SUMMARY

• Overall 5+ years of experience in SAP Security &GRC Authorizations with strong understanding of information security practices.
• Experienced in working for 1 Full Life Cycle Implementation of SAP Security Projects from design phase to post implementation phase in SAP security realm.
• Experience includes analysis, development, and maintenance of SAP Security in SAP ECC 6.0, R/3 4.7, SAP BW 3.5, BI 7.0, Solution Manager 7.0, GRC 5.3/10.0/10.1 , XI/PI, GPS, CRM 5.0, SCM 7.0, and CUA administration and maintenance and hands on experience with SSO (Single Sign On).
• Strong experience in using Profile Generator (PFCG) for certain and maintenance of Roles/ Activity groups according to the business requirements and using SAP supplied user role templates.
• Expertise in SAP GRC Access Control (5.3/10.0) - Risk Analysis and Remediation (Compliance Calibrator), Compliant User Provisioning (Access Enforcer), Super User Privilege Management (Fire Fighter), Enterprise Role Management (Role Expert).
• Had a strong experience in GRC UAR Implementation. Designing the workflow and configuration using MSMP workflow.
• Worked on procedures and applications of dual-maintenance of security changes, conversion of manual profiles and implementation of role based security.
• Extensively worked with Profile Generator (PFCG), Role Creation (single, composite and derived roles) modifications and User Administration by using SU01.
• Experience in CUA administration and maintenance.
• Experience in setting up transport request using SCC1, SE09, and SE10.
• Creation and Modifications of user accounts using transaction codes SU01, SU10.
• Troubleshoot user roles, Tracking Activities, Security Authorization Objects and custom reporting authorizations by using transaction codes SUIM, RSECADMIN, ST01 and ST22 for different modules.
• Controlling authorization object S PROGRAM through SE38 and SA38 restricted critical programs.
• Created and maintained IDs for ECC, GRC, XI, BI/BW, SCM environments.
• Worked Extensively on Authorization Groups and Customized Transaction Codes.
• Creating custom transaction codes and custom authorization objects using SE93 and SU21.
• Experience with mass user creation and maintenance using Computer Aided Test Tool (CATT).
• Expertise with the BI Analysis Authorization (RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems.
• Expertise in role designing according to Sarbanes-Oxley Compliance (SOX) strategy management related to SAP business processes, transactions, control infrastructure.
• Highly responsible professional with the ability to build confidence and trust with colleagues and internal customers in a multi-cultural environment.
• Expert in creating documentation for all the procedures/process and training manuals.
• Skilled in providing documentation and best practices relating to SAP security.
• Excellent problem solving skills, team player with excellent communication skills.

TECHNICAL SKILLS

SAP: ERP ECC6.0, R/3 4.7, GRC 10.1/10.0/5.3 , XI/PI, BI 7.0, and BW 3.5

Programming: C#, C++, Visual Basic and HTML

Operating Systems: Windows 8.1/8, Windows 7/ XP/ 2000, Mac OS

Tools: MS Office, HP Quality Center, HP ALM, SOLV.

PROFESSIONAL EXPERIENCE

Confidential, Dublin, OH

SAP Security Test Coordinator

Environment: SAP ECC 6.0, SCM 7.0, GRC 10.1, BI 7.3, CRM 5.0, XI 7.0, HP ALM 11.52/12.50

Responsibilities:

• Worked closely withSAPConfiguration Team to create manual test scripts, scenarios, test data and test conditions in HP ALM.
• Worked with business and functional team to develop test data strategy and data requirements.
• Coordinate with multiple users from EDI, CSR, WMS and Finance teams to execute SIT and get the sign off.
• Traceability Metrics preparation and organizing meetings with business and core team for test scheduling and status updates.
• Monitored the Background jobs and performed the sync jobs depending on the batch job’s requirements.
• Used to perform the Authorization Trace using the t-code “STAUTHTRACE” and “ST01”. STAUTHTRACE is used to perform the trace just like ST01 but it is limited to authorization checks only.
• Created the Test Id’s for UAT testing in CUA and mapped them to Regular Pre-Production systems where we use to do the testing in our client.
• Involved in preparing test scripts for intercompany sales, third party sales, return sales order, drop shipments, domestic and export sales processes.
• End-to-End co-ordination of UAT execution, defect tracking and Involved in UAT of the application with the users.
• Coordinated with external system owners to successfully complete the integrationtesting.
• Prepare status reports and power point presentations for PMO updates.
• Test execution forSecurityProfile Verification. Validating the security authorization checks for the test ids.
• Report test results using HP ALM.Tracking the defects and sorting the defects depending on the updates needs to be done in the test script on daily basis.
• Assigning the defects to Security teams and technical team as per the defects created and working on the defects related to missing security role mapping for the components and working on authorization issues, which end users are facing with the test ids.
• Defect tracking and co-ordination with functional and development team for defect management and resolution.
• Worked with functional team to create test scenarios based on business requirements.
• Logging and Tracking of defects in the HP ALM.
• Inspecting /reviewing and updating Functional specification, test conditions and Run Sheets.
• Developed test plan, test scripts and executed all phases oftestingsuccessfully.
• Guide, Mentor off shore team on a daily basis and Conduct defect review meetings, test plan review.
• Work with the development team to ensure that changes required depending on the E2E Tests case being executed and communicated are developed and any questions from the developers are answered in a timely and accurate fashion.
• Gain approval to correctly categorize any errors found because of tests and to sign off that tests have been successfully completed.
• Performtesting, log and track bugs and issues and publish daily reports to project team.
• Worked closely with the development and business teams along with DBA, Release Management team on various technical aspects. Participated in product development activities with Business analysts, developers and project managers at the planning and execution Levels.
• Involved in creating the test id’s using IDM for roles used for testing. Assigning the test ids and updating them as per the daily defect request.
• Validating the test scripts and updating the data sheets with job role mapping which was used to update the Test Plan in ALM.
• Manually created the new components to the existing scripts and update the role mapping in “Test Plan”.
• As a team member worked along with testing teams, involved in planning the test cases and execution plan and updating the defects on daily basis, and validated the data for Regression testing.

Confidential, Houston, TX

SAP Security Analyst

Environment: SAP ECC 6.0, SCM 7.0, GRC 10.1, XI/PI GTS and Solution Manager 7.1

Responsibilities:

• Created the roles, authorizations and administered User Master Data as per the client SAP Controls and SOP (Standard Operating Procedures) documentation as required by the Audit.
• Used to work on the daily tickets, which are related to production support using the latest ticketing tool called “SOLV”.
• “Re-designed” the Roles related to Supply Chain Management and HR use to work closely with the functional team and Finance team to develop the Custom transaction codes and Roles depending on the Business Requirements.
• Identified Segregation of Duty (SOD) conflicts and proposes recommendations that lead to implementation of mitigating controls and elimination of risks.
• Designed the Job Aids for the Controls and Executed the SOX Controls for Yearly, Quarterly and Monthly.
• Created mitigation controls for SOD issues and scheduled batch jobs to provide reports to the Management team on a quarterly basis for review.
• Worked closely with the SNC/APO and IBM Maximo functional team, created the custom roles and t-codes by gathering the requirements from the business, maintained the authorizations checks, and made sure that the custom t-codes are well restricted.
• Monitored the system logs and ABAP dumps (SM21) and fixed the problems occurred.
• Setup Transportation Management System (STMS) and transported change requests across Dev, QA, Pre-Prod and Production systems.
• Transported the generated roles and profiles using STMS and handled normal and mass generation of roles.
• Restricted access to SE16/SM30 by creating table specific custom transaction codes to the table using SE93.
• Preparing the reports for USOBT C, AGR 1251, and AGR 1252 for existing landscape and comparing the results to New landscape which is used for comparing the results after the client copy.
• Monitored access to key authorization objects such as S BTCH ADM, S ADMI FCD, S TABU DIS, S TABU CLI, and S DEVELOP for debug access etc.
• Made the client copy from existing system to new landscape for the QMT, Odyssey, Power Portal systems.
• Created the Groups in Portal and assigned the roles to the groups depending on the functional requirement.
• Created the LDAP configuration for assigning the groups to users in Portal Environment.
• Setup Profile Generator to create authorization profiles (SU25).
• Worked on SAP Check Indicator Defaults, Field Values and maintained check indicators for transaction codes using SU24.
• Make sure that the authorization groups for all the required tables have been maintained in TDDAT table using SE54 transaction.
• Worked User Administration using Central User Administration (CUA).
• Activating and troubleshooting using T-codes SCUL, SCUA and background jobs related to CUA.
• Trouble Shooting- Identified the missing authorizations using SU53 transaction and also by performing the trace and maintaining them in suitable role and SU56 in order to find security problems.
• Trouble Shooting performance issues and adjustments of SAP profiles.
• Use to perform the Role Level, User level and Business User level simulations to identify the conflicts depending on the Segregation of Duties (SOD) and updated the results in the Security Transport meeting and made sure the new roles do not have any conflicts.

Confidential, Irving, TX

SAP Security Consultant

Environment: SAP ECC 6.0, BI 7.3, CRM 5.0, XI 7.0, GRC 10.1, and Solution Manager 7.1

Responsibilities:

• “GRC User Access Review (UAR)” Implementation and Configurations using the MSMP Workflow.
• Created the documentation for the GRC User Access Review (UAR) and trained the end users.
• Developed, and executed key internal controls resulting in maintaining SOX assurance and achieved compliance for the year 2014. Collaborated with internal auditing teams on SOX projects.
• Created the data for the Role list, which need to be uploaded into GRC and Mapped the Role Owners to the Roles that was uploaded in Role Import under Role Mass Maintenance.
• Experienced in doing the Role Level Simulation and User Level Simulation, identify the risks involved in giving the access to the user, and mitigate the risk.
• Running the Repository Object Synch, Action Usage Sync and Role Usage sync for generating the plugins for all the SAP Systems to GRC using SPRO.
• Experience in understanding Segregation of Duties and Audit Compliance Standards.
• Created the Documentation for all the Procedures/Process and Training Manuals. So, that they can be used as reference for any new team or to train and end user as needed.
• Creating the Role Owners, Managers and Approvers. Running the Role Owners synch jobs and changing the request Reviewer using the NWBC.
• Developed the documentation for the Knowledge Transfer (KT) from scratch, and managed the offshore team each day with the daily KT Sessions and explained the client process for building the new roles, creating a custom t-code, maintaining the tables, etc.
• Perform UNIT testing, Positive and Negative Testing on user accounts to ensure the appropriate across levels on created roles.
• Experienced with HP Service Manager ticketing system: manage ticket queue and able to guide users through appropriate channels to get issues resolved, or redirect issues to higher level if needed in order to resolve issues within SLA’s.
• Created ECATT Scripts for mass activities such as creating users, assigning roles to users, assigning user groups to users.
• Worked with Table Authorizations and created new Table Authorization Group in SE54 to protect tables.
• Performed the “SAP Systems Refresh” by login to the system and download the role assignments from table AGR USERS and save it in the Security Workspace and disconnect the systems from the CUA.
• GRC UAR implementation and configurations using the MSMP Workflow.
• Identifying the Role Owners, Managers and Approvers. Running the Role Owners synch jobs and Changing the request Reviewer using the NWBC
• Experience with the BI Analysis Authorization (RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems.
• Worked on giving custom BI authorizations S RFC, S RS AUTH, S RS COMP, S RS COMP1.
• Experience in configuring Single Sign-on (SSO) between BI, ECC, CRM, XI, and Solution Manager.
• Performed Reconciliation of user master record using PFUD.
• Co-ordinate functional Unit testing, Integration testing for roles and authorizations to ensure accuracy and Segregation of Duties.
• Worked with the Business Managers in refining SAP roles and ensuring appropriate workflow configuration in GRC Compliant User Provisioning (CUP) - adding and removing roles from existing workflows.
• Development of mitigating controls, created workflow for mitigation assignment approval.
• Configured Emergency access management, created Firefighter monitors and approvers.
• Worked with internal control team for Role Level Remediation and User level Remediation.
• Support Basis Team for User Master Export and Import, Lock mass user during systems maintenance.

Confidential, Guymon, OK

SAP Security Consultant

Environment: SAP ECC 6.0, GRC AC 10.0 and CRM 7.0.

Responsibilities:

• Analyzing and evaluating the technical security requirements for SAP ECC Security with Full Life Cycle Implementation.
• Ensured role building follows business guidelines, and adheres to controls requirement set by the internal audit/controls teams.
• Analyzed customer programs and transaction codes for authority checks.
• Responsible for review, design, develop, test and implementation of Access Controls Capabilities.
• Configured & Supported Emergency Access Management, Automated User provisioning, Access Risk Analysis & Business Role Management inGRC 10.0 Access Control.
• Ensure segregation of duties (SOD) exists in the SAP systems.
• Troubleshoot existing user roles, security objects and authorizations to resolve security conflicts, supporting users, setting up new accounts, password resets, put users in appropriate groups and resolve any issues in production system.
• Using System Trace to record authorization checks in different sessions (ST01).
• Periodically analyze user master records and develop strategies to reduce any risks to the business from an authorization perspective.
• Created Business Partners and assigned in Org Structure using BP, Mapping business role to position using PPOMA CRM.
• Created Composite Roles (Activity Groups) by using Profile Generator and assigned them to users and Organizational Units.
• Daily, weekly, monthly and quarterly system checkup and troubleshooting.
• Assist users with access problems and questions using SUIM and SU53.
• Provide knowledge transition to new team members as well as the business users. Designed roles for CRM enterprise sales and services by restricting users on Sales, Presales and Billing Transactions.

Confidential, Houston, TX

SAP Security Consultant

Environment: ECC 6.0, BI 7.0, Sol Man 7.0, CRM 7.0, GRC 10.0.

Responsibilities:

• Security Implementation, Maintenance & Support of ECC6.0, BI 7.0, CRM 7.0, Solution Manager 7.0, GRC 10.0.
• Implemented GRC including CUP, RAR, SPM, ERM suite.
• Redesigned Security for ECC, CRM, Portal & Sol Man Modules.
• Project Planning for SAP system Authorization, Compliance & Production support including individual task allocation, dependencies & Outlook integration.
• Designed & implemented Authorization Migration Strategy to BI 7.0 BI, Portal in administering roles for users.
• BI Analysis Authorization Experience.
• BI Maintenance via RSECADMIN.
• Define Authorization relevant characteristics; Info Object Maintenance (RSD1).
• Designed & administered entire CUA landscape monitoring & improving performance.
• Worked on portal groups and roles and modified existing roles to integrate with the new Portal system
• Managed ECC and BI security into the portal security environment
• Maintenance of BI roles and Authorization issues.
• Designed and assigned roles and profiles for Solution Manager 7.0.
• Maintained authorizations for various Solution Manager 7.0 profiles (Implementation, Distribution, Change Request Management, Monitoring, and Reporting).
• Developed Periodic Audit Steps & Quarterly User Access Review for the same.
• Involved in Compliance Strategy policy with inputs on security, reporting and SOD using SOX.
• Extensively Traced (ST01) for authorization errors, failures, and used SU53 reports.
• Excellent Understanding of business processes, risks involved & risk control recommendations.
• Interacted with Customers and Team members simultaneously to resolve incidents.

Confidential, Canonsburg, PA

SAP Security Administrator

Environment: ECC 6.0, BI 7.0, and GRC 10.0.

Responsibilities:

• Designed and implemented security related standard procedures for the user administration, roles and profile generation throughout the Full Life Cycle Implementation.
• Create single role, composite role and derived role as per organization structure in both ECC and BI systems using PFCG.
• User maintenance on day-to-day basis and role maintenance on requirement basis.
• Created tables using (SE11) for T-codes, Roles and users (AGR USERS, AGR TEXTS, AGR TCODES).
• Activated the existing (OTCAACTVT, OTCAIPROV and OTCAVALID) and new info objects 0TCA* and 0TCT* and made them “authorization relevant”
• Involved in the installation and Configuration SAP GRC Access Control 10.0.
• Creating and maintaining the user IDs in CUA.
• Installed the Central User Administration system to have a single point control over the client systems (SCUA).
• Experience in Working on the Global Trade Service (GTS).
• Maintained the distribution parameters and check the logs in Central User Administration (CUA) using SCUM and SCUL.
• Trouble Shooting- Identifying the missing authorizations using SU53 transaction/ ST01 trace and maintaining them in suitable role and SU56 in order to find security problem.
• Transport the generated roles and profiles using SAP transport management system and handled normal and mass generation of roles.
• Identify Segregation of Duty (SOD) conflicts and purpose recommendations that lead to implementation of mitigating controls and elimination of risks.
• Performed change control reviews to be SOX compliant on a weekly basis (Auditing Information System and Project Management Internal Control).
• Analyze user related information including roles and profiles, by utilizing transaction SUIM
• Scheduled background jobs using SM36 and monitored them using SM37.
• Perform License cleanup activities for systems and has a deep knowledge on license administration in SAP.
• Run security reports for critical transactions and objects and for users who never logged on.
• Worked with functional team leads to define the new transactions.

Confidential, Wixom, MI

SAP Security Consultant

Environment: SAP ECC 6.0 and GRC 5.3.

Responsibilities:

• Worked in support and implementation part of the project.
• User administration setting up User ID’s, assigning roles, resetting password, locking/unlocking users.
• Analyzed/ updated roles to resolve Authorization issues in ECC 6.0 after careful analysis as per system trace (ST01), authority check (SU53) and checks in ABAP code (SE38).
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24.
• Worked in creating Background jobs using ABAP help (SUPC/PFUD).
• Designed, Developed and maintained Single roles, Composite roles, Master and Derived roles and Secured roles by Organizational levels for different modules in SAP.
• Worked with the ST01 tracing and analyzing the trace records for the user in the process of trouble shooting.
• Experience managing and maintaining USOBT C and USOBX C tables by using SU24 /SU25.
• Design, develop and Activation of Rule Sets.
• Scheduling Background Jobs for Synchronization and Risk Analysis.
• Performed Real Time Risk assessment.
• Perform Role and User Level SOD analysis for sensitive access.
• Create/Maintenance and documentation of Mitigation Control.

Confidential, San Antonio, TX

SAP Security Consultant

Environment: SAP ECC 6.0 and GRC 5.3, XI.

Responsibilities:

• Worked in Security design & Support for ECC 6.0 and GRC 5.3.
• Defined authorization assignment and management strategy and procedures.
• Verifying all approvals for the change request, SOD Simulation reports, QA tests.
• Batch jobs for SOD report dump & actions to eliminate existing violations/risks.
• Created custom Authorization classes and Authorization Objects (SU21).
• Locked and ensured that the SAP standard Super users (SAP* and DDIC) were set-up as system or background users with passwords changed.
• Extensive knowledge on troubleshooting security related problems using SU53, ST01, SM19, SM20 and ST22.
• Worked on SAP check indicator defaults and field values using transactions SU24 and maintained user authorizations using PFUD.
• Used transactions such as SUIM, SU53 to troubleshoot problems.
• Performed extensive QA for new role and role changes before approving change requests.
• Knowledge transfer to team members provided ongoing security related support for all security milestones during different phases.
• Used Central User Administration (CUA) using SCUM and SCUL to set up over 1000 SAP users & created CATT scripts for mass user.
• Identifying the missing authorizations using SU53 transaction/ST01 trace and maintaining them in suitable role and SU56 in order to find security problem.