Consultant / SAP Netweaver Security / GRC ARA & EAM Administrator Resume

SUMMARY

9+ years of experience in the context of SAP ECC Security and GRC Access Control.
Profile Generator (PFCG), Role creation, Profile creation, modifications, User Administration, Central User Administration (CUA), Authorization objects, User reconciliation, CATT Scripts, User locks and password maintenance, knowledge of AIS (Audit Information System).
Expert in development and administration of SAP Application Security in ECC and R/3 environment for the modules of SD, MM, FI, CO, PP, PM,AM,WM, PS, IM, BASIS, HR, CRM, BW, SCM, SRM/EBP, Enterprise Portals, XI and Solution Manager
Strong knowledge in SAP T Codes, Authorizations, Authorization Object from 4.7 to ECC 6.0
SAP HR authorizations with Structural & Context Based Authorizations Implementation.
Experienced in User Provisioning to profiles in R/3
VISTEX - US - Chargeback’s & Rebates security support.
Handling high level client meetings for various projects
Responsible for deliverables of agreed upon SLA’s with the clients.
Working knowledge in analyzing and processing SOD issues using the GRC access control tools such as Access Risk Analysis (ARA) formerly known as Risk Analysis and Remediation (RAR), Emergency Access Management (EAM) formerly known as Super user Privilege Management (SPM)/Firefighter, Access Request Management (ARM) formerly known as Compliance User Provisioning (CUP), and Business Role Management (BRM) formerly known as Enterprise Role Management (ERM).
Good Experience in Role Based Authorizations
Extensively performed and monitored PFUD, SUPC, SUIM, SU53, SU56, ST01 SCC1, SU53,SE09/SE10.Used CATT Scripts for creating mass users.
OSS User & Authorizations Administration
Expert in communicating effectively across the organization and integrating work across relevant areas. Creating manuals and documents for End-User training.
Expert in developing and executing business plans and Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined process controls and standards.
Experience with User Acceptance Testing (UAT)
Experience in various phases of many upgrades and implementations, as well as strengths in encouraging team unity and direction, supporting good communication between team members and clients, and writing clear, reader-friendly documentation
Analytical Capability in defining As-Is Processes and proposing To-Be Processes.
Experience of working in compliance with all Internal & External - Statutory Audit Teams.
Proficient in documenting business requirements, performing application design activities like writing functional designs & technical designs, Security Re-design, and segregation of duties (SOD) remediation projects, Post Implementation support, Test, and deploy activities.
Completed 1 full life cycle implementation project in different roles ranging from technical reviews, and module consultant to expert guidance in integration.
Experience in complete Life cycle Implementation of Security projects i.e. from designing to the production with Go-Live phase.
Exposure to BIW, APO, MI, PI, Gateway, EREC, Support Desk Authorizations
Extensive experience in functional modules - MM, SD, QM, HR, FI, MDM, CRM, SRM.
Extensively with Sarbanes-Oxley (SOX), Internal Audit, and External Audit teams for SAP systems compliance activities
Strong personal computer skills, including Microsoft Office

TECHNICAL SKILLS

SAP Skills: SAP Security

ERP Package: SAP ECC 6.0 BW 3.5, BI 7.1, GRC AC 5.3 /10.1SAP PLM 4.0, SAP SEM 7.1, SAP EP 7.3, SAP SCM 5.0, SAP CRM 5.0, SAP SRM 7.1 SAP NW MI 7.1, SAP E-Recruitment 6.0 and SAP Solution Manager 7.0

Tools: Digital Forms, Incident Management

GUI: SAP GUI

Database: Oracle (9i, 10g), MS SQL

Operating System: Windows 7, Windows Vista/XP

PROFESSIONAL EXPERIENCE

Confidential

Consultant / SAP Netweaver Security / GRC ARA & EAM Administrator

Responsibilities:

Involved in Pre and Post Installation activities of GRC AC 10.0
Maintenance of Access Control Components.
RFC Creations
Worked on Emergency Access Management (EAM) like assignment of FIRE FIGHTER ID’s to the user and changing the validity of ID request & generating log reports.
Maintenance of Templates and Notification messages as per client requirement Creation / Generation of Custom Rule Set
Run Risk Analysis at User / Role Level
Maintenance of Functions / Risks and Mitigation Controls.
Continuously improved security configuration to reflect best practices and prepare for system audits. Tested and implemented security recommendations given by SAP audit team. SAP GRC Access Controls 10.0 (ARA, EAM)
Responsible for design, develop, test and implementation of Access Controls capabilities
Review, validate the SAP system landscape for Access Controls capabilities.
Custom Authorization maintenance.
Responsible for gathering the requirements for complete GRC Access Controls capabilities.
Analyzing SU53, ST01 screen shots to debug Authorization problems.
Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls. Complete overall support includes design and implementation for all Security needs for all user ID admin and Role builds for SOX compliance
Responsible for support pack upgrades from lower to higher for open technical issues if require.
User and Role Admin in ECC
Creation / Maintenance of roles in ECC
Processing tickets as per the privileges of the client (SLA).

Confidential

Consultant / SAP Netweaver Security Lead

Responsibilities:

Responsible for all aspects of SAP Security Administration tasks including Coordinating and interacting with business, technical and functional consultants for gathering SAP Security requirements, role development (Single Role, Composite Role and Master/Derived Role), create/maintain analysis authorization, testing, transport roles/authorizations, Security system parameter validation, generating analysis reports, troubleshoot authorization error and create/maintain SAP Security process documents for SAP systems ECC6, SRM and Enterprise Portal 7.3
Applied SAP Security policy / procedure / best practices and system controls to SAP systems
User Administration/Maintenance - Central User Administration (CUA): Creating users, assigning roles to users, resetting password, locking/unlocking users, text comparison for child systems (SU01, SU10, SCUA, SCUL, SCUG, SCUM, RSDELCUA, ST01, SALE...) in all SAP systems.
Troubleshoot user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error, resolving the issue by giving required authorizations in SAP modules
Attended change control management meeting in respect to security changes and transports.
Used Central User Administration tool for User Administration/maintenance.
Created training IDs and help training team for every phase of implementation and future enhancements.
Used Remedy System for Incident and Change Management.
Extensively worked on production tickets and requests, first (P1), second (P2) and third level support, fixing end user Roles/Profiles based on change requests created for breaks/fixes.
Provided knowledge transfer (KT) and training to off-shore/on-site resources for the entire security design/development and maintenance process.
Responsible for communication, coordination, and teamwork within the team and end users.
Monitor and report to management on the status of project efforts, anticipating/identifying issues…etc

Confidential