SUMMARY

• Security Consultant wif 10 years of experience in SAP & GRC (Governance, Risk and Compliance) space.
• Proven ability to manage full scale ERP implementations, transformation, and upgrade projects.
• Lead full scale ERP implementations to deploy Security and Controls framework dat involve project kick - off, managing project work plan and resources, drive business and IT (Information Technology) workshops, document requirements, document key stake holder meetings, document and review design specifications, review build, co-ordinate test cycles (development testing, integration testing and end-user testing, develop and execute cutover plan, conduct Go-No Go discussion and execute hyper care plan.
• Implement security framework for SAP and non-SAP based ERP applications, conduct workshops wif business stakeholders to capture requirements, design job-based security roles, design SOD (Segregation of duty) free task roles and design access risk mitigation strategy and procedures.
• Perform pre-go-live assessments for large scale ERP implementations, assess business process and information technology for regulatory compliance, work wif internal audit (IA) to identify key controls, develop remediation plan to address security and control deficiencies, and prepare companies for external audit.
• Implement SAP GRC AC (Access Control) tool for SAP based solutions to automate user access management, emergency access management, access risk analysis and business role management.
• Design and develop complex access provisioning workflows to address the residual access risk dat cannot be remediated due to business requirement.
• Adopt risk-based approach to design and develop security roles for ERP applications and design custom SOD ruleset to analyze SOD risk violations across the ERP solutions.
• Design/Build Security and Controls for SAP based applications like S/4 HANA, BW/4 HANA, Fiori, ECC, BI/BW, BOBJ (business objects), BODS, Solution Manager, SAP CRM, SAP SCM, and HANA Analytics.
• Perform risk assessments for on-going business operations based on cyber risk vulnerabilities, application vulnerabilities, application security standards, user management procedures and GRC processes.
• Work wif IAM (Identity Access Management) solutions like SAP IDM, SailPoint, SAP IAG (SAP Cloud Identity Access Governance), etc.
• Develop SOX procedures for IT controls, develop testing strategies and scripts for automated and manual controls, evaluate testing to confirm control effectiveness and perform periodic control evaluation and testing.
• Work wif internal and external audit teams to develop an effective control framework for the organizations based on their regulatory and non-regulatory requirements.

PROFESSIONAL EXPERIENCE

Confidential

SAP Security Consultant

Environment: S/4 HANA, BW/4 HANA, BOBJ, GRC, Fiori and Solution Manager

Responsibilities:

• Implement SAP S/4 HANA, SAP ECC, BW/4 HANA, BI/BW, BOBJ, SOLMAN, SLT, BODS, Fiori, GRC Access Control and HANA database solutions for Confidential business processes
• Implement security and controls framework as part of the projects dat are focused to rollout existing Confidential SAP applications to newly acquired entities.
• Implement and rollout SAP GRC Access Control 10.1 suite functionalities to newly acquire entities to automate user provisioning, firefighter provisioning and access risk analysis.
• Participate in business process design workshops for commercial, make to deploy, finance and supply chain to identify the security and internal control points.
• Review BPD (business process design) documents to identify security and controls requirements.
• Design and develop security roles for new entities, by exercising current Confidential role methodologies and standards.
• Review custom requirements captured during process design workshops to understand the impact on existing security and controls framework.
• Conduct workshops wif business and IT teams to communicate security role design standards and gather requirements for application security access role design.
• Design and build task-based security roles dat are Segregation of duty (SOD) free. Design and build business roles based on user jobs or positions.
• Update GRC SOD ruleset to include new custom transaction codes.
• Review SAP security role design and roles as part of implementation, analyze SOD access risk violations, work wif security team to remediate or mitigate the roles, simulate the SOD violations for user to role assignments, mitigate the users and roles.
• Manage Security and Controls activities through the engagement lifecycles dat include phases - prepare, explore, test (unit, integration, and end-user acceptance), deploy and hyper-care.
• Provide support to current SAP S/4 HANA, BW/4 HANA, BI, BOBJ, SOLMAN, Fiori, GRC Access Control and HANA database, troubleshoot authorization issue, develop, and execute remediation plans, address process efficiency improvements.
• Execute and co-ordinate GRC user access review (UAR) process dat involves in generating the user role assignment request, map accurate role owners, trigger GRC requests to role owners for approval, address rejected requests and close the UAR cycle.
• Execute ITGC SOX reports in SAP S/4 HANA, BW/4 HANA, BI, BOBJ, SOLMAN, Fiori, GRC Access Control and HANA database
• Work wif SAP IAG solution to realize the integration limitations and capabilities when connected to SAP and non-SAP solutions in the landscape

Confidential

SAP Security Admin

Environment: SAP ECC, BI/BW, SCM, CRM and GRC

Responsibilities:

• Provide security expertise as part of support and project operations dat involve rollouts and acquisitions by Confidential
• Maintain security for SAP applications like ECC 6.0, BI/BW, BOBJ, CRM, SCM, HANA and GRC AC 10.x
• Assist internal audit and governance committee to define regulatory SOX and ITGC controls for newly acquired entities by Confidential
• Support and maintain security for reporting tools like BOBJ and BW applications
• Develop BW roles and BOBJ groups to map BOBJ folder access to backend BW queries
• Develop repository roles for HANA database and transport them across the landscape
• Rollout SAP GRC Access Control 10.1 suite to other applications in the landscape for automate user provisioning, emergency access provisioning and access risk analysis
• Configure MSMP workflows for different user provisioning scenarios like new, change, terminate, lock, and unlock user accounts, create complex BRF plus rules and workflows to meet the existing user management processes in Confidential .
• Configure MSMP workflows for role management, design role methodologies and steps involved in role creation/modification, configure condition groups for approvals, and configure user access review.
• Use automatic Profile Generator (PFCG) to create and maintain roles/profiles for SAP ABAP systems like ECC, BW, CRM, SCM and GRC
• Analyze trace files and tracked missed authorizations for users’ access problems and update SU24 values to maintain necessary authorization in PFCG roles dat are assigned to user
• Support BW & BI systems, create & trouble shoot analysis authorizations, investigate the trace results from RSECADMIN
• Co-ordinate Unit testing (UT), System Integration Testing (SIT), User Acceptance Test (UAT) for Roles and authorizations to ensure accuracy and segregation of duties as part of Support
• Resolve security defects created by test scripts in HPQC and periodically used HPQC progress report to monitor defects

Confidential

SAP Security Admin

Environment: SAP ECC, BI/BW, SCM, CRM and GRC

Responsibilities:

• Closely work wif business process owners, functional and technical team to gather and analyze requirements, create tcode to role mapping, User to role mapping, unit test the role changes, perform SOD analysis and role remediation
• Upgrade to EHP 7 - Involved in analysis, making changes and adjusting roles
• User maintenance (User creation/deletion/lockdown/activation/Password management)
• Role Remediation to meet the business SOX/ compliance requirements
• Identify roles and make changes to remediate the SOX issue if possible
• Conduct workshops wif the business users to brief about SAP Security, SOX and SAP GRC tool
• Generate weekly SoD and FF log reports for the management, Setup FF, Create and assign FF IDS to users once approved by the FF ID owner
• Work wif profile generator (PFCG) to creating roles, composite roles and derived roles
• Work on RSECADMIN to define analysis authorizations
• Involved in Business Reorganization project which involved design and development of new AA and roles in BI7.0
• Implement Special authorizations using colon and key figure authorizations in SAP BW/BI
• Maintained authorization object assigned to tcodes using SU24 to meet the business requirements and to make sure the best practices are followed
• Create Authorization Groups to restrict the HR table access and review/correction of sensitive authorizations (S TABU DIS, etc.), including assignment of authorization for sensitive tables
• Create authorization groups using SE54
• Perform troubleshooting of user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error for SAP systems for DEV, QAS and Production Environment
• Extensively work in SAP Security Administration & Authorization including Activity Groups, Profile Generator (PFCG), Central User Administration (CUA), Role/Content Administration and User Administration and an extensive use of transactions like SUIM, PFCG, SU01 SU10, SU24, ST01, SU53
• Work wif the management on CSS which helped to improvise thins as per user requirements and make it more user friendly
• Extensively work on authorization issues related to BI Security and was leading the team as BI SME
• Use ticketing tools like HP-ALM and ISM
• Provide On-Call support 24x7 for all SAP Security related issues and activities

Confidential

SAP Security Admin

Environment: SAP ECC, BI/BW, SCM, CRM and GRC

Responsibilities:

• Responsible for Design and development of security strategy for enhancements and Development projects.
• Perform troubleshooting of user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error for SAP systems for DEV, QAS and Production Environment.
• Updating role as requested by business process owner and run through GRC (10.0) to make sure the new addition does not cause any SOD violations wifin the role.
• Used transaction RSECADMIN for creating analysis authorization and S RS AUTH for assigning analysis authorization to end user roles.
• Maintained authorization object assigned to tcodes using SU24 to meet the business requirements and to make sure the best practices are followed.
• Created Authorization Groups to restrict the HR table access and review/correction of sensitive authorizations (S TABU DIS, etc.), including assignment of authorization for sensitive tables.
• User maintenance (User creation/deletion/lockdown/activation/Password management).
• Work wif profile generator (PFCG) to creating roles, composite roles and derived roles.
• Creating weekly reports which include SOD (SOX) reports, Inactive user reports, User termination reports and Firefighter log reports.