PROFESSIONAL SUMMARY:

• Have 18+ years of extensive experience as a SAP Security Architect & GRC Access Controls SME in many SAP Implementations ranging from Manufacturing, High Tech, FDA, Chemicals, Utilities, Food, Public Sector, IS Retail, IS Media & Insurance Clients.
• Over 7+ years Business experience in HR, SD, MM, WM, PP & FI modules.
• Security implementation in R/3,BW,HR,ESS,SEM,APO & Workplace environment.
• Experienced with Portal Security and worked with LDAPs, Multiple LDAPS, AD for User authentication. Experienced with UME for User, Role creation and maintenance.
• Experience with Identity Manager (IDM), RBE, TC, Insite & other tools.
• Designed & developed the complete SAP GRC and Security implementation strategy and Security Project Plans for many global implementations, upgrades and conversions from CCXT SAFE to GRC AC 5.2, AE.net to GRC CUP, Upgrade from GRC 5.3 to AC10.1.
• Successfully Implemented GRC AC10.1 and 10.0 at multiple clients.
• Security Upgrades from 3.1H to 4.5B, 3.1H to 4.6C and 4.5B to 4.7 and ECC6.0.
• Experienced with multiple SAP Security Role Redesign and Remediation projects.
• Implemented security at program, report, table and user exit level.
• Experienced with Internal Controls, Audit Remediation and SOX compliance issues.
• Expertise with all versions of SAP GRC AC Suite of products from AC 10.1 to oldest version. (Virsa Compliance Calibrator CC2.0, CC3.0, CC4.0 and NetWeaver CC 5.1, 5.2 and 5.3, Role Expert 4.0 & NetWeaver RE5.3, Risk terminator, Fire Fighter & Access Enforcer .net & AE 5.3, GRC AC10, CCXT aka PWC SAFE, Bindview, AIS etc.
• Implemented Virsa/GRC Access Controls at over 50 clients.
• Experienced in SAP GRC Access Controls Suite upgrades, partners/clients.
• SAP System Administration, with expertise in Security, Compliance, Remediation, Redesign and Implementing methodology for Detective and Preventative Controls.
• Facilitate the customization of SOD Rule sets that meet unique Internal and External stakeholder’s requirements which are specific to a client or strategic business needs.
• Conducted workshops for the Business Teams and Data Owners to communicate organization’s security and compliance methodology and the role development process.
• Extensive experience with SAP Release 3.1H to ECC 6.0 functionality, Roles, Derived Roles, Composite Roles, Responsibilities, Value Roles, etc.
• Designed/ developed security roles for IS - CD, HR, SD, MM, FI, PP, BW, APO, SEM, GTS, SRM, CRM, XI, SM & Basis module in SAP R/3 releases from 3.1H to ECC 6.0.
• Provide Best Practices for Security and helped define and implement Best Practices for SAP America for GRC Access Controls Suite 5.2.
• Documentation of all Security Procedures & the security administrators.
• Presenter & speaker for Security and GRC at GRC, ASUG and SAPHIRE.
• Excellent interpersonal and communication skills.

PROFESSIONAL EXPERIENCE:

Confidential, Fremont CA

Security & Controls Consultant

Responsibilities:

• Provide senior level expertise, and guidance in client engagements for implementation, remediation, performance and reporting.
• Provide on-site Customer Implementation, & Customization for Virsa products.
• Conduct Train the Trainer course for SAP GRC consultants and Partners (D&T, PWC, Protiviti, etc.). Official trainer for SAP GRC courses.
• Preached and expertly implemented the SAP GRC/Virsa SOD Methodology.
• Design/Maintain Virsa’s Best Practice documentation regarding SoD and Critical Access.
• Provide best practices, analysis approaches and SAP/Virsa practical “tips & tricks”.

Confidential

DUPONT SAP SOX/Audit Security Consultant

Responsibilities:

• SOX and Audit Security Consultant with the DSAP ART group (Dupont SAP Audit Remediation Team) for DUPONT, a global chemical manufacturing company.
• Provided technical advise for the remediation of the existing profiles and Roles on the 4.0b and 4.6c environments.
• Performed global audit and remediation to secure Dupont’s SAP R/3 4.0B, 4.6C, BW, and APO systems, and to make the environment Sarbanes-Oxley compliant.
• Security re-architecture resolved SOD, implement proper security controls & procedures.
• Work with business process owners to develop mitigating controls to resolve SOD issues that could not be removed from roles.
• Perform SOD analysis and resolution. Work with business process owners to develop internal controls strategies for Sarbanes-Oxley compliance project.
• Complete redesign and revamp of security profiles and presently converting them into Roles and created their Org. specific Responsibilities & Derived Roles.
• Define and develop security policies and procedures.
• Audit Remediation tasks includes checking security in Activity groups for access to critical transactions, critical objects, critical authorizations, checked & resolved SODs.
• Perform global transition and production support for the new security architecture rollout. Approx. 14,000 users mapped and converted to their new work Roles.
• Recommend best practices for naming conventions, role design, handling user ids (batch user ids, test user ids etc.) and overall user administration.

Confidential

SAP Security Consultant

Responsibilities:

• Security Consultant for Confidential (One of the largest and most complex SAP implementation in North America) a large paper and chemical manufacturing company with over 1,25,000 employees globally.
• Provided technical security consultation for this Security Upgrade from 4.5b to 4.6d for Project SSUE using Best Practices and Uniform procedures.
• Complete redesign and revamp of security for 16 SAP modules and new dimension products (BW, APO).
• Planned, designed and executed the upgrade from 45.b manual profiles and activity groups to 4.6d Roles based security for SSUE upgrade/Role conversion project.
• Evaluated approximately 20,000 profiles to be replaced. Designed, build and tested new model roles and derived roles and identified new transactions and authorization objects for the 4.6d environment.
• Developed Naming convention for Test User ids, Batch User id and procedures for handling OSS User requests.
• Developed procedures for resolving access requests for Integration testing, Pilot User Testing, go live and post go live PRD access.
• Resolve Audit issues like restricting debug access, and access to critical and sensitive transactions, programs and tables, etc. in Production.

Confidential

SAP Security Consultant

Responsibilities:

• Lead SAP SECURITY Consultant with Confidential for their client AVAYA Communications a large manufacturing company.
• Leading the Security effort for Project PGT2 for this 3.1H to 4.6C upgrade for R/3 modules (FI/CO, MM, SD, PP, PM, HR & ESS), & supporting 20,000 users globally.
• Complete redesign and revamp of Security, for the R/3 modules & new dimension products (BW, APO & SEM).
• Planned, designed & executed the upgrade from 3.1H Manual Profiles & Act. Groups to 4.6C Roles & Position based security for PGT2 upgrade/conversion project.
• Developed Naming Conventions for Business & Technical roles. Designed procedures for handling important Security and Audit issues like creating of custom authorization objects, authority groups for programs and tables, restricting access to SAP ALL in Production, etc.
• Implemented Security Best Practices & identified bottle necks/manual processes and corrected/automated the same for easier Ongoing maintenance, e.g. Sync of User tables, maintaining SU24 for custom transaction and auth. Objects.

Confidential

SAP Security Architect

Responsibilities:

• Worked for SAP America as SAP SECURITY ARCHITECT for their client Great-West Life & Annuity Insurance Company an Insurance provider, on release 4.6C (FI, CO, CM, IS-CD and HR) and lead the Security effort for this Industry Specific Insurance module, which had over 8000 users.
• Developed and designed the complete Security implementation strategy and project plan which included Naming Conventions (for Roles, Profiles, Authorization Objects, Authorization Groups, etc.), Role Development, Testing, Ongoing maintenance process, Role Change management process etc.
• Major s include addressing and resolving the special security needs for IS-CD module, as CD module has no security within.
• Developed procedures to troubleshoot R/3 problems.
• Developed Role definition process & development strategy. Organized security workshops & follow on work sessions with Functional team leads & Role Owners.
• Developed a Role Management Tool in Excel.
• Setup Security Development using Best Practices & Uniform Procedure e.g. demonstrated the efficient use of Profile Generator, customization of authorization checks, etc.
• Developed procedures for critical access requests for Integration testing, go live and post go live PRD access.
• Designed and developed Roles for Configurators, Developers, Basis, Security and other team members for R/3, HR and ESS users.
• Customized Profile Generator and setup the related security system parameters.
• Led an effort along with the Audit team for developing Segregation of Duties Matrix.
• Documented security policies & procedures, held extensive sessions with security admins.

Confidential

SAP Security Consultant

Responsibilities:

• SAP SECURITY consultant for Confidential . a Semi Conductor Manufacturer, on release 4.5b (FI, CO, PP, MM & SD), 4.6C (HR) & BW release 2.0B & was part of the Core SAP Security team supporting 14000 users globally.
• Production support for FI, MM, SD, PP, HR and BW modules. Responsibilities included troubleshooting production security issues, Setup Security for new projects based on the addition of new Plants, Shipping Points, other ORG values and new Personnel areas, Info types for HR Security.
• Developed a strategy to upgrade from profiles based security to Role Based security.
• Experienced in HR with Structural Authorizations, PD rules, PD profiles, Activity Groups, proxy authorizations and managers desktop security.
• Set up procedures to Troubleshoot R/3 security problems.
• Developed Roles for Configurators, Developers, Basis, Security, Workflow, DBA, Regional User Administrators and other teams.
• Defined procedures to clean up of Temporary access from the Production clients, review and remove additional access from Users which was given for Go-Live.
• Resolved Audit issues like removing critical authorizations, profiles from users, restrict sensitive table display/update access in Production, removed Debug access from Production. Restricted access to sensitive transactions like SE38.
• Setup procedures to handle OSS User administration included opening service connections, registering developer keys, objects & creation of OSS accounts.
• On Call support for security problems in Production and non-production systems.

Confidential

SAP Security Consultant

Responsibilities:

• Worked as LEAD SECURITY consultant for Confidential . a FORTUNE 200 Company dealing with health insurance, to upgrade project from rel. 3.1H to 4.6B.
• My responsibilities included designing and architecture of the Security upgrade strategy for the client. Trained the Security Administrators on how to use the Profile Generator, and the new features of 4.6B version like identifying and incorporating the new T-Codes, migrated to Role based Activity Groups, Derived Activity Groups & CUA.
• Responsibilities included working with the business teams to discuss upgrade impact to roles, role development, integration testing and after go live support.

Confidential

SAP Security Consultant

Responsibilities:

• Provided the complete security implementation strategy to ensure a well-secured & controlled environment for SAP R/3 applications.
• Designed the security upgrade strategy from release 3.1H to 4.5B.
• Developed the best practices document for the use of the Profile Generator in release 4.5B and made necessary Customizations in Profile Generator.
• Evaluated customer's security requirement and defined the end user roles accordingly.
• Analyzed all business roles and mapped business roles to transaction code according to business processes, as existing security at Ablestick was not transaction based.
• Designed and implemented a security development strategy from definition of job roles through to development, testing and production support.
• Developed databases for company Roles, Transactions and Org. level specifications.

Confidential

SAP Security Consultant

Responsibilities:

• Worked as Security consultant for this 3.1H implementation for FI, CO, MM and SD modules and supported over 5000 users globally.
• Developed profiles for the core team members for the DEV, QA and PRD systems.
• Created Firefight profiles and procedures for Temporary profiles to resolve critical Production issues and authorization errors.
• Resolved Audit findings, clean-up of after Go live from PRD systems.
• Documented procedures, developed ABAP utilities for easier User Administration.

Confidential

SAP Consultant

Responsibilities:

• Focus on Purchasing; inventory management, vendor evaluation & consumption based planning. Invoice verification & materials evaluation were other areas of responsibility
• Customized the Materials Management module using the IMG.
• Developed procedure and guidelines for the approval and maintenance of Material Master and mapped out the business requirements for the job owners.
• Responsible for the Testing and Configuration of the MM module.
• R&D (BPR - Business Process Re-engineering) for the company’s SAP implementation
• Tuned and customized the Sales and distribution module logic for optimized processing.
• Responsible for help desk support like unlocking users and resetting login passwords.

Confidential

Systems Analyst

Responsibilities:

• Research and development team member for company’s ERP package Penta-Works.
• Oversaw the gradual move from a Novell server based environment to a Windows NT server and workstation environment, in a 6-month time frame.
• Managed a team of network engineers for implementation of a Wide Area Network for Confidential . Job involved time and priority management, workflow and workgroup management.

Confidential

General Manager

Responsibilities:

• Over 7 years of experience in the above mentioned Plastic Packaging Industry.
• Handled wide range of Business Functions right from procurement of materials and machinery from Local/Overseas Sources.
• Managed the entire Production Planning, Quality Control, In House R&D, Sales, Finance, Administration and other related functions.
• In Materials Procurement function, I developed entire vendor base for the group, which includes Original Equipment Manufacturers (OEMs), Supply House etc. I have introduced Vendor Evaluation system, whereby all the vendors were evaluated based on Price, Timely delivery, Quality product, payment terms and other factors.
• Developed 2/3 vendors for individual raw material, to get good price benefit and service. Developed Inventory Management System (IMS) for the Group.
• Passed thru the entire purchasing cycle like Vendor Development, Credit Establishment, Establishment of Freight Forwarder, Establishment of Supply Houses, Negotiations with respect to delivery, price, Quantity, Quality etc.