SUMMARY:

Seeking a SAP Security GRC Consultant position within a growing organization where my SAP Security, GRC experience and skills will significantly contribute to the overall success of the organization and provide opportunities for my career growth.

TECHNICAL SKILLS:

ERP: SAP Net weaver 7.3, ECC, APO, SRM, SCM, CRM, BI, XI/PI, PO, HCMSolution Manager, Enterprise Portal, SAP HANA.

Tools: Virsa, SAP CPS, GRC 5.3, GRC AC 10.0, FlexNet Manager.

Other Tools: BMC Remedy Action Request System, Confidential Rational ClearQuest and MT groups Manager.

Specialization: SAP Security, SAP GRC, CUA, Profile Generator, User Maintenance, Authorization.

Functional Modules: Material Management, Sales & Distribution and Finance.

EMPLOYMENT HISTORY:

Confidential, Boise, ID

SAP Security & GRC Lead

Responsibilities:

• As the SAP Security & GRC Consultant, responsible for technical deliverables for SAP Security/GRC project implementations.
• Planning, development, maintenance and enhancement of SAP security applications and functional areas of SAP package such as ECC suites (FI/CO, MM, SD, PM and QM), Netweaver (SCM, BI, SAP CPS, portal, PI/PO, and GRC 10.0), Solution manager and SAP HCM systems.
• Participate in the project discussions during the requirement gathering, business process capturing and evaluation phase, advice feasibility, time and resource requirement to finalize the project plan.
• Actively involved in the implementations by coordinate with process towers/application development team during requirements gathering, design and build; Integration team during testing; deployment team during cut - over/go-live and hyper care team during support.
• Design of custom roles/users/group/authorization group for business users, process and technical teams (Basis, configurators, developers and security) in Sandbox, development, quality and production environments.
• SAP ECC, APO & BI support pack upgrade including performing SU25, Setup test ID as per business and IS team requirements.
• Design and implementation of end to end portal security setup for PI/PO migration
• Implementation of SAP Plant Maintenance, HR payroll rollout for China and SAP Fiori, migration of SAP CPS users/access from UME DB to LDAP.
• Perform authorization traces, Periodic audit checks, User mass maintenance, manage SAP OSS accounts & maintain check indicators (SU24) etc., and assists team members solving critical issues.
• Implemented BI Security with management of Analysis Authorizations at Characteristics, Key Figure, and Hierarchy Node.
• Actively involved in the GRC AC 10.0 Access Request Management and Emergency Access Management end to end implementation. Configured MSMP and BRFPlus logic to enable workflow usage.
• Performed EAM administration which includes FFID Owners, Controllers, Firefighters and firefighter ID table mappings validity based on business request.
• Actively involved in the SAP HANA security implementation including user management, roles and privileges (System, Analytic, application and repository). Good understanding of SAP HANA architecture & HANA Studio.
• Create, develop, implement and maintain the SAP security processes and policies as required. Help & educate business group on best practices of SOX and audit controls.
• Implement SOX compliance controls, Security configuration standards & monitor.
• Actively participated in the SAP systems audit - provide evidences, construct action plans and implement the changes.

Confidential), New York, NY

SAP Security & GRC Consultant

Responsibilities:

• Performing SOD checks for roles while building/modifying by using GRC 10.0 ARA tool.
• Responsible for building new roles based on the requirements, identifying the authorization issues during testing and provide immediate resolutions.
• Working with testing team for any requirement changes during testing and propose appropriate resolution.
• Coordinate with Offshore team for managing the defects and resolution.
• Reporting to project management team about the defects & solution status on regular basis.

Confidential, Raritan, NJ

SAP Security & GRC Lead

Responsibilities:

• Responsible for SAP Security architecture, design, redesign and implementation of J&J affiliates for the Net weaver, ECC suites (FI/CO, MM, PM, IM, QM and SD), BI, HCM, XI/PI, Solution Manager and enterprise portal.
• Strong and hands on experience in three full life cycle SAP Security implementations.
• Build and testing of functional & technical roles to provide a secure and auditable SAP environments.
• Security Administration including user and role administration, authorization traces, Periodic audit checks, Central User Administration (CUA) & maintain check indicators(SU24) etc.,
• Performed ECC, Portal and BI upgrade, Implemented BI Security with management of Analysis Authorizations. Used RSECADMIN extensively to develop authorizations based on the characteristics and hierarchies.
• SAP HCM (SAP HR) migration including new design and development of structural authorization.
• Actively involved in three implementations of SAP GRC Access Control 5.3 product suites SPM, CUP, RAR &UAR.
• Prepared project documents like functional specification, technical design, User requirements, traceability matrix, SOP (Standard Operating procedure) for support, process during project phase, approval process, issue logs etc., are prepared following the SDLC (Software Development Life Cycle) methodologies, signed off and shared.
• Review and enhancement of Global SOD rule set by working with Corporate Internal audit team / Business stakeholders, building approval workflows, mitigation controls and assign ownership.
• Understand critical business and information technology risks including segregation of duties principles, Contribute to internal SAP GRC knowledgebase including the development of training material, conduct trainings.
• Good understanding and implementation experience in critical business and information technology risks including segregation of duties principles, audit, GxP, FDA and SOX compliance standards.
• Implemented SOX compliance controls, J&J Security configuration standards and J&J IAPP (Information Asset Protection Policy) as related to security in new and upgraded systems.
• Handled periodic audits, pre implementation audits by J&J Corporate Internal (CIA), PwC Audit team.
• Actively participated in the SAP systems audit - provide evidences, construct action plans and implement the changes.
• Coordinate and resolve when issues are cross projects / areas / customers. Single point of escalation for the SAP GRC & Security service area / project. Manage customer Relationships, Obtain feedback and customer satisfaction.
• Facilitate prioritization of requests/deliverables, clarifying issues/ user requirements. Ensure quality of all work products - Ensure quality checks are performed by tech leads / peers.
• Regular status meeting with the leadership team and updates project status, new opportunities, resource requirement and training needs.
• Assist in creation and maintenance of processes, procedures and techniques to improve security of SAP applications and systems, including architecture diagrams and technical specifications.
• Assist SAP functional and Technical teams in implementing Quality Standards in collaboration with Confidential & Confidential Quality policies.

Confidential

SAP Security Lead

Responsibilities:

• Responsible for design and implementation of the security for all the BAT end markets with different SAP modules (FI/CO, MM, PM and SD) and systems including SCM, CRM and portal.
• Security Administration including user and role administration for 5 sets of landscapes for more than 3000 Users.
• Actively participated in the end to end Security and Firefighter implementations.
• Involved in the requirement gathering, business process capturing and evaluation phase, advice feasibility, and time & resource requirement to finalize the project plan.
• Security support for project team members in all landscapes, including troubleshooting and analysis.
• Authorization traces and speedy solution of all technical errors related to security.
• Responsible for all advanced security troubleshooting issues such as RFC security, analysis of ABAP code, custom security solutions, or areas outside of normal SU53 analysis.
• Performing periodic audit checks and provides data from SAP Systems for audit analysis.
• Working with the application team and other Vendors to solve the application related issues.
• Introduced the Fax monitoring template along with the shift handover which improved the effectiveness and efficiency for monitoring fax queues.
• Established the quality procedure, implemented and continuously monitored to ensure the team meets quality goals.
• Worked closely with the client management team for any changes/amendment in the support process and updating the process document.
• Organizing the training for the end users based on the request and proposal.

Confidential

Security Support Consultant

Responsibilities:

• Security Administration, authorization issue analysis & traces, user locks, unlocks and password maintenance, User mass maintenance.
• Maintain BW security and troubleshoot authorization using RSSM Trace and analyzing it for missing objects and field values.
• Building new roles based on the project requirement, performing unit testing and support UAT.
• Review of critical and sensitive authorization, implementing improvement to meet audit requirements.
• Update transactions via SU24 (managing authorization object) for additional authorization checks.
• Supported Cut-Over activities during project go-live, including mass user maintenance
• Trouble-shooting on various issues and worked on customizing Authorization objects, Activities / values / authorization groups to resolve issues permanently per business requirement.
• Performed periodic audit checks and provides data from SAP Systems based on audit requirements.
• Created business application authorization profiles for production roles.

Confidential

Security Team Lead

Responsibilities:

• Security Administration including user and role administration.
• Authorization issue analysis & traces, user locks, unlocks and password maintenance, User mass maintenance.
• Troubleshooting SAP authorization error logs through transaction code SU53 and provide solutions.
• Use SAP Trace tool (ST01) to analyze existing authorizations and determine authorization objects to resolve complex authorization problems.
• Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
• Building new roles based on the project requirement, performing unit testing and support UAT.
• Performing periodic audit checks and provides data for audit requirements. Responsible for implementation of any actions to address noted deficiencies during audit.
• Implemented and maintained the SAP security processes and policies as required. Implemented best practices solutions for SAP security and change management controls.
• Worked closely with functional consultants for evaluation of requirements and defining, developing and testing the roles during the implementations.

Confidential

Security/Basis Administrator

Responsibilities:

• User Master Maintenance like User Creation/Deletion/Lockdown/Activation.
• Profile Generator, Roles Maintenance & Authorization Traces.
• Active participation in the Upgrade project from version 4.OB to 4.7 R2 including role modifications, performing SU25 activities, mass user creation, new role creation, analyze and fix authorization issues etc.,
• Create, develop, implement and maintain the SAP security processes and policies as required and implementing best practices solutions.
• Actively involved in the end to end implementation.
• Backup Monitoring, TableSpace Monitoring and daily System Monitoring.
• Documentation of all training materials, policies and procedures.
• Support Packs, Co-ordination with functional teams.
• Performed the SAP R/3 4.7 installation, production system recovery & backup restore.
• Uploading Data to SAP-R3 Using BDC Programs.
• Material master and customer master maintenance.
• Troubleshooting various user’s problems as they face while posting Transactions in MM,SD & FI modules.
• Supporting the Internet application for Data Consistency between the Internet application and SAP.