PROFESSIONAL SUMMARY

• With 15 years of professional and 9+ years of experience as a SAP Security & SAP GRC consultant. Expertise in SAP GRC 10.1 (ARM,ARA & EAM), GRC 5.X versions, GRC 4.0,SAP R/3, ECC 6.0,, BI/BW,BOBJ, BOBJ Explorer, MDG, BPC, CRM,SRM,SOLMAN 7.1 Charm security, CUA, Enterprise Portal, user administration, role administration, design, documentation in various security processes, procedures, auditing; knowledge transfer and an active team player.
• Technical Expertise in SAP Security Conceptual Design, Implementation, upgrade and Re - Design of Security in Global Implementation.
• Global exposure to variety of SAP Application areas including GRC 10.1, 5.x, 4.0 versions, ECC,BI/BW, BOBJ,BOBJ Explorer, MDG, Information Steward, Data Services, GRC 10.1,CRM,SRM, PI, IDM, Solution Manager, Net Weaver, CUA and EP, etc. and spanning several versions.
• Implemented GRC 10.1 GRC ARA, ARM, EAM, Configured Pre-Post installation steps related to GRC Access Control
• Configured MSMP workflow for New access, change access, Delete access, Lock/Unlocking, Functional creation, Mitigation control id creation, Risk id creation, Fire fighter id request and also Role approval in ARM
• Created Owners, Mitigation Controllers, Risk owner, Security lead Point of contact
• Created FF owners, Controllers and Firefighter id's for Emergency access request.
• Expert in Creating BRF+ workflows
• Run the background jobs to sync Authorization data, User sync, Role Sync and Profile Sync
• Defining Risks, Analyzing Risks, Creating Business Process, Rule creation, mitigation, Role Owner, Alerts, Analyzing management reports, Basic Configuration Settings in all AC capabilities
• Design, configuration, and implementation of Risk Analysis (ARA/RAR), User Provisioning (ARM/CUP), and Firefighter (EAM/SPM).
• Develop (Firefighter) roles and workflow approval process in GRC 10.
• Configure GRC Access control tool to avoid SOD conflicts to comply with Sarbanes-Oxley (SOX) regulation using RAR, CUP, and SPM.
• Analyze SAP Segregation of Duties (SOD) conflicts and recommend corrective action
• Broad experience in maintaining single, composite, and derived roles using Profile Generator (PFCG)
• Design and Implemented Business Objects (BOBJ) security based on how the access level, application security, and content security such as users and groups, universe security, folder access by using CMC.
• Implemented security on Information Steward Application for Manage schedules for Data Insight tasks, metadata integrators, Score card utility, configuring connections and application settings.
• Very good experience on SAP Business Planning and consolidation (BPC) security for user, task profile, data access profile & teams.
• Experienced in working with Auditors in keeping the SAP systems audit compliant and supported audit team for generating audit reports as per the audit rules provided by the auditors
• Developed segregation of duties (SOD) model and resolve SOD conflicts
• Working with functional teams to design and redesign new process and create new programs for automation.
• Extensive experience with Automatic Profile Generator (PFCG), User Administration, Central User Administration (CUA), Authorization object maintenance, Problem analysis and troubleshooting, SAP GUI & CATT and ECATT Scripts, transporting roles, HR Security, Auditing, Segregation of Duties (SOD) and Sarbanes-Oxley Compliance etc.
• Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc.,)
• Effectively analyzed trace files and tracked missed authorizations for user’s access problems and provided solutions as per the process.
• Well conversant with the onsite-offshore delivery model, having led and managed offshore delivery teams. Streamlined processes to enable capture and measurement of key quality and performance metrics.

PROFESSIONAL EXPERIENCE

Confidential

Responsibilities:

• Successfully Implemented GRC 10.1 GRC ARA, ARM, EAM.
• Configured Pre-Post installation steps related to AC component
• Configured MSMP workflow for new access, change access, Delete access, Lock/Unlocking.
• Creation, Mitigation control id creation, Risk id creation, Fire fighter id request and also Role approval in Access request management.
• Created Owners, Mitigation Controllers, Risk owner, Security lead Point of contact.
• Created FF owners, Controllers and Firefighter id's for Emergency access request.
• Run the background jobs to sync Authorization data, User sync, Role Sync and Profile Sync.
• Trouble shoot the Configuration issues like Email notification error, MSMP workflow trigger errors, Role /User level risk analysis issue, Auto provisioning errors.
• Creation of BRF plus rules based on client requirement for MSMP workflow.
• Design, configuration, and implementation of Risk Analysis (ARA/RAR), User Provisioning (ARM/CUP), and Firefighter (EAM/SPM).
• Analyzed and configured GRC 10 (AC) Global Rule Set per clients' processes/standards.
• Designed and developed security roles for various deployments.
• Working with business analysts and clean up the security roles to eliminate segregation of duties (SoD) conflicts using GRC Risk Analysis and Remediation tool.
• Prepared the training materials for End Users and Approvers (Manager, Role Owner,
• Train the End Users and Approvers (Manager, Role Owner, AMT, SEC and Basis Admins.)
• Conducted User Access Reviews for semiannual audit. Helped the internal and external auditors for quarterly and yearly audits.
• Evaluate various project requirements and ensure that all projects are adhering to SAP Security Policies.
• Working with Business and Functional Teams to define Segregation of Duties and outline the roles and responsibilities of the each team to effectively implement SOD checks.
• Strong knowledge on CMC Central Management Console tool for BOBJ, Information Steward & Data Service Tools.
• Working on administration tasks of BOBJ such as security set up, Creation of folders, users, groups, rights, access levels, scheduling of reports, maintaining connections, universes & creating ABAP roles and sync with BOBJ tool.
• Created ABAP roles based for security restrictions on Projects, Metadata Management, Matapedia, Data Insight, Cleansing package builder authorization in Information Steward by using CMC tool.
• Working on MDG Security activities such as UI Security, BP Maintenance, restrictions on Business Workflows at different stages for Requestor, Approver, Finance Approvers, Customer, Vendor creation, Supplier.
• Updating user menu through portal and ABAP Roles as per business requirements.
• Mapping Business role and PFCG role in CRM for sales, IC modules, creating roles and updating the user menu through sap programs, WEBI reports security restrictions.
• Supported users for security issues in all functional modules.
• Creating Analysis Authorizations using RSECADMIN, Maintaining Hierarchy values, restrictions on workbooks.
• Provide Pareto & Trend Analysis for Management review (Access requests, Service Request, High frequency Incidents) and proposals to improve the support model.
• Coordinate with Internal & External Audit teams for continuous compliance, providing Population & Evidence Data as per the Audit Requests.
• Monitor Service requests, system health check, and User Provisioning reports to ensure the issues are resolved as per the SLA timelines.
• Perform Self-Audit on Monthly basis to continuously monitor Access Controls & Process Controls.
• Perform RCA for Production system outages, and document & Implement the corrective actions.
• Analyze service requests on a period basis and identify high volume Incidents and its root cause propose process changes, update documentation as required.
• Identifying the process changes due to system enhancement / upgrades and updating respective QMS documents.
• Service oriented, and motivated team player with ability to influence other team members on key challenges.

Skills Used: GRC 10.1, SAP Net weaver, ECC 6.0, MDG, BI/BW, BOBJBPC, Information Steward, Data Services, CRM, EPMicrosoft Analysis Tools & BOBJ Explorer.

Confidential

Responsibilities:

• Designed and configured SAP Solman Charm Security.
• Built Analysis Authorizations using the transaction RSECADMIN
• Setup security at the Info objects level (field-level security).
• Troubleshoot authorizations related problems using RSECADMIN
• GRC 10.0 Access control application implementation and support
• Business analysis, technical solution design and delivery with a clear emphasis of segregation of duties (SoD) and adherence to the project life cycle
• Customization of SoD Matrix to review Schneider business process with SoX regulations
• Retrofit & Remediation of SAP users to segregate the business duties and proposed reorganization to meet SoD compliance
• SAP roll out for multiple SE entities in different countries
• Worked on production change requests and support.
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Performed user administration activities such as creating, locking and unlocking users, and resetting passwords, maintaining logon data and assigning roles to the users.
• Created and modified Single roles, Composite roles and derived roles using the Automatic Profile Generator (PFCG) from the Role Matrices provided by the functional team.
• Review and updated sensitive authorizations such asS TABU DIS, S ADMI FCD, S DEVELOPetc.
• Created SECATT scripts for user creation, roles assignment, roles creation, organization levels maintenance
• Prepared design documents for production change requests.
• Design the security automated programs documents and developing by coordinating with developers.
• Testing the SAP security programs and resolving the defects.

Skills Used: SAP Net weaver, ECC 6.0, GRC 10,BI/BW, HP QC, BMC

Confidential

Responsibilities:

• Configured and supported SAP GRC 5.3 and 4.0 Version for RAR, CUP& Fire Fighter Ids.
• Working with Business and Functional Teams to define Segregation of Duties and outline the roles and responsibilities of the each team to effectively implement SOD checks
• Coordinate with Internal & External Audit teams for continuous compliance, providing Population & Evidence Data as per the Audit Requests.
• Perform Self-Audit on Monthly basis to continuously monitor Access Controls & Process Controls.
• Conducted User Access Reviews for semi annual audit. Helped the internal and external auditors for quarterly and yearly audits.
• Creation, Mitigation control id creation, Risk id creation, Fire fighter id request and also Role approval in Access request management.
• Created Owners, Mitigation Controllers, Risk owner, Security lead Point of contact and Email notification settings and scheduled the back ground jobs.
• Customized rule set uploaded, Generated the Rule set.
• Prepared the training materials for End Users and Approvers (Manager, Role Owner and SOD admin stages) and trained.
• Effectively analyzed trace files and tracked missing authorizations for user access problems and inserted missing authorizations manually.
• Analyze all customer programs and transaction codes for authority checks.
• processes
• Configured CUA (central user administration) for connecting multiple systems to central system.
• Worked on CUA to process the request such as creation of new users, assigning roles to users, maintaining the IDOCS through CUA for users and lock/unlock
• Worked with functional and business users to develop new roles and authorizations.
• Created and modified Single roles, Composite roles and derived roles using the Automatic Profile Generator (PFCG) from the Role Matrices provided by the functional team
• Performed reconciliation of user master record and roles using PFUD and SUPC
• Setup BI security for user roles (query users, administrative users and power users) and Built Analysis Authorizations using the transaction RSECADMIN.
• Analyze root cause of security failures to resolve help desk tickets.
• Continuously improved security configuration to reflect best practices and to prepare for audits.
• Worked extensively on restriction of Tables and Programs, grouping them into Auth groups and custom Transaction codes
• User administration: Creating, changing, locking/unlocking and password resetting of users and created User Groups for easy administration and groups.
• Generating reports using SUIM and security tables.
• Analyzing and solving the missing authorizations and day-to-day security issues that are being raised by the users.
• Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

Skills Used: SAP ECC 6.0, 4.7, GRC 5.3, 4.0, MDM, BI/BW, CRM, SRM, EPGTS,XI, All function modules of ECC security, BMC Remedy

Confidential

Responsibilities:

• Gathering the Information and data through various channels and updating in websites through FTP.
• Updating the latest news, Images and video news in to website
• Manage accounts on VPS server such as web hosting (FTP) and POP email accounts, setup
• Creating logos, banners and buttons for websites.
• Design and develop prototype designs into fully functional, web sites (standard, flash and ecommerce
• Contacting external webmasters to confirm link placements.
• Changing the code, software or graphics of existing websites.
• Testing a website & identifying bugs & technical problems.
• Developing cross-browser and cross-platform compatible solutions.
• Provide guidance to other team members on web development issues.
• Developing websites that have a consistent feel and look throughout all web properties.
• Providing technical support to end users.
• Performed maintenance and updates to existing client Web sites.
• Involved in Manual Testing, all the links and functionalities of the project.
• Preparation of test cases for the Web Hosting and Search Modules.
• Preparation of test cases for the Jobs and Careers, Online Post Service and Matrimonial modules.
• Responsible for running test cases, generating reports and posting defects
• Registering websites with major search engines.

Skill Used: HTML, FTP. Adobe Photo shop, Dream viewer, Flash