SUMMARY

• SAP Security Consultant with 12 years of experience which includes Design, Analysis, Configuration, Upgrade, Rollout & 24X7 Production Support of Application Security and handling Security for various modules: SAP ECC (HCM, HR, SD, MM, PM, FI, CO), HANA Studio, SuccessFactors, BW/ BI, CRM, SRM, XI/ PI & Portal in Global SAP landscape environments
• Good experience on SAP GRC10.x and 5.x Access Control modules (ARA, CUP, EAM, SUP and ARM)
• Knowledge on SAP HANA User Security and Management using HANA Studio
• Working experience on SuccessFactors Security includes user admin, role admin, termination and creating adhoc reports for Security
• Expertise in remediation & mitigation of SOD/SOX violations found during Risk Analysis
• Experience in various dimensions of SAP security which includes Net weaver Security (R/3, BW/BI, SRM, Portal)
• Expertise in building different type of roles (Derived Role, Parent Role, Composite role, Task and Enabler roles. Single Role) using Profile generator (PFCG)
• Expertise in Configuration, Administration and troubleshooting Central User Administration (CUA)
• Experience in setup of BI security for user roles (query users, administrative users and power users)
• Experience in maintenance and assignment of BI analysis authorizations with RSECADMIN
• Having a strong background and experience in developing the software applications, experienced in building Security Utilities resulting automation and reducing manual intervention
• Experience in Service Market place user administration and Opening an OSS connection
• Worked on LSMW and eCATT scripts for mass user and role administration
• Good experience in creating custom queries using SQVI to fetch the data by joining the complex tables
• Proficient in using authorization diagnostic tools such as SU53 and ST01 to solve authorization problems
• Experience with using Audit Information Systems (AIS) logs (SM19, SM20 and SM18)
• Experience working with Compliance/SOX, Internal Audit and Business teams to identify and analyze technical requirements to determine the adequate user access rights
• Experience on Audit projects and working as a liaison between the security team and auditors
• Expertise in cleaning up and re - designing roles to limit user access on critical data based on audit requirements
• Good Exposure with Transports Management Systems (STMS, SE09, SE10 and SCC1)
• Good knowledge on SAP Check Indicator defaults, field values, and maintained check indicators for Transaction codes
• Experience in maintenance of tables and authorization groups
• Strong documentation skills on security design, policies and procedures
• Experienced in leading and guiding the security teams in unit, integrated and negative testing of the roles using the business process procedures
• Configuration of SAP Security parameters and privileges
• Strengths include good team player, communication, interpersonal and analytical skills,
• Flexible to work with new technologies and ability to work effectively in a fast-paced, high volume, deadline-driven environment

TECHNICAL SKILLS

SAP Application: NetWeaver security (R/3, BI, SRM, CRM and Portal)

SAP Tools: SAP GRC Access control 10.1/10.0/5.3/5.1, SAP UME, CUA

Operating Systems: Windows 2003/XP/Vista/ 2000/ 98 / 95 / NT 4, UNIX

Languages: C, C++, Java, HTML, Visual Basis

PROFESSIONAL EXPERIENCE

Confidential

SAP Security Lead Consultant (Onsite)

Responsibilities:

• Working closely with the Client for process enhancements and involving in client meetings on a daily/weekly/monthly basis to know the status of the current/upcoming SAP Security project activities
• Implementing SAP Security like: Requirement gathering, Design, Development, and Maintenance of SAP ECC, BI, SCM, Solution Manager Roles
• Handling HANA User Administration using HANA studio
• S User ID administration
• Opening OSS Connection and maintaining the login details in Secure Area for SAP
• Responsible for completing Monthly, Quarterly and Annually Audit Controls
• FFID administration including FFIDs creation, upload to GRC, Mapping to Owners and Controllers
• Performing user administration activities in the CUA System landscape and troubleshoot CUA related issues
• Resolving day to day security related issues
• Using CHARM as Change Management tool to transport the role changes across all landscapes
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Helping auditors by providing them required information and documentation
• Regularly update Security run book with security procedures and the policies|

Environment: ECC 6.0, Solution Manager, HANA

Confidential

SAP Security Lead Consultant (Onsite)

Responsibilities:

• Leading Confidential SAP Security Operations team at onsite to make sure that client SLA is met without any escalations
• Working closely with the Client for process enhancements and involving in client meetings on a daily/weekly/monthly basis to know the status of the current/upcoming SAP Security project activities
• Handling the GRC 10.1 support activities related to Access Request Administration, Access Risk Analysis and Emergency Access Management
• Uploading roles and assigning role owner along with attributes in GRC 10.1 system
• FFID administration including FFIDs creation, upload to GRC, Mapping to Owners and Controllers
• Providing utmost priority to security related requests related to SuccessFactors
• Handling HANA User Administration using HANA studio
• S User ID administration
• Opening OSS Connection and maintaining the login details in Secure Area for SAP
• Immediate resolution to the all Security and GRC Sync Jobs failure using Job Monitoring tool Autosys
• Responsible for quarterly UAR, Fire-Fighter Review, Mitigation Control Review. SOD Review etc
• Portal user administration and assignment of portal roles to connect to backend systems like BI, SRM and CRM
• Using CHARM as Change Management tool to transport the role changes across all landscapes
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Helping auditors by providing them required information and documentation
• Regularly update Security run book with security procedures and the policies
• Resolving day to day security related issues by providing on-call support 24*7 for any security related issues

Environment: ECC 6.0, BI 7.3, SRM, HR, Solution Manager, HANA, SuccessFactors

Confidential

SAP Security Lead Consultant (Onsite)

Responsibilities:

• Leading the JCI SAP COE Security team at onsite across all the business units in meeting client expectations
• Handling the support activities related to GRC 10.1 Emergency Access Management (EAM), GRC 5.3 Compliant User provisioning (CUP) and Super User Privilage Management (SPM)
• Responsible for design, develop,testing & implementation of risk free business, composite, single & derived roles
• Working with business owners to reclassify the custom codes as per the functional, sensitive access and helped in updating the Rule set as and when needed
• Performing weekly Risk analysis on user & role level to take necessary actions if any SODs found
• Working closely with the Client for process enhancements and involving in client meetings on a daily/weekly/monthly basis to know the status of the current/upcoming SAP Security project activities
• Extensive interaction with Business Process Managers to understand and remediation/mitigate various SOD/SOX risks associated with roles and users found during risk analysis
• Designed various forms and templates for new user requests, roles, modifications, change management process etc.
• Uploading roles and assigning role owner along with attributes in GRC 5.3 system (Compliant User Provisioning)
• Processing CUP requests, uploading roles and assigning role owners in CUP.
• Creating Reason codes (if needed) in EAM and Mapping owners/controllers to FFID & assigning users to FFIDs
• Scheduled jobs for GRC synchronization on a weekly and need basis
• Responsible for quarterly UAR, Fire-Fighter Review, Mitigation Control Review. SOD Review etc
• Portal user administration and assignment of portal roles to connect to backend systems like BI, SRM and CRM
• Implemented Central User Administration (CUA) within R/3 and BW system landscape
• Performing user administration activities in the CUA System landscape and troubleshoot CUA related issues
• Delinked/Linked child clients from CUA setup during client refreshes using the program RSDELCUA
• Coordinating with BASIS team in implementing the SAP Security related suggestions mentioned in the EWA report like applying notes, parameter changes
• Initiation and Implementation of security utility Password reset tool that will allow SAP users to reset their passwords themselves in SAP systems
• Initiation and Implementation of Inactive user lock program that will lock users not logged in for 90 days
• Working with Reporting Users, Power Users and Administration Users in Identifying and Resolving Authorization Issues in BI System
• Redesigning roles as per audit and functional requirements
• Worked on critical authorization Objects like S TABU DIS, S DEVELOP, S RZL ADM, S ADMI FCD, S TRANSPRT etc.
• Worked on SU24 to maintain Check Indicators for the Transaction Codes
• Maintained Authorization Groups for Tables and Reports and assigned them accordingly
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Supporting other teams by providing the requested information
• Using CHARM as Change Management tool to transport the role changes across all landscapes
• Followed the standards established and naming conventions as dictated for the Clients security schema
• Helping auditors by providing them required information and documentation
• Regularly update Security run book with security procedures and the policies
• Resolving day to day security related issues
• Provide on-call support 24*7 for any security related issues

Environment: ECC 6.0, BI 7.3, SRM, XI and Solution Manager

Confidential

SAP Security Consultant

Responsibilities:

• Developing enhancements to existing functionality by re-designing user roles which involves in analyzing and re-structuring user authorizations to minimum extent
• Extensively used Automatic Profile Generator (PFCG) in ECC to create and maintain user based roles
• Performed remediation and mitigation against various risks associated with roles and users
• Interacted with the Role owners for maintaining the correct restrictions on the Transaction codes
• BI Analysis Authorization and reporting roles creation
• Resolved day to day security related issues
• Assigned transactions in roles as per business requirements and setting up authorization fields
• Transporting the change requests from the Development environment to Testing/QA environments
• Performed Unit testing for Developed Roles
• Working with BAs and end users to carry out thorough testing of the new Authorization setup in various platforms
• Created custom transaction Codes for restricting access to custom tables and programs
• Created Custom Transactions Code for tables and programs using SE93
• Performed reconciliation of user master record and roles using PFUD
• Worked on SU24 to maintain Check Indicators for the Transaction Codes
• Extensively used SUIM (User Information System) to pull various reports for audit monitoring
• Trouble shoot authorization errors using SU53 and ST01
• Exclusively worked with external audit teams & providing required details to external audit teams
• Provided clarifications and required information to external and internal audit teams
• Good knowledge of SOX, Audit issues and Segregation of Duties (SOD) issues
• Provided on call support on rotational basis

Environment: ECC 6.0 and BI 7.0

Confidential

SAP Security Consultant

Responsibilities:

• Live support for 27 European countries involving several components of SAP suite including SAP ECC, BI, SCM, Solution Manager and XI
• Implementing SAP Security like: Requirement gathering, Design, Development, and Maintenance of SAP ECC, BI, SCM, Solution Manager Roles
• Worked on User maintenance (User creation / lock/ unlock / password management) both in ABAP SAP and Portal Systems
• Created and modified Single roles, Composite roles and derived roles using the Automatic Profile Generator (PFCG) from the Role Matrices provided by the functional team
• Worked on security roll out projects for Brazil, Japan and Turkey regions
• Experienced on GRC 5.3 Super User Privilege Management configuration
• Mapping Fire Fighter ids to Controllers & Owners and assigning FFIDs to firefighter users
• Producing the FFID log reports on a weekly basis to review the FFID usage for the proper approvals and documentation
• Performed User & Role level risk analysis to identify existing SOD/SOX violations
• Creation and assignment of new Mitigation Controls to the users as and when needed
• Provided support on GRC 5.3 Compliant User Provisioning (CUP) which involves in processing CUP requests, forwarding to the secondary approver and importing roles to CUP along with the primary secondary role owners
• Helped in creating the security Password Reset utility which enables users to reset their SAP passwords
• Evaluate and implement various SOX and Audit related remediation actions for the various SAP environments
• Perform realization and authorization reviews for the various security related developments and changes in the Projects
• Handling various production support tickets through Solution Manager and Magic applications
• Providing Emergency user’s access to authorized users as per Confidential emergency user access process and maintaining the emergency user activities trace file, sm20 log, URF, etc.
• Used Transport Management System to perform transports and mass transports of roles
• Used RSECADMIN in BI for creating, maintaining and assigning Analysis Authorizations
• Took part in auditing by providing auditors required information accordingly documented and maintained SAP security roles and parameters
• Assisted in creating and maintaining security policies and procedures
• Modified Check Maintain flags in SU24 as needed
• Created Custom Transactions Code for tables and programs using SE93
• Effectively analyzed system trace (ST01) and SU53 screen shots and tracked missing authorizations for user access problems
• Worked extensively on User Information System (SUIM) and SM20 for audit purposes
• Was responsible for Service request and streamline request Escalation
• Ensured all service requests are managed and completed as per the SLAs
• Interacted with end user’s & functional consultants in resolving the tickets
• Followed the established standards and naming conventions as dictated for the Clients security schema

Environment: ECC 6.0, BI 7.0, SRM, XI and Solution Manager

Confidential

SAP Security Consultant

Responsibilities:

• Maintained users, such as creating/deleting users, assigning roles, locking/unlocking users, and changing passwords by using SU01
• Security role creation and modification using Profile Generator (PFCG) and transporting the roles to production using STMS
• Ensure all the roles created are being modified are not resulting in any SOD Conflicts
• Help and support business analysts in the process of role design, testing and implementation of new and/or changed roles
• Interacted with the Role owners and the business process owners for maintaining the correct restrictions on the Transaction codes and the activities within the Transaction codes
• Created custom transaction Codes for restricting access to custom tables, views and programs
• Created transaction variants for SE16 and SM30
• Implemented Line Authorizations to restrict records and transaction codes using the critical Authorization Object S TABU LIN
• Worked on critical authorization Objects like S TABU DIS, S DEVELOP and S TRANSPRT
• Performed reconciliation of user master record and roles using PFUD
• Performing periodical security tasks like deleting SAP access for inactive users, extracting user missing data activities
• Used report tree tool SUIM to analyze the users, transactions, roles and profiles
• Responsible for BI security in project life cycle using Analysis Authorization concept
• Liaison between technical and functional teams relating to SAP Security
• Security support for integration testing, user acceptance testing, and training efforts
• Production support for end users
• Implemented Central User Administration (CUA) within R/3 and BW system landscape
• Performed user administration activities in the CUA System landscape
• Troubleshoot CUA related issues
• Delinked/Linked child clients from CUA setup during client refreshes using the program RSDELCUA

Environment: ECC 6.0, BI 7.0 & Solman

Confidential

SAP Security Consultant

Responsibilities:

• Worked on User maintenance (User creation / lockdown / unlock / password management).
• SAP Security design and implementation for SAP modules
• Created and modified Single roles, Composite roles and derived roles using the Profile Generator (PFCG) from the Role Matrices provided by the functional team
• Transporting the change requests from the Development environment to Testing/QA environments.
• Setting up SAP system for auto log-out, password length and expiration and specifying impermissible passwords
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Set up Central User Administration (CUA)
• Created scripts for mass user creation and password reset
• Used RSECADMIN in BI for creating, maintaining and assigning Analysis Authorizations
• Defined Cut-Over/Go-Live and Post Go-Live tasks and processesfor BI and ECC security
• Recommend and Implement SAP Security Best practices
• Worked with table authorizations to control access to tables and created customtable authorization groupsand assigned to tables using transactionSE54
• Working closely with Audit team for user-role conflict removal in R/3 and BI
• Modified Check Maintain flags in SU24 as needed

Environment: ECC 6.0 and BI 7.0

Confidential

Software Engineer

Responsibilities:

• Maintaining the users in SAP such as creating/deleting users, assigning roles, locking/unlocking users, and changing passwords
• Provide the user required information using SUIM and SE16
• Tracing of User activities/authorizations using SU53 and ST01
• Created access for SAP support via service market place
• Performed risk analysis on the existing users & roles using GRC tool
• Created and assigned mitigation controls to monitor the SOD risks
• Resolved day to day security related issue
• 24*7 Monitoring Jobs using SM37 and TIDAL
• Analyze and rerun the failed jobs
• Report Basis team for any critical jobs failure
• Performed reconciliation of user master record and roles using PFUD

Environment: ECC 6.0