SUMMARY:

• SAP Certified Application Associate - SAP ACCESS CONTROL 10.0
• Overall 10+ years of experience in teh software industry and 7+ years of experience in SAP technology as an SAP Security and GRC Consultant.
• Progressive experience in SAP ECC 6.0, R/3 Security, BW Security, CRM Security, HCM Security, EBP Security, Solution Manager Security and Enterprise Portal Security.
• Extensively worked on Sarbanes-Oxley Compliance Projects and worked wif various tools like BizRight of Approva, GRC 5.3, GRC 10.0 and VRAT of VIRSA.
• Technical expertise in GRC implementation, automation and upgrade related to various GRC toolsets.
• Proficient wif user provisioning activities across SAP systems (including ones wif Single Sign-On).
• Actively involved in teh implementation projects of GRC Access Control 5.3 suite - RAR (Risk Analysis & Remediation, SPM (Super Access Privilege Management), CUP (Compliant User Provisioning) and ERM (Enterprise Role Management).
• Actively involved in teh implementation projects of GRC Access Control 10 suite - ARA (Access Risk Analysis), EA (Emergency Access), ARM (Access Risk Management) and BRM (Business Role Management).
• Highly proficient in analyzing GRC reports and addressing them to be SOX Compliant.
• Actively involved in all phases of SAP Security Implementation from blue print, design through post go live support.
• Extensive noledge about transport management system and transported roles between clients wifin ECC system and between ECC systems.
• Used RAR (Risk Analysis and Remediation) of GRC 5.3 and ARA (Access Risk Analysis) of GRC 10.0 extensively for handling SOD conflicts for users and roles in both ECC and EBP systems.
• Strategy management related to SAP business processes, transactions, control infrastructure, financial reporting process. Sarbanes-Oxley Section 404, Remediation of Segregation of Duties (SOD) wifin SAP implementation.
• Preventative, mitigating and compensation controls to ensure teh appropriate level of protection and adherence to teh goals of teh overall SAP security strategy.
• Highly proficient wif creating customized reports from SAP tables using SE16 and SQVI.
• Extensively worked on Profile Generator (PFCG), Role, Profile, User Administration, Authorization objects, User reconciliation, CATT Scripts, Org Structure, HR Infotypes, BW Administration workbench- BW Info cubes, Info objects, Hierarchy, Variables, Update and transfer rules, Info Areas, Info object catalog.
• Assisted in Sarbanes Oxley Compliance - SAP System Quarterly & Yearly Audits and documentation of significant Processes and access controls.
• Preparing test plans and scripts based on teh business requirements via HP Quality Center.
• Collaborate wif other team members and business representatives to ensure dat security settings meet teh requirements of teh business and align wif teh defined controls and standards.
• Respond to requests and prepare SAP security reports based on management and department needs.
• Set up security for Enterprise Portal on Net Weaver 2004s.
• Worked on Ticketing using Consol, ITR, Clarify & Rialto Remedy tools.
• Continuously improved security configuration to reflect best practices and to prepare for system audits.
• Excellent problem solving skills, team player wif good communication skills.

TECHNICAL SKILLS:

SAP SKILLS: GRC AC 10.1/10.0/5.3, PC, ECC 6.0/5.0, SAP R/3 Enterprise 4.7/4.6C/4.6B/3.1i, BI 3.5/7.0

Modules: FI, CO, HR/HCM, MM, SD, BW/BI, SRM, CRM, PI, HANA,SPM, EWM,SOLMAN

Security Audit Tools: SAP GRC (SAP Access Control 5.2, 5.3), VRAT, VFAT, and GRC10

Databases: Oracle, MS Access, SQL Server, Oracle 9i/8i

Operating Systems: Windows XP/2000/98/NT, UNIX, MS-DOS.

Application Software: Microsoft PowerPoint, Microsoft Access, Microsoft Excel, Microsoft Visio.

Other: LSMW, CATT.

Testing Tools: Quality Center

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

SAP Security Analyst/Administrator

Responsibilities:

• Working wif business process owners and support creation/maintenance of composite and single roles wifin SAP ECC, SRM, BW, HCM, and Enterprise portal following development standards.
• Development of Composite, Single including parent/derived roles in all SAP systems across teh Shire landscape.
• Supported user provisioning in SAP Netweaver portal using Identity Management.
• Implemented Emergency Access Management (Firefighter) module in GRC 10.0 in BW, SRM and SCM systems.
• Contributed best practice approaches to teh team and identified gaps in teh various processes.
• Created scripts in SAP Netweaver portal for multi-user provisioning.
• Responded to internal audit team queries by creating ad hoc reports across teh production landscape.
• Act as a business liaison to lead changes in teh security role design.
• Created new customized queries using SQVI to ease ad hoc reporting for teh audit team.
• User provisioning across production landscape wif risk mitigation in ARA module in GRC 10.
• Identified SOX issues and developed user access strategies to eliminate them and applying mitigating controls wherever applicable.
• User for offshore resource to allow independent support

Confidential, TX

SAP GRC/Security Consultant

Responsibilities:

• Assisted in Sarbanes Oxley Compliance - SAP System Audit and documentation of Significant Processes and controls.
• Continuously improved security configuration to reflect best practices and to prepare for system audits.
• Extensively worked on SAP ECC 6.0, R/3 and CRM security issues.
• Extensively worked on teh portal administration wif a CRM solution.
• Resolved SOX and Audit issues in CRM and R/3 systems and created mitigation controls wherever applicable.
• Identified teh security problems wif user access to SAP R/3, BW, XI, CRM systems. Also worked on XI authorizations.
• Used SOX tool RAR (Risk Analysis and Remediation) while creating new clean roles. Resolved conflicting transaction combinations while assigning access to new users and modifying existing user accesses.
• Supported various user administration activities such as elimination of risks associated wif wide access profiles, assigning users to user groups, locking users dat are no longer active, identification and elimination of duplicate user ids, etc.
• Modified existing roles, removed transactions to resolve critical access and SOD conflicts in systems.
• Worked on Rule Architect and Mitigation control. Extracted VIRSA Reports to identify conflicting transactions and SOD violations.
• Developed new roles for Basis and Security team. Used Profile Generator for creating, modifying roles, composite roles, global roles & derived roles.
• Supported creation and maintenance of users and user master records including establishment of security policies and procedures.
• Implemented Firefighter in R/3, EBP and BW systems.
• Worked on production emergency support. Assigned Emergency access to user’s to resolve production support issues.

Confidential

SAP Security Consultant

Responsibilities:

• Analyzing business requirements and developing new roles and designing security based on teh business requirements for a project involving global design and rollout.
• Gathering project requirements, SODs verification, Audit Remediation, Internal Controls, Global Security Design, Roles development, Testing & Roll-out.
• Work wif functional teams and change management teams to understand teh business requirements and gather application security requirements needed to build roles based on those requirements
• Obtain necessary approvals. Design and build end user roles for various processes and reports wif appropriate restrictions
• Carrying out role development per validation/change control procedures for creation/change, getting required approvals and completing tasks for Development, Transport, Testing and movement to Production.
• Developing roles keeping Data Privacy, Sensitivity, Audit controls, custom developed Transactions, Programs, Reports and Tables.
• Development of new parent and derived roles for better security to all global locations.
• Providing security support for new modules/implementations/upgrades and service package specific duties.
• Design, configure and maintain activity groups, manual profiles/authorizations and users wifin teh systems and clients, and maintain project team user access
• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules in R/3 system such as FI, GL, AP, AR, CO & MM.
• Analyze existing emergency roles and clean up teh obsolete ones from teh system landscape.
• Central User Administration set-up, user administration for systems in Dev, QA, Prod, etc.
• Raising new requests in Approva Bizright on behalf of teh users to get them teh required SAP authorizations in production. Setting up new/adhoc and reviewing period compliance reports in Bizright Approva.
• Perform WHAT-if analysis to determine teh impact of changes such as modifying role or responsibility assignments or creating new users before actually requesting change in teh SAP systems.
• Review rule books wif business process owners to discuss changes/ new additions.
• Designed, established and documented a new automated SOX inactivity procedure dat reports users who has not logged into teh SAP production systems in a long time and perform actions such as lock or delete teh user based on teh duration of inactivity.
• Performed transports and mass transports of roles including mass user maintenance and mass role assignment using CATT scripts.
• Identifying and retrofitting changes from one pipe to another in teh SAP system landscape.
• Project Management: Weekly meetings wif project site support personnel, logistics experts and collecting requirements for development, testing & support activities.
• Production Support, Trouble shooting, tracing etc.
• Participate in full role development lifecycle activities (coding, unit testing and release activities).
• Ensure integrity and confidentiality of information residing in SAP system
• Follow SAP-related policies and procedures around access controls, change management, development etc., to ensure preparation for teh variety of audits
• Assist in coordinating of security for SAP interfaces, user, user acceptance testing, and data conversions where necessary
• Provide general non-security related SAP/Basis technical assistance and support as needed
• Utilizing SAP Service Marketplace to research problems, open OSS notes and manage OSS messages
• Creating and maintaining requirements, tests, and design steps wifin HP Quality Center.

Confidential, Austin, TX

SAP Security Consultant

Responsibilities:

• Worked on segmentation and Channel Management projects in CRM.
• Created Roles for Org Management, IPC (Internet Pricing Configuration) Roles, Config team roles, Channel Management and Catalog Management Roles.
• Developed custom security solutions to meet business requirements.
• Worked on all security related issues including Web and Single Sign On issues.
• Extensively used Org management related transactions and implemented HR based security.
• Involved in implementing SAP XI security in integrating both SAP and non-SAP systems using technical and application adapters.
• Used BP, PPOMA CRM, PPOSA CRM, PO10 and PO13 extensively in CRM system.
• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules in R/3 system such as FI, GL, AP, AR, CO, HR & MM.
• Created roles, Authorizations, object classes, objects, and assigned roles to users.
• Transported profiles between clients wifin R/3 system and between R/3 systems.
• Created users, roles and assigned required privileges for database access.
• Used Profile Generator for creation and modification of roles (Composite, Global & Derived roles).
• Extensively worked on authorizations (fields, objects and profiles).
• Performed transports and mass transports of roles including mass user maintenance and mass role assignment using CATT scripts.
• Assisted in Sarbanes Oxley Compliance - SAP System Audit and documentation of Significant Processes and controls.
• Continuously improved security configuration to reflect best practices and to prepare for system audits.
• Educated client personnel in R/3, CRM and portal Security.
• Worked on SAP Check Indicator Defaults and Field values, reduced teh scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Resolved all SOX and Audit issues in CRM and R/3 system including creation of mitigation controls.
• Preparing test plans and scripts based on teh business requirements via HP Quality Center.
• Used SOX tool BizRight of Approva while creating new clean roles and resolved conflicting transaction combinations while assigning access to new users and modifying existing user accesses.

Confidential . Holland, MI

SAP Security Consultant

Responsibilities:

• Assisted Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls.
• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules in R/3 and SRM (EBP) system.
• Used PPOMA BBP, USERS GEN & BBP CHECK USERS extensively and also created user using Web functionality.
• Worked wif Business specialists to familiarize them wif SAP authorization objects dat are causing teh conflicts and halp them understand teh options for mitigating teh conflicts.
• Executed timely security reports for critical transactions and objects and to identify users who never logged on.
• Removed ranges from S TCODE.
• Removed SAP ALL from users and created roles for them.
• Removed all conflicting transactions from wifin teh roles and cleaned impacted roles.
• Removed single roles from composite roles to resolve SOD conflicts.
• Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization.
• Analyzed all customer programs and transaction codes for authority checks.
• Analyzed all business roles and mapped them to transaction codes according to business processes.
• Continuously improved security configuration to reflect best practices and to prepare for system audits.
• Established security testing procedures and tools.
• Preparing test plans and scripts based on teh business requirements via HP Quality Center.
• Educated testing teams on procedures to test security profiles.
• Provided noledge transfer for SAP R/3 security environment.
• Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new.
• Documented teh procedure for all SAP tasks process and controls.