SUMMARY:

• Proven & result oriented Senior Sap Security consultant with 7+ years of solid Security experience in S/4 HANA, SAP Analytics Cloud, Fiori, SAP R/3 and Net weaver Technologies on Security and Authorizations with strong & deep understanding of information security practices, sap best practices and SOX Compliance tools like GRC12.
• Completed 2 Full Life Cycle implementations in sap security, 3 support and 2 Up - gradations.
• Experienced in working for Implementation, Go-Live, Post Go-Live, and Production Support projects.
• Extensive experience in Requirement gathering, Design, Development and Maintenance of SAP application security.
• Troubleshooting authorization issue by using STAUTHTRACE, SU53, ST01 and RSECADMIN Tcode.
• Experienced in handling the security workshops and being the focal point for major security issues.
• Designed and Implemented security for various modules like S/4 HANA202/1909, HANA database, FIORI, BI / BW, BO, SEM - BPS, FI, CO, MM, SD, PM, HR / HCM, CRM, SRM, EBP, APO, XI, PI, EHS, WM, PS etc.
• Amazing experience in designing and implementing portal security for HANA S4, FIORI, ECC, ESS, MSS, EC, ME, MII, BPC, BI, BO and Enterprise Portal (EP) etc.
• Experienced in GRC12&10.1 (ARA, EAM, ARM and BRM) and GRC 5.3 (RAR, SPM, ERM and CUP) end to end implementations and worked on support as well.
• Broad experience in maintaining Single, Composite, Master and Derived roles using Profile Generator (PFCG).
• Extensive experience in creating Dialog, Service, Background and Communication User id creation using SU01 and SU10.
• Experienced in Central User Administration (CUA) configuration, maintenance and troubleshooting. Experience in creating users and assigning roles through CUA.
• Experienced in both Role Based and Position Based security models.
• Experienced in development of Structural Authorization.
• Very good knowledge of producing and analyzing reports in SAP using SUIM and security related tables (AGR*, USR*, etc.) and customized Query reports.
• Developed LSMW and ECATT scripts for user id creation and role assignment.
• Worked on User/role remediation project for Sarbanes-Oxley Act (Section 404) using VIRSA / GRC System.
• Experienced in working with Internal and External Auditors and keeping the SAP systems audit compliant.
• Experience in writing SOX controls, SOX narratives, Technical Auditing process and Remediation process in highly demanding environments.
• Extensive experience with resolving ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
• Strong experience in SAP security Process Evaluation and advising client on sap best practices.
• Experienced in supporting more than 70,000 users and 40 SAP client systems.
• Ability to manage multiple tasks of production support and implementation projects.
• Experienced in adhering to the Change Management Process for transporting roles and tables, security objects and maintaining the change documents.
• Good understanding of Waterfall and AGILE Methodology.
• Great experience in User licensing, sap best practice and optimizing cost.
• Experienced in providing security authorizations to the client.
• Interfaced extensively with clients to gain insight and developed solutions to meet business needs across the entire SAP landscape.
• Strong organizational and communicational skills combined with an aptitude to work both as a team member as well as an individual with minimum supervision, good work ethics, quality service, and proven results.

TECHNICAL SKILLS:

• SAP Security Expert in S/4 HANA 2020, 1909 &1809, FIORI 7.55 & 6.0, HANA, BO, BI, BPC, ME, MII, PLM, ARIS, Solution Manager Security, Enterprise Portals, ASSET Mngt, APO, EC, EHS, ARIBA, Success Factors.
• R/3 Security (FICO, MM, PP, EHS, SD, PM, WM, SMP, CRM, APO, SRM etc.) on ECC6.00 and SMP (SAP Mobile Platform), SAP PORTAL.
• GRC Access Control 12& 10(ARA, EAM, ARM and BRM) and GRC Access Control 5.3 Tools (RAR, CUP, SPM and ERM) and SECURITY WEAVER.
• BI 7.0 & BO Security, HR Security, XI/PI Security, CRM Security, SRM Security and APO Security.
• SAP HANAS/4 Cloud and On-premises, SAP Fiori & Gateway, Sap Mobile, and ARIBA.
• Service now, REV-TRAK, AMP RIVA, Streams Serve, CONCUR.

PROFESSIONAL EXPERIENCE:

Confidential

Sr SAP Security Consultant

Responsibilities:

• Designed security for S/4 HANA 2020/1909, FIORI 7.55 and Security weaver.
• Prepared Strategy for Hana S4, SU25 Steps for upgrading security.
• Did Impact Analysis of HANA S4 on legacy ECC systems.
• Helped Project manager on creating project plan and task list.
• Worked with Sap to finalize the strategy and role analysis.
• Did Hana S4 POC (Proof of Concept) and represented to management.
• Analyzed legacy Security and identified Gaps.
• Recommended Sap Security Best practices.
• Analyzed and represented Vulnerabilities and risks to management.
• Analyzed GRC SOD matrix and submitted recommendations.
• Team Building, Knowledge sharing and Cross skill development.
• Upgraded/ Migrated/Implemented Sap Security from ECC to S/4 Hana in Sand box systems to validated Security.
• Re-designing security process, analyzing system security.
• Analyzing SOX controls, Identifying Gaps and recommending industry best practices.
• Troubleshooting authorization issue by using STAUTHTRACE, STUSERTRACE, STUSOBTRACE, SU53 and ST01 tcode.
• Implemented SAC (SAP Analytics Cloud) Security created Users, Teams and Roles in SAC (SAP Analytics Cloud).
• Developing Security roles, authorizations and analyzing, issues.
• Designing test cases, Test Strategy and test processes for Sap Security testing and Validation.
• Analyzing security tools to automate the processes.
• Validated Sap Security Design through lift and Shift from ECC to Hana S4, Using Single role, master& Derived roles.
• Prepared outline document listing security governance and Controls to be implemented to keep Sap security in excellent shape.
• Performed S/4 HANA & FIORI security design, build, test and cutover activities pertaining to security implementation of S/4 HANA.
• Built roles for General Ledger, Accounts Payable, Accounts Receivable, Asset Accounting, Electronic Bank Statement (EBS), Cost Center Accounting, Profit Center Accounting, & Internal Orders in S/4 HANA & FIORI.
• Designed and built security roles and authorizations for OTC (SD, MM, FI) and PTP (MM, FI) end to end business process, leveraging the latest S/4 HANA security.
• Designed and built security roles and authorizations for FIORI Launchpad, including OData services for the app, catalogs and groups.
• Performed security checks on backend S/4 and front-end FIORI app to appropriately add OData services and related authorizations for end users to access FIORI apps.
• Configured S/4 Hana authentication through OKTA.
• Built security roles for FIORI, leveraged transactional, factsheet and analytical apps in the FIORI role- based design based on business requirement in the task-based roles to access FIORI applications.
• Worked on trouble shooting SAP FIORI App configuration for IOS and Android devices.
• Did Complete Hana S4 assessment analysis at complete system level for ECC and MDG system.
• Created a list of tasks and approach in preparation for moving from ECC to S/4 HANA.
• Performed SU25 steps 2A, 2B, 2C and 2D for each system in effort of ECC to S/4 Implementation/ Migration.
• Using 2A and 2B step did comparison of authorization with Sap values and identified authorization which has been modified, updated, are new or are going to be deleted.
• Did Impact analysis for each system and prepared list of Risks and solutions.
• Identified Tcodes and Authorizations which are being replaced, Obsolete and getting impacted.
• Identified Single, Master and Derived roles which are getting impacted.
• Identified Greenfield Items and Fiori App which are coming in picture.
• Impact Analysis was presented in Pie-chart and bar chart form to management.
• Followed combination of Brownfield approach and Greenfield approach and configured Hana S4 security.
• Prepared list of transports containing security changes, validated and transported to Prod before go -live.
• Planned and executed SCPT & MDPT Project task lists.
• Created users, Teams and Roles in SAC (SAP Analytics Cloud)
• Created users in SAC according to licenses like Planner, admin etc.
• Created Teams as per requirements like Marketing, HR, and Planning etc.
• Created custom BI Content Viewer role with read only privileges.
• Created BI Content Creator role in SAC (SAP Analytics Cloud).
• Created custom BI Admin role BI Admin restricting permissions in SAC.
• Created SAC Teams, assigned roles to teams and users to teams in SAC.
• Worked on Maintaining MSMP Workflow and customizing workflow
• Maintained template for email communication and access request submission.
• Worked on Specific Settings for Provisioning and Managing Users.
• Worked on End User Personalization Forms.
• Worked on setting user request types and approvers in ARM.
• Configured Emergency Access Management-EAM GRC12 Common components.
• Maintained 4000 parameters for EAM in GRC12.1AC and Use Centralized EAM.
• Created Fire Fighter Ids in Child systems like ECC, SRM, and BW etc.
• Created Fire Fighter Controller and owners in EAM system and assigned Controller role and owner Role.
• Assigned Fire Fighter Ids to fire fighter users. Tested functionality.
• Maintained reason code and email template for sending logs approval email.
• Trained user EAM and prepared material.
• Trained Fire Fighter Controller and Fire Fighter Owners on how to audit logs and approve them.
• Tested log reports with Transaction logs, Session logs and change logs.
• Did SOD analysis at System level and Role level, Identified risks and Violation.
• Analyzed SOD matric and identified GAPS and reported to management.
• Identified Security Violation in the system and recommended solutions.
• Recommended Security controls to be updated and Security policies to be re-visited.
• Identified Sap Security mal practices, Highlighted the impact and recommended solutions and industry best practices.
• Identified steps which were missed from last 10+ years and performed those SU25 steps during POC.
• Recommended SAP Security Patch management, Early watch reports and Security Parameter report review.
• Identified huge gap for custom tcodes and recommended, Auth check statement and SU24 update for Custom tcodes.
• Identified Sap Security Areas where process can be automated.
• Developed custom programs for Security team to gain effectiveness and efficiently.
• Recommended and develop some sap scripts for large data processing on sap security side.
• SAP Security Controls & Governance: -
• Prepared sap Security Governance Plan and shared with management.
• List Sap Security controls which need to be implemented and should audited every quarter.
• Listed recommendations for internal and external auditors.
• Prepared high level future Sap security governance plan.

Confidential

Sr SAP Security Consultant

Responsibilities:

• Designing and implemented security for S/4 HANA 1909, FIORI 6.0, EHS, WORK MANGER, SAP MOBILE Platform and ARIBA.
• Implementing GRC 10.1(ARM, EAM & ARA).
• Upgraded/ Migrated/Implemented Sap Security from ECC to S/4 Hana.
• Designed and implemented security for BOBJ, CRM Security and Sap Sucessfactor.
• Re-designing security process, analyzing system security.
• Designing SOX controls
• Migrated security from PI to PO.
• Troubleshooting authorization issue by using STAUTHTRACE, SU53, ST01 and RSECADMIN tcode.
• Created Customized auth objects using tcode SU21 and field were created using tcode SU20 and were linked to tcode by using SU24.
• Creating OSS ids, S-user ids, Developer keys, Object keys Maintains Secure area at Sap Market Place.
• Resolving daily routine Support tickets.
• Worked on user license and Audit.
• Production Support, level 3 & 4 issues.
• Worked on daily production support security tickets of S/4, HANA, HANA, FIORI, SD, MM, WM, FI, HR, PM, BW/BI, EC, MII, EHSM portal and ECC portal. Defined SLA’s for tickets.
• Troubleshooted daily authorization issues. Gathered requirement and designed new End user, Batch user and CPIC user roles.
• Followed Bluefield approach and implemented S/4 HANA, which is combination of Brownfield approach and Greenfield approach.
• Did assessment for ECC to S/4 Hana implementation and finalized strategy for Security migration and implementation.
• Did Impact analysis for each system and prepared list of Impacts, Risks and solutions.
• Created a list of tasks and approach in preparation for moving from ECC to S/4 HANA.
• Performed SU25 steps 2A, 2B, 2C and 2D for each system in effort of ECC to S/4 Implementation/ Migration.
• Using 2A and 2B step did comparison of authorization with Sap values and identified authorization which has been modified, updated, are new or are going to be deleted.
• Prepared list of Actions / tcodes which are obsolete and will no longer be available.
• Prepared list of roles which are impacted and need to be re-designed or remediate according ECC to S/4 migration.
• Prepared list of transports containing security changes, validated and transported to Prod before go -live.
• Designed and implemented Hana S/4 roles and assigned to users.
• Created Users on Hana S/4 cockpit side and granted access to analytical users.
• Prepared, Implemented and executed post go-live steps for ECC to S/4 Hana Implementation.
• Planned and executed go-live of 34000 Users Hana S/4 Migration.
• Addressed Stabilization phase issues and successfully supported post go-live phase of S/4 Hana implementation.
• Worked on HANA studio and Cockpit, helped migrating ECC system to HANA database.
• Created Hana roles using system Privileges, Object Privileges, Analytic Privileges and Package Privileges
• Implemented password policies on Hana system.
• Configured SAML authentication.
• Created End users, Data modelling and Developer users in HANA cockpit.
• Created Hana roles for Developers and Data Modelers and End Users.
• Created Hana roles for different scenarios Accessing Hana data through BO, Accessing Hana through Smart Data.
• Built Security roles in HANA database for schema ID’s granting Object Privileges, System Privileges and Analytical Privileges to the roles in Repository mode.
• Trouble shooting auth issue using TRACE functionality of HANA cockpit. Assigned access on object level like view e.g. Analytical view, Calculation view etc.
• Worked on defining audit controls for quarterly and annual audit. Provided reports to auditors and discussed security policies.
• Worked on user licensing and ran USSM report, corrected user licensing, redefined sap contract and negotiated. with sap on user licensing.

Confidential

Sr Sap Security Consultant

Responsibilities:

• Production Support, Sox Analysis, Re-Designing Security, Fixing Defects.
• Troubleshooting authorization issue by using SU53, ST01 and RSECADMIN tcode. Did Role remediation and designing for ECC roles.
• Worked on Leak survey project, Material Traceability Project, AMBBS, EDGIS project.
• Worked on GRC10 AC (Access Risk Analysis - ARA, Emergency Access Management - EAM, Access Request Management - ARM, Business Risk Management - BRM)
• Created roles for sap modules like SD, MM, WM, FI, HR, PM, BW/BI etc. according to business requirements using tcode PFCG.
• Created Customized auth objects using tcode SU21 and field were created using tcode SU20 and were linked to tcode by using SU24.
• Created Auth Groups in SE54 maintained table TDDAT and assigned the auth group to a table. To maintain the security and access to critical tables.
• Designed security for SMP (SAP Mobile Platform), MII, EHSM (Employee Health and Safety, EC (Environmental Compliance) etc.
• Open connections for sap and raising messages for sap for issues.
• Creating OSS ids, S-user ids, Developer keys, Object keys Maintains Secure area at Sap Market Place.
• Resolving daily routine Support tickets.
• Worked on user licenses and saved 2 million dollars by correcting license.
• Worked on daily production support security tickets of SD, MM, WM, FI, HR, PM, BW/BI, EC, MII, EHSM portal and ECC portal. Defined SLA’s for tickets. Troubleshooted daily authorization issues.
• Gathered requirement and designed new End user, Batch user and CPIC user roles.
• Worked on gathering requirement and redesigned roles for SD, MM, WM, FI, HR and PM module on the basis of tcode usage by business. Designed new roles according to business tcode usage and remediated old roles for critical and sensitive authorization objects and tcodes. The objective was to lower down the no of SOD violations and mitigation controls. Cleaned up BI/BW roles for HR info cubes and Info areas.
• Activated BC sets for AC10 using Tcode SCPR20.
• Activated Services for GRC10 .1 AC using Tcode SICF.
• Created CONNECTORS and connected child systems like ECC, SRM and BW.
• Maintained 1000 Parameters for ARA.
• Set up background jobs for Role, authorization and profile sync.
• Configured and Maintained GRC Rule Set and customized ruleset. Created local and Global rule set according to client requirement.
• Created risk ids and defined High, Medium and Low risks.
• Created Mitigation controls and assigned mitigation controls to controllers and owners for monitoring.
• Tested SOD report at user level, Action level and permission level.
• Configured sensitive tcodes and power fulauth objects.
• Used ARA to Determine and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID. This powerful feature effectively eliminates new risks being introduced to production environment.
• Used ARAto easily create, maintain, and manage Risks used to generate Rule set.
• Gathered requirements and designed sap security roles for MT, AMBBS, EDGIS and LS projects. These projects used SAP ECC and SAP mobile plate form. It was Integration of Sap with IPad and Android tablets using SYCLO.
• Designed role for Mobile (like Field tech) and non-mobile user (like surveyor, asset strategist, Supervisor etc.
• Designed and implemented portal roles and portal groups for MII (SAP Manufacturing Intelligence Integration), EC and EHSM (SAP Environment, Health, and Safety Management) and EC (SAP Environmental Compliance 3.0)
• After pilot Go-live these systems were migrated to LDAP from UME data base.
• Worked with external and internal auditor on providing SOX evidences for each SAP and GRC control.
• Worked on writing SOX controls and narratives.
• Worked on defining new process to remediate SOX deficiencies.