SUMMARY

• A prudent professional with total 15+ years’ experience in SAP Security, GRC Access Control and Project Manager
• Experienced in Agile project phases of Discover, Prepare, Explore, Realize, Deploy and Run to accomplish SAP projects for multiple technology
• Experienced with SAP Support and Developing Security Strategies for S4HANA, ECC, HR/HCM(ESS/MSS), BW/BI/BW4HANA, TPM, FIORI, Portal and Net Weaver, GRC Access Control, SRM, CRM, SCM, Enterprise Portal, and Solution Manager
• Involved with Security Design of HANA privileges, Implemented SAPHANA User Security and Management using HANA Studio, COCKPIT & HANALifecycle Manager
• Involved in GRC Access Control 12/10.1/10/ 5.3 for Implementation, Configuration, Support pack Upgrade, Fit - Gap Optimization, Risks Identification & Mitigations Control and SOX compliance from Audit Perspective
• Experienced 3rd party SOX Compliance Tools - Security Weaver & Conteliga to protect security vulnerability and sign off on external audit
• Performing GRC UAR (User Access Review), Semi-annual SOX audits including SAP user licensing
• Having discussion with Business & SAP Consultants to finalizing the business requirement
• SME in SAP Security & GRC, Mentor for GenNext team, Part of hiring drive and worked RFP
• Forecasting team, revenue calculation, open demand for project, monthly metrics and EHAR reports
• Excellent communication & interpersonal skills with proven abilities in resolving complex business issues

TECHNICAL SKILLS

ERP / Net Weaver: SAP ECC, BW HANA, SCM, SRM, BPC, Solution Manager, Single Sign ON, Enterprise Portal, CUA, Success Factor, Employee Central, PLT

GRC Tool: SAP GRC Access Control, Security Weaver & Conteliga

SAP Tool: SAP GUI, HANA Cockpit, HANA Studio, OSS

Project Tool: MS Project, Mind Jet, Excel, PowerPoint, Word, Access, Outlook, Skype, Teams

ITIM Tool: Cherwell, Service Now, Remedy, Lotus Notes, Peregrine

Leadership Skills: CG Certified Engagement Manager Foundation & Level 1

PROFESSIONAL EXPERIENCE

Confidential, Irving, TX

Technical Architecture / Project Manager

Responsibilities:

• Leading the SAP Security and Governance Risk and Compliance team, Enables the transformation and performance improvement in critical SAP Security and GRC area, co-ordination with CMC to designing architecture of SAP Application Security and workflow, Single Point of Contact (SPOC) for SAP Security and GRC area for CMC
• Responsible for handling critical/regular production support issues to ABAP & JAVA environments for different SAP Suite which incorporates SAP User Administration, SAP Role administration, Authorization Issues, SAP License, Internal and External Audit, SOX Compliance and Reports
• Scope, estimate time and effort, planning, gathering access matrix requirements, create role strategies and design test plans for CMC Mills, Warehouse, Plant, Fabrication Shop, Recycling Yards and upcoming new location rollouts
• Accomplished GRC 10.1 SP22 upgrade project and GRC 10.1 to GRC 12.0 upgrade project which includes 30+ systems are upgraded with new plug ins
• Developing and Maintenance of Single, Master, Derived & Composite SAP Security roles by
• Executing performance analysis on Role, User and Profile, monitoring systems, coordinating with users and application technical teams, recommending mitigation or remediate control to improve performance and ensure internal and external compliance achieve
• Develop automation tool to improve productivity of team by analyze information and trends in the data to increase a system’s performance and efficiency
• Performing risk analysis on Segregation of Duties using GRC - Access Risk Analysis at user or role level to manages the critical risk, action, permission after apply mitigation process; monitor production environments weekly for new security violations / threats / vulnerability
• Configuration of new system to GRC Access Control, Define parameter, default setting, set stage in workflow
• Configuring GRC - Emergency Access Management to enable CMC policies for managing emergency access, Setting up business Process owner to review requests and schedule audits of usage to monitor company guidelines
• Configuration of GRC User Access Review to assess of total Production users and their Access matrix for securing Compliance Certification from the manager before External Audit
• Active involvement in system refresh or upgrade activity
• Execute SAP License on usage, classified to different license types like Professional, Limited Professional and Employee for a suite of SAP ERP
• Responsible HANA Database privileges and roles on - Attribute views, Analytic views and Calculation views, Roles imported to higher landscape over HANA Lifecycle Manager after setup SAP HANA Technical User using HANA Studio
• Designed Enterprise Portal Roles and Group which authenticate User to single point of access to business processes, information and content management
• Provide SAP Developer access key & object key to development teams; this requires detailed analysis on requested object keys & dependencies on other objects following client approvals
• Weekly status report preparation and discussion with customer depicting status of on-going, pending or waiting for customer approval activities and details about change requests
• Monthly Governance report preparation and presentation with customer which incorporates details about project and operations activities rating performance of onshore/offshore Confidential Team
• Co-ordination with offshore team members, managing project assets, conducting peer reviews, establishing standard processes, ensuring adherence to standard procedures and best practices in project work, and achieving continuous improvement. Schedule, manage, and communicate multiple project activities between multiple project team members to ensure all project deliverables are completed on time
• Recommended industry standard for Support Pack Enhancement

Confidential

Lead - SAP Security / HANA / GRC

Responsibilities:

• Preparing Persona specific roles for 5 different WAVES go live
• Working with OCM team for users access mapping
• Involved in planning for Smoke Test, Mock test, SIT, UAT and PRD cutover
• Performed SOD clean at role level and fixed rule set on false positive risks
• Discussion with KPMG to apply control
• Provisioning of BRM via GRC to all PRD users
• Streamline IT team, Fire Fighter and cutover access before PRD cutover
• Handling N + 1 path retrofit TR
• Successfully accomplished version upgrade S4 HANA
• Arranging Daily SCRUM call, team meeting and project specific meeting for smooth transition to projects & PRD support systems

Confidential

GRC Technical Architecture

Responsibilities:

• Handled GRC upgrade project through Agile Methodology
• Prepared details GRC project plan along with compliance details
• Assessed system landscape and connector to GRC engine
• Reviewed GRC background jobs and open TR lists before technical upgrade
• Driving end to end GRC project with SWA product owner and project stakeholder
• Coordinating with DXC BASIS, CG ABAP and Security team for upgrade tasks
• Working with QA, QMO & Control team for GRC validation & sign off
• Attending Daily SCRUM call, team meeting and project specific meeting for smooth transition to projects
• GRC SPRO configuration & Roles redesign are handle after post upgrade of each GRC systems

Confidential

Project Lead

Responsibilities:

• Travelled Switzerland to receive KT, setup team and stabilized application support
• Use Administration including creating, modifying & deleting users.
• Widely used Profile Generator (PFCG) for creation / modification of composite, single & derived roles
• Executed number of report as a part security control activity
• Annual User Access Review with stakeholder
• Prepared system for external audit (Deloitte) & later fix all the issue caught during audit
• Performed SAP User measurement & Licensing
• Configured Conteliga for evaluated access & workflow for automated user provisioning
• Worked as Gatekeeper & Transport Manger

Confidential

Project Lead

Responsibilities:

• Missing single role build for Profit Centre & Profile Centre Group.
• Role Clean up (Business & SSE)
• Updating rule book (Function, SOD conflict and Mitigation control)
• Mitigating Business, SSE and EA users
• Responsible for initial configuration & build of Secure Pro
• Composite Role Build for entire org hierarchy
• Carry out configuration into DEV, QA and PRD
• Prepare Data & test functionality
• Designed how to guide and installation document
• Creating, modifying, deleting user in client specific model via central user administration (CUA)
• Role Administration for new profit Centre or moving profit Centre one node to another
• Implementing & technically configuring SAP GRC Access Control 10.0 with components like Access Risk Analysis (ARA), Access Request Management (ARM), Business Role Management (BRM), and Emergency Access (EA) tools
• Assigning user into Credit note, Budget Holder into SRM
• Involved in technical upgrade form ECC 5.0 to ECC 6.0 for Bradford client

Confidential

SAP Security & GRC Consultant / me T Analyst

Responsibilities:

• Using ASAP project methodology for implementing and continuously optimizing SAP System
• Working on 7 system landscapes Sandbox, Development, Quality, Performance, Production Validation and Training
• Using data and process techniques to create clear system specifications for the design & development of Production authentication
• Creating, modifying, deleting user in client specific model via central user administration (CUA) in ECC & user management engine (UME) in Portal
• Setup Role based security through (Profile Generator (PFCG) for R2R, OTC, P2P, IM & PD process & deploying roles into Quality & Production
• Implemented capabilities of Access Control GRC
• Created connector, user, and imported roles form backend, defined group & top level security in BOBJ 4.0
• Manage Appsets, Applications, Dimensions, Transports, Work Status and Security into BPC 7.5
• Created CATT script mass user creation as well password reset
• Created reporting roles for restricting access to queries, info cubes, info object etc.
• Worked on user setup in Uperfrom
• Generated developer key & register object in SAP Portal
• Working with users to formulate and troubleshoot business requirements
• Prepare documentation for client deliverables and conducting formal training & workshop

Confidential, Memphis

SAP Security Consultant / Programmer Analyst

Responsibilities:

• Worked with off-shore team Australia, New Zealand, China & Global Distribution Centre- USA
• Responsible for security of SAP R/3, BW, HR, and Solution Manager
• Use Administration including creating, modifying & deleting users
• Extensively used Automatic Profile Generator (PFCG) / Role Expert to create roles/profiles
• Used VIRSA Compliance Calibrator tool for running SOD reports, entering Mitigating Controls, assigning Monitors & resolving SOD conflicts
• Used VIRSA Firefighter tool for assigning temporary access to the IT and\or Power users to ensure audit trail
• Troubleshot security and authorization problems, utilizing SU53, ST01, RSSM and SUIM
• Maintained/Updated Custom USOBT C and USOBX C table as per business requirements by activating and deactivating authorization checks using SU24, maintaining check indicators for transaction codes and default values for objects
• Created CATT scripts for Mass deletion of unassigned roles, creating users, assigning roles to users, and creating derived roles
• Configuration and administration of SAP Central User Administration (CUA) system for easier user administration across multiple landscapes
• Maintaining global parameter of password in all system landscape
• Maintained Structural Authorization profiles using transactions OOSP and OOSB

Confidential

SAP Security Consultant / Specialist

Responsibilities:

• User Administration including creating, modifying & deleting users
• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles
• Troubleshot security and authorization problems, utilizing SU53, ST01, and SU24, SUIM.
• Changing SAP Administration ID Passwords
• Creation & modification of OSS Customer Logon Data Process
• Worked on Computer Aided Test Tool (CATT), VRAT & VFAT
• Worked as SOX Controller
• Locking the inactive user every month in production system
• Deletion & Verification of Inactive user every month in production system
• Review the VRAT SOD mitigating control table entries for the deleted user
• Checking of exiting production SAP Profiles containing internal SOD issues
• Every Quarter user review report

Confidential

SAP Basis & Security Consultant / Senior Executive

Responsibilities:

• User Maintenance/User creation, deletion, modification on PRD, QAS, & DEV Server
• Start-Stop SAP Instance, Oracle Cluster, Services
• Local Client Copy and Remote Client Copy
• Transport Management System (TMS) Configuration
• Applying SAP Support Patch
• Load Balancing Configuration in PRD Server
• Transporting Request from DEV to QLT and PRD Server
• Database Backup including Online Backup, Archive Backup, and Offline Backup at OS Level
• Configuration of Local, Remote and Front-end Printer
• User Lock/Unlock and release the Locked Objects
• Involved in systems monitoring, and database administration.
• Checked Database statistics and monitoring database growth (DB02), Load analysis (ST03), Dump analysis (ST22)