SUMMARY

• SAP Security & GRC consultant with over 8 years of SAP and Industry, focusing on Design, Development, Testing, Per Go - live, Go-live, Upgrade and 24X7 Production Support of SAP Application Security.
• Industry experience includes Finance, Manufacturing, Mining, Hi-Tech, CPG, Technology and Chemicals.
• Involved in SAP Project deliverables for clients in Canada and USA
• Managing client engagements by providing consulting services, implementing security controls across SAP Applications.
• Worked with Global SAP implementing partners: IBM, Seal Consulting Inc and Illumiti on implementations ranging from 200 users to 400,000 users base.
• Implementation of SAP security solutions based on business functional needs across multiple SAP Applications: ECC modules (FICO, HCM/HR, MM, PM, PP, PS, QM, and SD), Bank Analyzer, BI/BW, Banking Solutions, CRM (Sales & Marketing), EP (ESS, MSS, Travel & Expenses), MDM, PI, SCM (DP & SNP), Solution Manager and SRM covering different business scenarios: Order to Cash (OtC), Procure to Pay (PtP), Make to Order(MtO). Record to Report(RtR), Hire to Retire(HtR)
• Extensive experience in leading requirements gathering, workshops, configuration, testing co-ordination, troubleshooting to deliver security solutions, meeting business needs
• Extensive experience in supporting testing phases (Unit, SIT,UAT), Go Live preps, Go Live activities, Post Go Live Support and knowledge transfer for Support Teams
• Ensure gaps identified are mitigated and/or approved by business owners prior to moving to production
• Designed and developed global role templates for Global Rollout Projects: One McCain(McCain Foods Limited), Blue Harmony (IBM), Molycorp (Illumiti)
• Design and construct SAP Security Roles: Single, Master and Derived Roles, and Composite Roles using the Profile Generator (PFCG). Perform Mass Generation of Profiles (SUPC) as required
• Set upand maintain Central User Administration (CUA)to handle User Administration: set up user IDs, update user access, reset password, lock/unlock users (SU01 and SU10)
• Used System trace: ST01, SU53, SU56, RSSM Trace, RSECADMIN and analyzed tables (USR*, AGR*) to troubleshoot authorization issues
• Develop eCATT and LSMW scripts for user administration activities
• SAP User License administration and submissions to SAP using USMM
• Manage security of OSS ID's, and developer keys
• Lead proposals related to projects that will improve SAP security functionality and support
• Review and correction of sensitive authorizations (S TABU DIS, S DEVELOP etc.)
• Manage SAP security changes within change management guidelines, using ChaRM, Rev-Trac ensuring that all transports moved into production maintain system integrity
• Assist in developing and document business as usual procedures, processes and guidelines that are efficient and focused on the quality of the process or end-state deliverable
• Setting up users on test environment for Unit Testing, Integration Testing, UAT and managed security authorizations test defects using HP Quality Center(HPQC)
• Worked on ticketing software like Clarify, Remedy, and Service Now for change management requests, as per SLA’s
• Lead Off-shore team, co-ordinating on-site off-shore activities
• Coordinate the day-to-day activities of team members, including maintenance; support and technical project work toensure performance objectives are met
• Conduct workshops for requirements gathering and discuss/ show demo of tools functionality
• Perform post installation steps & validate system readiness of GRC ARA and EAM
• Configured approved design of GRC AC tools: Risk Analysis Module (ARA,RAR), Firefighter Module(EAM,SPM)
• Work with the SOX team to discuss implementation strategies to enable/disable rule set objects for custom transactions as required and approved
• Work with business process owners to establish mitigation strategy for the SOD issues identified
• Utilize ARA simulation functionality to identify possible SOD issues while develop/maintain roles & user provisioning
• Use ARA to produce SOD analytical reports, UAR reports
• Lead GRC testing phase: prepare test scripts, identify the test user from business, support issuesAudit Information System
• Assist with the planning and execution of IT General Computer Controls (ITGCC) and Application Control (AC) audits to support the Company’s Sarbanes-Oxley (SOX) compliance review
• Involve in the Annual and Quarterly Security Validations, critical action (CA) and critical permission (CP) analysis
• Coordinate IT audit efforts with the internal audit team, internal IT management, consulting firms and an external auditing company
• Help audit teams with reports generated through SM19, SM20
• Configure Profile Parameters for Logon and Password (Login Parameters) using RZ10 to incorporate corporate security policy
• Perform quarterly internal audit to prepare production system for yearly external audit
• Represent the client during external information systems audit and work on audit findings
• Work with corporate security team to establish SAP application level access controls meeting corporate information systems audit guidelines

TECHNICAL SKILLS

Skill Set: SAP Security ECC 6.0, 5.0, R/3 4.7, 4.6c; BA 7.1; BI / BW 7.0 & 3.5; BS 7.1;CRM 7.0; EP 7.0; MDM 5.5; PI / XI 7.0; Sol Man 7.1, SCM/APO 7.0 & 4.0; SRM 7.0; Fiori; HANA

GRC Tools: SAP GRC AC Suite10. X, 5.X and VIRSA CC 4.0, FF 3.0 Office Tools MS-Office (MS-Word, MS-Access, MS-Excel, PowerPoint)

SAP Training: GRC 300 & 310 by SAP(2010)

PROJECT EXPERIENCE:

Confidential

Senior SAP Security Analyst

Environment:ECC 6.0, BI 7.0, CRM 7.0 & PI 7.0, GRC-AC10(ARA & EAM);

Key Responsibilities:

• Lead discussions and prepare BRD's required for role design, development and ensure security controls of SAP applications are adhere corporate controls policy
• SOD analysis, mitigation controls via GRC RAR
• Develop SOP's for security processes
• SOX clean up - redesigned the Roles

Confidential

Senior SAP Security Analyst

Environment:Bank Analyzer 7.1, eBanking 8, Gateway, SolMan, BI 7.0, Banking Services 7.1, CRM 7.0, ECC 6.0 & PI 7.0, GRC-AC10(ARA & EAM); HANA

Key Responsibilities:

• Involved in all the phasesoftheimplementation life-cycle including analysis, design, development of security solutions for SAP business applications Bank Analyzer, and eBanking and non-SAP application Techcom
• Worked on HANA DB migration project: set up users, roles on HANA as required
• Involved in Solution Manager Upgrade project from security team
• Support user administration non-SAP applications like Open Text, Saleforce.com and Techcom

Confidential

Senior SAP Security & GRC Consultant

Environment:ECC 6.0, SAPNetWeaver components BI 7.0, EP 7.0, CRM 7.0, Solution Manager 7.1, GRC-AC10(ARA & EAM) and SAP Fiori;

Key Responsibilities:

• Principle consultant for SAP ECC, BI, CRM, EP, SolMan security for clients of Ilumiti
• Implemented GRC - AC 10.0 ARA & EAM for Molycorp
• Provide test case scenarios for Unit testing & SIT
• Provided authorizations for Logistics users using SAP Fiori apps to approve PO's
• Provided authorizations for users using NWBC UI as front end to log into backend ECC

Confidential

SAP Security & GRC Consultant

Environment:ECC 6.0, SAPNetWeaver components BI 7.0, EP 7.0, PI 7.0, CRM 7.0, Solution Manager 7.1, SCM 7.0, SRM 7.0, SAP Biller Direct SAP GRC AC Suite 5.3(RAR & SPM)

Key Responsibilities:

• Involved in all the phasesoftheimplementation life-cycle including analysis, designof business applications in ECC, BI, CRM, EP, PI, SCM, Solution Manager, and SRM environment
• Implemented GRC AC 5.3: RAR, SPM
• Designed, developed ESS, MSS, T&E, Biller Direct, SRM roles, maintained authorization in back-end systems & mapped to Enterprise Portal roles

Confidential

SAP Security & GRC Consultant

Environment:ECC 6.0, CRM 7.0

Key Responsibilities:

• Off-shore security lead, with a team size of 10, co-coordinating on-site off-shore activities
• Review Data Definition Documents(DDD), Interface Definition Documents(IDD) to restrict security for various interfaces
• Conducted knowledge transfer session of SAP security authorization concepts to new team members

Confidential

Environment:ECC 6.0, CRM 2007, PI 7.0Solution Manager

Key Responsibilities:

• Lead a team in security configuration and built roles as per Business Process Master List (BPML), Role to Position Mapping (RtPM), and SOX compliance
• SOD analysis, mitigation controls via GRC RAR
• Worked extensively on security design for CRM Web UI - Channel Management, Customer Data Protection, and Org Structure Management