SUMMARY

• A total of 15+ years of professional SAP Security/GRC implementation and administration.
• SAP GRC 10 certified consultant.
• 2 Implementations of SAP GRC 10 AC.
• Implemented HANA security for an organization.
• Define security strategy for HANA wif teh approval of Internal Controls compliance teams.
• Secure gateway for FIORI applications which includes Transactional, Analytical and Factsheets apps.
• Four Full implementation cycles for creating Roles from Matrix. (Single, Derived and Composite).
• Extensive experience in SAP ERP 2005 and all aspects of SAP Security Administration - including upgradation and production support on different operating systems and database platforms and various SAP R/3 versions 4.5, 4.6B, 4.6C, 4.7, ECC 5.0, ECC 6.0, Solution Manager 4.0. Designed and worked on security for FI, MM, SD, order to cash and HR modules.
• Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization etc.
• Worked on BI 7.0 security (Business Intelligence).
• Maintained users in Central User Administration (CUA), monitored user activities, troubleshooted user level problems to properly access teh servers and managed security throughout teh SAP landscapes.
• Successfully implemented GRC 10 - ARM, ARA, EAM.
• Proficiently implemented and maintained VIRSA tools - VRAT 3.0, GRC Fire Fighter, GRC Compliance Calibrator 5.1, 5.2, 5.3 and GRC 10 for remediation of Segregation of Duties (SOD).
• Extensively used Fire Fighter for giving emergency access to functional team members to record all teh actions performed.
• Expert in role design according to Sarbanes - Oxley (SOX) compliance - strategy management related to SAP business processes, transactions, control infrastructure.
• Strong proficiency in teh GRC Access Control 5.2/5.3/10 - Analyze and Manage Access Risk, Provision and Manage Users, Centralized Emergency Access, Design and Manage Roles
• Responsible for configuration of teh GRC Access Control 5.2/5.3/10 suite.
• Configured all elements of GRC 5.2/5.3/10. Access Risk for SoD / Sox, Provision and Manage User for auto provisioning of users, Emergency Access for Fire Fighter, Design and Manage Roles for role build and design.
• Workshops wif key business process owners to adjust pre-delivered SoD risk levels (high, medium and low) to reflect teh company’s unique security risks.
• Configured GRC to automate all SOD related activities like defining SOD conflicts, monitoring SOD conflicts, prevention of SOD conflicts, and mitigating controls.
• Collaborated wif functional module experts to obtain teh Segregation of Duties matrix and made subsequent changes based on teh matrix.
• Configured CUP to automate user provisioning.
• Configured and customized workflows based on client’s requirement.
• Configured SPM for emergency access, both ID and role based approach.

TECHNICAL SKILLS

ERP: SAP R/3versions(4.6C,4.7,ECC5.0/6.0),mySAP (BW, APO, WAS, CRM, Portals)

Programming: C, C++, ABAP/4, SQL, JAVA2.0.

RDBMS: Oracle 9.2, MS SQL Server 2000, DB2

Platforms: UNIX (Solaris8, IBM AIX, HP-UX), Windows NT/2000/03 Server SOX, SAP GRC Implementation

PROFESSIONAL EXPERIENCE

Confidential, Chicago, IL

Sr. SAP Security consultant

Responsibilities:

• Lead security workshops wif internal controls team and business for requirements gathering.
• Define security policy and strategies according to SOX and company policies.
• Define security roles for FIORI applications (Transactional, analytical and factsheets).
• Configure roles for tile catalogs and groups for fiori Launchpad.
• Updated SU24 for FIORI applications which requires S SERVICE and associated authorization objects.
• Implemented security on HANA database.
• Define standard roles for SAP HANA database which includes developers, security basis and end user roles.
• Created different packages wifin HANA repository.
• Created design times roles which is owned by SYS REPO.
• Setup different analytic privileges on columns/attributes wifin various calculation views as a data level security and include object privileges in a role.
• Setup database trace on users at INFO level to find different kind of missing privileges.
• Gather business requirements, meet wif business process owners/functional leads to understand teh requirement and design and build global roles for SAP ECC (FI, MM, SD, PP, WM),
• Worked on creating and updating Roles as per teh Functional team requirements and authority (FI, MM, PP, SD, and APO).
• Redesigned teh existing role architecture to fit teh global model using teh Derived or Parent/Child role concept in ECC 6.0 environment.
• Used Profile Generator for creation, modifying roles, composite, global roles, and derived roles.
• Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization etc.
• Analyzed all customer programs and transaction codes for authority checks.
• Worked on SAP Check Indicator Defaults and Field values, reduced teh scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Continuously improved security configuration to reflect best practices and to prepare for system audits.
• Systems trace using ST01 or SU53 for authorization check.
• Use SM18, SM19 and SM20 for audit log.
• Collaborate wif Business Process Owners and Senior Management on mitigation/remediation of SoD conflicts.
• Performed transports and mass transports of roles and Used ECATT scripts for mass users and assigning roles.
• Create Developer key, Object key in SAP Service market Place and created S-Id’s for technical and functional team members.
• Provision of support for all implementation and infrastructure events including technical and business cutovers, upgrades, decommissioning, and re-purposing of systems.
• Role remediation and user remediation under Segregation of Duties (SOD) wifin SAP implementation using GRC Access Control Tool (Access Risk Analysis).
• Implemented security for MDG (Master Data Governance) Finance and Supplier modules.
• Secure SmartBusiness Analytics for MDG which is based on fiori and HANA database.
• Created HANA database roles which includes object and analytical privileges.
• Created analytic privileges on calculation views which were consumed on SmartBusiness Analytics app.
• Configured WebDynpro and updated SU24.

Confidential, Chicago, IL

Sr. SAP Security Consultant

Responsibilities:

• Gather business requirements, meet wif business process owners/functional leads to understand teh requirement and design and build roles for SAP ECC (FI, MM, SD, OTC, PP, and WM), BW and APO.
• Worked on creating and updating Roles as per teh Functional team requirements and authority (FI, MM, PP, SD, and APO).
• Redesigned teh existing role architecture to fit teh global model using teh Derived or Parent/Child role concept in ECC 6.0 environment.
• Created roles for APO systems including SNP (Supply Network Planning), Demand Planning, and Production planning.
• Building teh Roles using teh transaction codes and implementing these Roles for teh client organizational levels creating derived Roles and authorization profiles.
• Creation and modification of Roles and profiles as per teh requirement using PFCG.
• Security Transports DEV -> TST -> PRD by following teh change management process.
• Trouble shooting authorization problems using Repository Information System, Profile Generator using PFCG and Tracing authorizations.
• Configured business role in CRM that determine what a user can see and/or access through teh web client user interface (web client UI)
• Associated CRM business roles wif specific PFCG role, containing a menu of services, as well as authorization objects wif field values for teh appropriate data restrictions.
• Assigned CRM business roles to a position or organization unit in teh CRM organization structure.
• Adjust check indicators for authorization object UIU COMP (one-time operation).
• Run a program (CRMD UI ROLE PREPARE) to generate a list of services from teh business role links.
• Implemented and configured GRC 5.3 RAR, CUP, SPM.
• Define connectors, data source, number ranges, approvers in CUP
• Configure and Manage workflows in CUP.
• Set up email remainders and configure auto provisioning.
• Role remediation and user remediation under Segregation of Duties (SOD) wifin SAP implementation using GRC Access Control Tool (Risk Analysis Remediation).
• Worked on GRC RAR 5.3 for defining mitigation controls.
• Extensively used Tracing for restricting extra authority to end users and project members (SOD).
• Implement and configure ID and Role based firefighter in SPM.
• Define controllers to notify firefighter activities via email.
• Create custom roles for GRC suite using UME actions.
• Setup CUA in teh organization, specified logical systems and assign them to a client, created communication users, RFC destinations.
• Manual processing of IDOCs using BD87
• Check distribution logs using SCUL.
• Schedule report PFCG TIME DEPENDENCY to run every night to compare all teh user master records.
• Create Audit Logs using SM19, SM20 for auditors.
• Worked on SRM, created roles and assigned authorizations.
• Extensively worked wif Team members in Unit testing and Integration testing.
• Provided user access and client authentication for Solution Manager 4.0.
• Troubleshoot Authorization errors using (SUIM and SE16->AGR1251).
• Worked on BI 7.0 Security (Business Intelligence) and provided access to users to make better business decisions.
• Assigned roles and authorizations to BW users.
• Created Roles and Assigned JAVA Authorizations in XMII.

Confidential, Malvern, PA

SAP Security consultant

Responsibilities:

• Worked on BW 3.5 Security (Business Warehouse) and provided access to users to make better business decisions.
• Configured and maintained Info Area, Info Cube and ODS. Queries and Reporting authorizations in BW.
• Integrated data from across teh enterprise.
• Created and managed Security roles for BI.
• Worked in creating Reporting Authorization objects for BI.
• Performed teh upgrade from ECC 5.0 to ECC 6.0.
• Replaced old tcodes, authorization objects wif new ones in roles.
• Tested new tcodes and authorization objects to ensure functionality.
• Maintained dual landscape during upgrades.
• Set up Central User Administration (CUA) to manage multiple systems/clients.
• Maintained users in Central User Administration (CUA), monitored user activities, troubleshooted user level problems to properly access teh servers and managed security throughout teh SAP landscapes.
• Extensively worked in developing users for Business Information Warehouse.
• Full implementation cycle for creating Roles from Matrix. (Single, Derived and Composite).
• Created Naming convention for roles and User groups.
• Extensively worked wif ECATT (SECATT) for mass user creations.
• Worked on Virsa Compliance Calibrator for defining mitigation controls.
• Installed and configured teh VIRSA Risk Assessment Tools Compliance Calibrator and Fire Fighter.
• Used Virsa Compliance Calibrator to identify SOD issues in roles.
• Work wif business owners to define teh authorizations needed for users.
• Performed SOX Act 2002 compliancy upgrades for SOD.
• Documented major transactional processes for SOX compliance assessment.
• Assisted wif control remediation activities for SOX.
• Formulized SOX change management process for related documentation to ensure update reviews.
• Set up security for Solution Manager systems.
• Designed and assigned roles and profiles for Solution Manager 4.0.
• Maintained authorizations for various Solution Manager 4.0 profiles (Implementation, Distribution, Change Request Management, Monitoring, Reporting).
• Provided user access and client authentication for Solution Manager 4.0.
• Added a numerous customized objects in Object class (SU24).
• Security Transports DEV -> TST -> PRD (SE10).
• Extensively worked wif Team members in Unit testing and Integration testing.
• Extensive experience in EP security roles.
• Extensively used Tracing (ST01) for restricting extra authority to end users and project members(SOD).
• Imported and maintained startup/default/instance profiles (RZ10).
• Setup profile generator to create authorization profiles (SU25).
• Created Derived roles (Activity groups) by using Profile Generator and assigned them to users and Organizational units.
• Trouble shooting authorization problems using Repository Information System, Profile Generator using PFCG and Tracing authorizations using (ST01).
• Monitored teh system logs and ABAP dumps (SM21) and fixed teh problems occurred.
• Experienced in assigning Z transactions to roles and adding customized objects to roles.
• Troubleshoot Authorization errors using (SUIM and SE16->AGR1251).
• Daily, weekly, monthly and quarterly system checkup and troubleshooting.
• Assigned roles and authorizations to BW users.
• Maintained authorizations and security for BW objects - Info Area, Info Cube, ODS, Queries.
• Created new users and user groups in Enterprise Portal.
• Mapped users to Portal roles.

Confidential, Monroeville, PA

Sr. SAP Security consultant

Responsibilities:

• User Account / Profiles Management, Creation, Modification and deletion of teh user as per teh process defined.
• Creation and modification of Roles and profiles as per teh requirement using PFCG.
• Building teh Roles using teh transaction codes and implementing these Roles for teh client organizational levels creating derived Roles and authorization profiles for teh various plants located at different geographical locations in Development system.
• Maintained users in Central User Administration (CUA), monitored user activities, troubleshoot user level problems to properly access teh servers and managed security throughout teh SAP landscapes.
• Worked on BI Security (Business Intelligence) and provided access to users to make better business decisions.
• Worked on HR (HCM) security.
• Worked on GRC Compliance Calibrator 5.1 for defining mitigation controls.
• Used GRC Virsa Compliance Calibrator to identify SOD issues in roles.
• Worked on Enterprise Portal Security.
• Designed and assigned roles and profiles for Solution Manager 4.0.
• Maintained authorizations for various Solution Manager 4.0 profiles (Implementation, Distribution, Change Request Management, Monitoring, Reporting).
• Provided user access and client authentication for Solution Manager 4.0.
• Configure business role in CRM that determine what a user can see and/or access through teh web client user interface (web client UI)
• Associate CRM business roles wif specific PFCG role, containing a menu of services, as well as authorization objects wif field values for teh appropriate data restrictions.
• Login Parameters RZ10.
• Security Transports DEV -> TST -> PRD (SE10).
• Extensively worked wif Team members in Unit testing and Integration testing.
• Extensively used Tracing for restricting extra authority to end users and project members (SOD).
• Imported and maintained startup/default/instance profiles.
• Created Derived roles by using Profile Generator and assigned them to users and Organizational units.
• Trouble shooting authorization problems using Repository Information System, Profile Generator using PFCG and Tracing authorizations.
• Experienced in assigning Z transactions to roles and adding customized objects to roles.
• Troubleshoot Authorization errors using (SUIM and SE16->AGR1251).
• Assigned roles and authorizations to BW users.