SUMMARY

• Goal oriented and collaborative Sr SAP SECURITY/GRC ANALYST with over 12 years of experience applying software design, changes, administration and configuration to support growing businesses.
• Proven analytical and problem - solving skills with the keen ability to assess needs, define requirements, develop value-added solutions and execute technical solutions that streamline and improve operating efficiencies.
• Adapt in communicating with technical and non-technical audiences. Developed system documentation and created policies to meet the needs of dynamic and continuously changing environments.
• Lead Security Team for multiple projects and production support issues.
• Extensively involved in authorization using profile generator for modules such as SD, MM, FI, PP etc. Central User Administration (CUA), Profile maintenance RBAC, Security maintenance of the ECC, IDM, S4 HANA, APO, BW, HCM, SRM, CRM, PI, PO, Portal, Solution Manager, BOBJ, BODS & BPC Systems.
• Worked on creating Request for Proposals (RFP) for multiple projects for clients
• Subject matter expert for GRC 10.1 AC Suites (ARA, EAM, ARM & ERM)
• Implemented Secureauth IDP multifactor authentication to our multiple systems
• Successfully completed multiple migrations of SAP systems such as BW 3.5 to BW 7.0, Versa to GRC 10.0 and 10.1
• Three full cycle implementations of SAP R/3 which includes design of overall security
• Completed SAP Hana Training from SAP.

TECHNICAL SKILLS

• Upgrades & Technical security for SAP R/3 4.7
• ECC 5
• ECC 6
• BI
• SRM
• CRM
• HCM
• PI and APO
• Windows 95/ 2000/Me/XP/Vista
• Windows server NT 4/2000/2003/2012
• MS Word
• MS Excel
• MS Power point
• Secureauth IDP

PROFESSIONAL EXPERIENCE

Confidential, RICHARDSON, TX

Senior SAP Security & GRC Analyst

Responsibilities:

• Designed and lead multiple role redesign projects like AP Automation, ESS/MSS, AP/AR Roll outs for new locations, BI Role redesign.
• Effectively worked with Audit & Compliance and defined security monitoring matrix to adhere with requirements.
• Lead offshore team for various projects and production support issues.
• Extensively supported end users for ECC (FI, CO, SD and MM), GRC 10.1, BW, SCM, CRM, PI, PO, BOBJ and HR systems.
• Designed and implemented GRC 10.1 ARA, EAM, ARM and ERM processes and architecture.
• Design and Implementing Fiori Access Request apps for users and approvers.
• Implemented SOD risk and functions in GRC as per business processes to adhere with compliance policies.
• Conducted workshops to develop custom Segregation of Duties(SOD) Rule-Set
• Performed analysis to determine SOD false positives and created documenting process.
• Cross trained business users with new process and procedure using nontechnical verbiage.
• Implemented automated HR trigger for separation, extension of contractors and on-boarding.
• Designed & implemented Secureauth multifactor application to internal and external systems.
• Presented Proof of Concepts for projects and enhancements.
• Created multiple process document for functional & technical requirements along with housekeeping (monitoring) activities
• Lead GRC AC team on-shore and off-shore resources.
• Defined provisioning strategy templates for GRC AC 10.1.
• Proficient on creating rules in the Business Rule Framework (BRF) and maintaining. Multi-Stage-Multi-Path (MSMP) workflows. Develop Process Flow diagrams, Process Design Documents, Configuration Rationales, Configuration Build and Test Scenarios for GRC 10.1.
• Connected ECC, BW, HR, Solution Manager, SRM, EP with GRC 10.0.
• Configured Access Risk Analysis to run Risk Analysis on SAP Technical and Business Roles in GRC.
• Set up Self Service provisioning through portal.
• Prepared test cases based on functional requirement.
• Created knowledge based and training materials.
• Supported Unit, Integration and User Acceptance testing and cutover activities for GRC 10.1
• Delivered GRC training to Access request users, approvers and controllers.
• Resolved defects and completed testing within the time line.
• Defined the System/Object/Package/Analytic Privilege roles in S4 HANA
• Defined the system parameter settings in the security editor of the SAP HANA studio
• Maintained the database users in HANA studio.
• Configured the password policy of the SAP HANA Studio database users in production system as per the client audit framework.
• Maintained the critical security settings in SAP HANA cockpit.

Confidential, DOWNERS GROVE, IL

SAP APPLICATION CONSULTANT

Responsibilities:

• Developed design and solution approach to deploy GRC 10.0 Access Control
• Provided technical architecture details of GRC Access Control 10.0 to the client
• Configured GRC AC 10.0 ARA and EAM
• Conducted workshops to develop custom Segregation of Duties(SoD) Rule-Set
• Created custom SoD Rules in GRC 10.0 Rule Set from Funds Management, Material Management, Plant Maintained, Procure to Pay and Treasury area
• Updated GRC Access Risk Analysis SoD Rule-Set to include custom transactions
• Imported Technical Roles from the backend systems and create Business Roles in GRC
• Ran SoD Risk Analysis reports to ensure that the SAP Business Roles are free of SoD conflicts
• Identified and explained the SoD conflicts in the SAP Business Roles to the Functional teams and worked with them to resolve the conflicts
• Ran Risk Analysis on the End Users and create user friendly reports of Risk Analysis reports
• Configured ID Based Emergency Access Management with email notification
• Led Security team of on-shore and off-shore resources during Unit, Integration and User acceptance test
• Designed and implemented Master and Derived Roles and rolled out to multiple location.
• Performed cut-over activities for GRC and IdM (loading users and roles, etc.)

Confidential, PALATINE, IL

SAP SECURITY/GRC ANALYST

Responsibilities:

• Worked with Director and resolved SOD violations in Roles.
• Performed analysis over users to prevent exceeding license cost.
• Used LSMW to Create Derived roles.
• Used Custom Program to Populate org level value’s in Derive roles.
• Created FF ids in PRD and QAS system and assigned proper roles as per process
• Assigned FF id’s to users in PRD and QAS system.
• Worked on BI projects and Production support
• Created BI/BW Analysis authorization and PFCG roles based on Org levels restriction.
• Created Member Access Profiles with required Legal Entities, Dimensions and members in BPC

Confidential, OKLAHOMA CITY, OK

SAP SECURITY/GRC ANALYST

Responsibilities:

• Worked extensively with process experts on Segregation of Duties (SOD) issues.
• Modify existing roles to make them complaint with SOD.
• Analyzed and prepared reports on SOD issues.
• Creation of Roles, assigning transactions as per requirement, transports and organizational levels.
• Creation of users and maintain Authorizations profile.
• Maintain transaction and authorization data in roles.
• Generated authorization profiles, assign roles and profiles to Users in CUA.
• Create and maintain Single role and Derived roles.
• Design and maintain security roles for SAP landscapes using PFCG.
• Used Changed control process to create, transport roles for DEV, QA, to PRD.
• Troubleshoot security/authorization related problems using SU53, ST01 and SUIM.
• Configured Compliance Calibrator and Firefighter (Emergency Access) on SAP R/3 4.7, ECC 5 ECC 6.0 EHP4.
• Created Organizational Plan, Personal Master Record, Infotype 105 and 1017 for SAP HR Structural Authorization.
• Developed new roles for BW/BI according to reporting user and administrative user and also based on Info Objects (Key fig, Characteristics).
• Created Custom rules in the RAR tool and developed naming convention for Mitigating Controls and implemented them.
• Implementation of Emergency user concept with GRC Firefighter tool and Firefighter ids.

Confidential, Norwalk, CT

SAP R/3 SECURITY ADMINISTRATOR

Responsibilities:

• Completed Full cycle of implementing R/3 which includes design of overall security for more than 3000 users
• Worked on the Security Audit project in the 4.6C landscape
• Worked with management team and internal audit to develop a Sarbanes-Oxley compliance strategy.
• Designed, implemented and deployed SAP security strategy, procedures and roles for various projects and functional teams (MM, FI and SD).
• Worked with managers to develop strategy for compliance with SOD issues.
• Worked as a SAP GRC Controls Consultant. Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements.
• Assisted and trained the Functional teams in performing risk analysis using SAP GRC, remediation and mitigation processes.

Confidential, Holtsville, NY

SAP SECURITY CONSULTANT

Responsibilities:

• Worked on security issues of users and managing their access rights
• Worked on SU01, SU10 and SUGR for creating and managing the users.
• Creating and managing the roles, composite roles and derived roles.
• Assisted and trained the Functional teams in performing risk analysis using SAP GRC, remediation and mitigation processes.
• Worked as a SAP GRC Controls Consultant. Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements.
• Creating and maintaining the user authorizations, Profiles and roles
• Provided on call support to the users using ST01 and SU53

Confidential, Mundelein, IL

SAP SECURITY CONSULTANT

Responsibilities:

• Used PFCG and SUIM to develop the security model.
• Worked on creating Single roles, Composite roles and Derived roles.
• Worked on transportation to different systems.
• Used SU10 and CATT script for mass change in users.
• Worked on user management process development that includes some other processes. Like processes to create users, identify and remove idle users, lock-unlock users.
• Involved in formulating security policies and procedures.