PROFESSIONAL SUMMARY

• Having around 8 years of SAP R/3 4.7, ECC 6.0, SAP CRM, SAP HR, SAP BI, SAP BOBJ, Central User Administration CUA, SOLMAN, SAP Portal Security experience and Experience in GRC AC 10.0 & 5.3 components.
• Hands on experience in SAP Security Implementation of ECC modules. Successfully completed 2 full life cycle implementations including analysis, conceptual design and worked on the upgrade projects.
• Have performed all SAP authorization related activities with well - equipped knowledge of User administration, Profile maintenance, Transport management, Trouble shooting and with an excellent understanding of Sarbanes-Oxley Act and SOD compliance.
• Worked in all phases of full life cycle implementation interacting with the customer at client location including analysis, design development, blue print phase, configuration, Cut-over phase, Testing, Training, GO-Live and Post implementation support.
• Supporting Project (creation of bulk user, Support and test ID’s, roles. Adding T codes, custom T codes, Authorizations) Updating the Specification for any change with the proper approvals from central role owners.
• Proficient in analyzing and translating business requirements to technical requirements in SAP.
• Supported SAP Security application for Gas, Pharma, Chemical, Food and Manufacturing industries.
• Termination of user SAP ID’s on weekly basis, based on termination report from HR and managing Roles and Profiles which are not in use.
• Superior Communication skills, strong decision making skills, Organizational skills, and customer service oriented, comfortable working in a fast-paced, hands-on, growth oriented environment.SAP SECURITY SKILLS
• Hands on experience in SAP Security Implementation of ECC modules like MM, SD, FICO, PS, QM, SM, PLM, VMS, WM, Java stack of SAP ME, MII.
• Experience in support of SAP CRM and ECC systems for Profile Maintenance and User administration involving creation/deletion/locking/modifying users.
• Experience in redesigning of the SAP roles based on the SOD violations.
• Creating, modifying and assigning roles, Restrict access at field level, T-code level and Authorizations level using Profile Generator Tool (PFCG).
• Troubleshooting user missing authorizations using SU53 and ST01. Assigning missing authorizations as per the user’s requirement.
• Designing of Authorizations based on the Industry Business Hierarchy.
• Creating Analysis authorizations in SAP BI and assigning to specified roles. Support for the BI authorization issues.
• Experience in creating and assigning roles and groups as part of Identity management IDM in SAP Netweaver portal.
• Monitoring the critical transaction codes and ensuring that they are assigned to the concerned users only.
• Generate security reports for Critical transactions and Objects and for users who never logged on.
• Creating Fire Fighter (FF) ID’s, tagging users ID to FFID’s. Daily monitoring usages of FF and reviewing the respective approval mails from controller of FF ID’s. Working on Trace (ST01) resolving query, if any.
• Transporting the generated roles and profiles using STMS and CHARM.
• Worked with User Information System, creating and changing users and assigning roles to users.
• Created users and maintained user master and established security policies and procedures.
• Configured Central User Administration (CUA).
• Used CUA to maintain users (Creation, deletion, locking etc).
• Assigning firefighter access to users and Generating Log report for Firefighter Ids in Production systems.
• Maintaining SAP Check Indicator Defaults and Field values thus reduced the scope of SU24.
• Good working knowledge of AGR* tables. Maintained table security using authorization groups.
• Experienced in using CATT/eCATT scripts, LSMW during security implementations.
• Experience with Portal Security, User Management, Development of Portal Roles, Single Sign On (SSO), Identity Management (IDM) and Security Weaver.
• Worked closely with the audit teams and resolved production system deficiencies.
• Worked on ticketing tool to resolve the issues & problems in different kinds of Sap Security modules.
• Collaborate with other team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the Client requirements.SAP GRC 10.0 & 5.3 SKILLS
• SAP GRC tool - Firefighter: Assign firefighter Id’s to support users in order to resolve provisionally broad issue. SAP ARA: SPRO Configuration: BC Set activation, configuration parameters, background job syncs, SOD Rule generation, batch risk analysis, Alerts.
• SAP EAM: BC Set Activation; Connectors; MSMP Workflow; creation of access owners; creation of FF Id, Assign owners / controllers / fire fighters to FF Id, monitoring of FF logs, consolidated Log Report.
• Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations (Risk).
• Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
• Performed remediation and mitigation against various risks associated with roles and users. ARA has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change.
• Make use of Role Creation Role Change Request form in order create a new role or make changes to an existing role; Change Request Board approvals mandatory for transports. Simulate the role using GRC before moving the changes to quality environment.
• SAP GRC tool - RAR module: Simulate users before actual assignment in SAP. SOD violations found need to be mitigated by using Mitigation Control Document.
• Approving request as a security admin and also approve the request on behalf of approvers in different stages as a CUP admin.
• Creating user access request through GRC CUP up on the request.
• Created UME role for users, approvers, admin and IT team in GRC.
• Importing Roles in to GRC CUP with respective to Functional area.
• Analyzing the issues in SAP GRC systems for RFC connections, Background jobs.
• Created Business process, functions, risk, rules and generating rules sets.
• Creating and uploading roles, uploading authorizations in SAP GRC, Creating RFCs for adding the child systems to CUA and integration of the other systems with SAP GRC for the new Deployments.
• Configuration of the request type, user defaults.
• Designing and defining the workflows in SAP GRC.

TECHNICAL EXPERTISE

ERP: SAP ECC 6.0, SAP R/3 4.7, BI 7.0, SCM, CRM, HR, GRC 5.3, GRC 10, SOLMAN.

Operating Systems: Windows NT/98/2000/XP/7, WINDOWS SERVER 2K/2K3 AIX 6.1, 7.1, LINUX 7.2, UNIX

Programming Software: C, C++, Core JavaTools: GRC 5.3, 10.0, QTP, Remedy, HP Quality Center, Hornbill, Front Page and MS-OFFICE

Scripting: CATT, ECATT, LSMW, QTP, UNIX SHELL SCRIPTJava

Databases: ORACLE 9i/10g/11g, My SQL, MS-Access.

PROFESSIONAL EXPERIENCE

Confidential, St. Louis, MO

SAP SECURITY AND GRC CONSULTANT

ENVIRONMENT: ECC 6.0, GRC 10.0, 5.3.

RESPONSIBILITIES:

• Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
• Implemented and Configured SAP GRC AC Compliance Applications versions GRC 10.0. Involved in Upgradation of GRC 5.3 to GRC10.0.
• Performed remediation and mitigation against various risks associated with roles and users. ARA has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change.
• Make use of Role Creation Role Change Request form in order create a new role or make changes to an existing role; Change Request Board approvals mandatory for transports. Simulate the role using GRC before moving the changes to quality environment.
• Gathered Information and Customized CUP Workflows leveraging clients existing user creation process.
• Suggested alternatives for SOD remediation during and after the Go Live for naming conventions, role swaps for users with conflicts and configuration changes to keep track of project progress.
• Restrict the table access using TableSecurityAuthorization Objects like S TABU DIS and S TABU CLI.
• Defined critical transactions to be used for SUPM where in they would be assigned to super users as applicable.
• Configured system audit reporting/ audit log which would provide the report data for Audit purposes.
• Experienced with Net weaver for handling user maintenance through UME, User Management Engine.
• Provided technical Security support users on modules FI/CO, MM, PP, MDM, SRM, SCM, APO, SD, BI
• Handled all Security issues related to authorizations and remediation around support and upgrades.
• Implemented Single Sign On, SSO, in Netweaver. This involved working with the Enterprise Directory (ED) administration team in identifying the Key components of SSO/LDAP technology.
• Restricted access to reports in BI by using objects S RS COMP, S RS COMP1 and S RS AUTH.
• Maintained multi system, multiple environment landscape through CUA configured on Solution Manager for easier user provisioning and administration.
• Work with Maintenance & Engineering and IT Security management regarding potential access violations per US Security standards and best practices.
• Contribute to daily Security monitoring of all SAP application environments and respond to Service Center tickets for user administration in SAP production and non-production environments within designated SLA’s.
• Provide an insight on process improvement to junior team members and groom internal FTE’s, Full Time Equivalents to perform and understand Security challenges.

Confidential, Voorhees, NJ

SAP Security and GRC Consultant

ENVIRONMENT: ECC 6.0 FULL LIFE CYCLE IMPLEMENTATION

RESPONSIBILITIES:

• Requirement gathering, Design, Development, and Maintenance of SAP application security and SAP roles.
• Created customized roles to meet business requirements with Organizational level value restrictions.
• Make use of report PFCG ORGFIELD CREATE and convert auth field to org level; modify the affected roles with proper values in the org field.
• OSS Operations Support System Management for project requirements including OSS ID administration, issuing developer keys.
• Worked on SAP check indicator defaults and field values using transactions SU24 and maintained check indicators for Transaction code during testing. Worked closely with ABAP team for Authority Check Statement maintenance.
• Orientation and knowledge transfer to new hires and building new client support teams.
• Worked on role remediation with Business teams and involved in removing the transaction codes from the roles and restricting the objects at the authorization object level.
• Through knowledge of SOX compliance and best practices in SOD remediation. Streamlined the User Access Request process by clearly defining the appropriate access for each functional team.
• Performed reconciliation of user master record and roles using PFUD and SUPC.
• Performed user comparison using PFCG, PFUD and also by running PFCG TIME DEPENDENCY job.
• Designed, configured & cutover of GRC Access Control 5.3 - CUP, SUPM & RAR.
• Creating and uploading roles, uploading authorizations in SAP GRC, Creating RFCs for adding the child systems to CUA and integration of the other systems with SAP GRC for the new Deployments.
• Supported existing installations VIRSA 5.3 - Workflows, mitigating on behalf of control owners/internal audit, GRC upgrade, IDM-GRC CUP web services integrations etc
• Evaluated various implementation approaches including using RSEC MIGRATE, Automatic Generation and manually creating new authorization objects
• Used RSECADMIN extensively to develop authorizations based on the characteristics and hierarchies identified during analysis.
• Formulated complex mapping documents to establish relationships between the Info Objects, Analysis Authorizations and their respective roles.
• Manually assigned Analysis Authorizations to users in RSECADMIN as well as in PFCG roles to ensure a lean user assignment approach that eliminates redundancies.
• RFC administration - Setup and Maintain RFC destinations.
• Client administration - Client Creation, export, Remote & local Client Copy, Client Deletion. Securing Clients and Assigning Logical System to client.
• Designed, Developed and Tested ESS/MSS roles in conjunction with Enterprise Portal.

Confidential, Gardena, CA

SAP Security and GRC Consultant

ENVIRONMENT: SAP ECC 6.00, SAP ME, SAP GRC 5.3

RESPONSIBILITIES:

• Implementing Access Control 5.3: configuring, testing and training of the SAP GRC suite on a four-landscape environment consisting of Sandbox, Dev, QA and Production.
• Design and development of SAP ME system on Java stack with the inputs from client.
• Work with HR to build AC 5.3 triggers for auto de-provisioning and position changes within the org
• Working with key stakeholders on requirement gathering and identification of business processes and approvals steps to determine workflow requirements.
• Training and assisting business process owners and approvers understand GRC and its benefits
• Develop courseware for end users, approvers, and internal audit for product familiarization
• Configuring the Super User Privileged Management (Fire Fighter) in SAP ECC system, Fire Fighter Unit testing.
• Preparing Fire Fighter Pre-work Questionnaire, ID template, Blue Print.
• Integrated IGS Internet Graphic server on every SAP web AS and unit testing to make sure the graphs are generated accurately.
• Uploading UME roles to enable RAR configuration and handling entire post installation configuration for Risk Analysis & Remediation.
• Setting up the background jobs in RAR to sync with the backend ECC system User, Role, Profile data so as to generate the management based reports
• Creating rules using Rule Upload SoD matrix mapping to the SAP standard Risk Ids.
• Uploading Functions & Risks into RAR and Creation of New Functions & Risk Ids.
• Assessing the Risk levels and impact and accordingly Mitigate or Remediating the Risk.
• Configuring and running jobs for: Rule Set generation; User Analysis; Role Analysis; Remediation (preparing remediation strategies); Mitigation (preparing mitigation controls at user levels); Risk Terminator (Configuration & Activation).
• Using RAR to alert the appropriate monitor when conflicting or critical transactions are used or a control is assigned to mitigate a risk.

Confidential, Columbus, OH

SAP Security and GRC Consultant

ENVIRONMENT: ECC 6.0 FULL LIFE CYCLE IMPLEMENTATION

RESPONSIBILITIES:

• Work with stakeholders, system owners and end users to define business / operations requirements.
• Collaboration in planning, design, development and deployment of new features.
• Liaise with various business groups to facilitate implementation of new / enhanced business process.
• Extensively involved in Unit testing and Integration testing and coordinated all the testers in all the testing life cycles.
• Set up Central User Administration (CUA) to manage systems/clients.
• Configured Super user Provisioning and to give emergency access to functional, technical and audit team members.
• Responsible for Post Installation activities of RAR like upload UME roles, create administrator user and assigned roles, analysis Daemon manager, JCO RFC, etc..,
• Generate rules in RAR for easily create, maintain and manage risks.
• Created monitors and approvers and mapped them to mitigation control.
• Define the workflows used by the requestors and approvers.
• Determine the approvers, roles and the permissions associated with each role.

Confidential

SAP SECURITY CONSULTANT

ENVIRONMENT: SAP ECC 6.0

RESPONSIBILITIES:

• Requirement gathering, Design, Development, and Maintenance of SAP application security and SAP roles.
• Created SAP customized roles in PFCG and assigning them to users.
• Created users (Dialog, System, Service, Communication, Reference users) using SU01, SU10.
• Created customized authorization objects and fields to have full control on user data access.
• Provided solutions to complex authorization problems.
• Used both general and structural authorizations to meet business requirements.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Creating users, maintaining passwords and authorizations in EP. Grouping users according to Activity, Work set, and Role.
• Created BW roles, Analysis authorizations.
• Ran SOD risk analysis (at Auth object level and Tcode level) whenever there is Role creation, role change or role assignment to a user.
• Creation and Maintenance of documentation for role updating.
• Resolving daily user issues using SU53 and ST01 and working on daily tickets.
• Defined rules in SoD matrix. Ran management report. Ran SOD report to monitor the associated risks in the system.
• Defined risks, critical Tcodes and powerful authorization objects.
• Set up audit logs in SM19 and SM 20.
• Submission of reports to auditors from SUIM, AGR 1251, AGR users, and AGR roles, SU24 tables etc.

Confidential

SAP Security and GRC Consultant

ENVIRONMENT: ECC 6.0

RESPONSIBILITIES:

• Work with stakeholders, system owners and end users to define business / operations requirements.
• Extensively involved in Unit testing and Integration testing and coordinated all the testers in all the testing life cycles.
• Set up Central User Administration (CUA) to manage systems/clients.
• Configured Super user Provisioning and to give emergency access to functional, technical and audit team members.
• Responsible for Post Installation activities of RAR like upload UME roles, create administrator user and assigned roles.
• Generate rules in RAR for easily create, maintain and manage risks.
• Created monitors and approvers and mapped them to mitigation control.
• Define the workflows used by the requestors and approvers.
• Determine the approvers, roles and the permissions associated with each role.

Confidential

SAP Security Consultant

ENVIRONMENT: SAP R/3 4.7

RESPONSIBILITIES:

• Redesigning and implementing SAP R/3 Security in a 4.7 upgrade environment remotely through Virsa Systems.
• Defining new Roles redesigning the existing Definitions and building smaller meaningful Roles based on concentration of job duties.
• Extensively worked with the PLOG, P ABAP, P PERNR, P ORGIN and P ORGINCON objects in designing the HCM Roles.
• Using SOD Matrix and third party tools to determine conflicts and Segregation of Duties issues in Role Definitions before building Roles.
• Creation of Roles based on the inputs from the above Matrix and testing in respect to failure or missing authorizations.
• Setting up a New User/ Deleting an existing user, locking/ unlocking a user, resetting password, maintaining a user and work on profile according to need(s).
• Experience on SUIM for various reports, user information, transaction codes, role assessment, troubleshooting etc.
• Check indicators using SU24 transaction code.
• Analyzed and updated security tables in R/3. Working on USR*, AGR* tables.
• Troubleshooting (SU53, SM19/20 and ST01).
• Responsible for creation of monthly audit report using (SUIM).
• Managing SAP user access and password expirations.