RPM, BI/BW, BOBJ, HCM, PI/XI, Solman (Documentation & CUA), GRC VIRSA 4.0
Responsibilities:
- Design, development and testing of authorization roles in SAP ECC, HCM, Portal, BI, SRM, SCM, RPM, XI, TREX and Solution Manager systems
- Design, administration and maintenance of Virsa/GRC Tools including Compliance Calibrator and Firefighter.
- Contribute to the architecture of SAP security for multiple Integration projects, Rollouts, Role Redesign and Upgrade projects
- Periodic security reviews of the SAP systems to ensure application of relevant security notes and participate in audit and compliance activities.
- Work closely with the Business Analysts to design and maintain security roles to ensure that systems across the entire landscape are SOX compliant.
- Manage all project documents in SharePoint site and keep them updated. Also keep the approved security documents uploaded into Solman system.
- Solve highly technical and complex security problems across the SAP landscapes related to security authorizations.
- Recommend strategic improvements, application usage and apply knowledge of the business processes in various functional areas as it relates to overall security requirements.
- Protect sensitive business information by securing custom programs, tables and ensuring that security roles are designed, developed and transported in accordance with the company regulations and processes.
- Generate reports to gather relevant data and information as per the queries from internal and external auditors.
- Configure & maintain the CUA set up in Solman system. Manage user administration from CUA for all child systems and troubleshoot any issues reported.
- Maintain the VIRSA 4.0 Rule set in the SAP systems, updating Functions, add new/change the Risk ids, add Mitigating controls, generate & transport of rule sets after modification.
- Run SOD risk reports at Role or User level using the VIRSA 4.0 cockpit
Confidential
SAP Security Lead
Platform: SAP ECC, APO, CRM, BI/BW, BOBJ, HANA, MDG, FSCM, PI/XI, Solman, GRC 5.3
Responsibilities:
- Requirement gathering, scoping & analysis
- High Level solution/design formation and verification of solution with client
- Effort estimations, project planning and execution
- Managing all phases in the project life cycle - Design, Execution, Testing, UAT, Production delivery
- Quality Management and Analysis during all phases in the project life cycle
- Manage day to day team activities and provide technical & functional guidance to the team
- Understanding the business process of our client and designing their SAP security roles
- Manage customer Relationships - Obtain feedback and responsible for customer satisfaction
- Designed & developed HANA Security Roles (a HANA Repository Objects) which are transportable across the HANA system landscape
- Designed & developed the CRM Security Roles (PFCG) which were mapped to associated Business Roles in Transaction CRMC UI PROFILE of the CRM system
- Designed & developed the Supply Network Planning (SNP), Demand Planning (DP) and Global Available to Promise (GATP) Security roles in APO system
- Designed & developed the MDG (Master Data Governance) Security Roles for Finance, Customer & Material Management modules
- Designed & developed the FSCM (Financial Supply Chain Management) Security Roles for Collection & Dispute Management modules
Confidential
SAP Security Lead
Platform: SAP HR, BI/BW, PI/XI, Solman, GRC 5.3
Responsibilities:
- Meeting with the business & IT team to gather the security requirement
- Design the HR & Payroll Security Roles for production end users & support center users
- Handling the end to end delivery of the security roles build from Development system to Production
- Documenting the user requirement specification (URS), functional design specification (FDS)
- Coordinating the work between off shore & onsite Team
- Addressing audit / compliance questions
- Supporting unit testing, integration testing, system testing & user acceptance testing
- Keep all project documents up-to-date in SharePoint and provide the exact location of the documents in SharePoint as & when asked by the project management team / auditors.
- Providing day to day status update in the project management call
- Creating Standard Operating Procedure (SOP) documents
- Establishing the support model after go live
- Supporting the hyper care issues after the project go live
Confidential
SAP Security Lead
Platform: SAP SCM/APO, ECC, BI/BW, Solution Manager, GRC 5.3
Responsibilities:
- Handled the Security activities after Basis upgraded the SAP system from R/3 4.7 to ECC 6.0 - Run SU25, Adjust the Security objects using SU24, generate the profiles of affected Roles and captured them in Transport Request
- Coordinated with the APO functional resources to identify the APO transactions to be allocated into functional roles for Demand planning(DP), Global available to promise(gATP) and Supply Network Planning(SNP) APO modules
- Made initial SU24 settings for all APO transactions using trace(ST01) and testing of scenarios
- Utilized BI/BW analysis authorization concept to restrict Planning book data view by region
- Built analysis authorization regional roles for End users using S RS AUTH object
- Created derived roles and generated menu and authorization data from parent roles
- Identified and maintained organizational level values in the generated derived roles
- Secured custom development upload and publish functionality in segmentation module using custom fields and authorization objects
- Assisted the ABAP developer in coding the appropriate AUTHORITY-CHECK statements based on the requirements
- Co-ordinated with system administrators and GRC-compliance team to connect all APO systems to GRC CUP 5.3 to make them available for users
- Build technical project team roles based on Microsoft Role design strategy
- Updated the change management and document management tracking tool(VSTF) for all role development activities, changes and bug fixes
- Updated the PRGN CUST table and tested the parameters entered in APO systems based on client requirements
- Handled security activities for support pack level upgrade in our client’s APO system using Transactions SU25, SU24c etc.
Confidential
SAP Security Consultant
Platform: SAP R/3, BI/BW, Solman, GRC 5.3
Responsibilities:
- Direct interaction with client to address the production security issues with priority
- Hyper care support to major project activities during off hours
- Use ClearQuest Tool & Solman systems to work on Security Change Requests (end to end process)
- Providing daily status update of the Security incidents (tickets) to our client
- Handling audit and the following remediation activities
- Onsite point of contact for any escalated security issues
- Running weekly termination process for our client
- Chair the weekly Team meeting with off shore team members
- Role and profile management and additions using PFCG
- Conducted system trace(ST01) to identify and restrict objects allowing “note” creation in B-Ex web reports
- Re-designed BI security as our client’s system got upgraded from BW 3.5 to BI 7.0, created new analysis authorizations
- Identified missing authorizations via trace (ST01)
- Creation of OSS logins upon request and assigned the required authorization in OSS
- Identified critical role assignments to users and deleted role assignments of certain user groups
- RFC and ALEREMOTE user password reset
- User creation and assignment to composite roles in acceptance for user acceptance testing
Confidential
SAP Security Consultant
Platform: SAP R/3, BW
Responsibilities:
- Gathering the security requirement from client by direct / indirect interaction
- Designing the R/3 & BW Security roles as per client’s requirement
- Reviewing the security design with compliance team
- Presenting the change in CAB (Change Advisory Board)
- Developing the security roles and performing unit testing
- Coordinating the development & testing effort with offshore team
- Supporting system testing & user acceptance testing
- Updating project documents and getting sign off from compliance team
- Supporting go live and hyper care issues
Confidential
SAP Security Consultant
Platform: SAP R/3, BW, APO
Responsibilities:
- Handling incidents / tickets raised by the client users for their SAP access
- Troubleshooting security authorization issues reported by users
- Running monthly SOX control reports and uploading them in SharePoint
- Executing adhoc security access reports based on Compliance Team request
- Providing supporting documents & evidences during audit
- Joining weekly Team meeting calls and providing status update
- Working in rotating shift to provide continuous support to our client
- Building team spirit and sharing the knowledge among the team members
- Mentoring / guiding the new team members joining the offshore tem