We provide IT Staff Augmentation Services!

Sap Security/grc Consultant Resume

0/5 (Submit Your Rating)

Houston, TX


  • Over 7+ YEARS of SAP SECURITY & GRC Expertise with strong technical and functional background.
  • Well experienced with SAP Security Lifecycles (Analysis, Conception, Implementation, Upgrade, Quality Assurance, Support, and Redesign& Cutover).
  • Worked on a full life cycle implementations of SAP Security projects from design phase to post implementation phase in SAP Security Realm.
  • Experience with SAP R/3 & ECC security configuration, design, development, testing and implementation. Also worked on Projects which involves mostly production support.
  • Experience with SAP Application Security development and administration R/3 environment for the following modules: FI, CO, MM, PP, SD. Good knowledge of CRM business process, enterprise portals, and exposed to the new dimensional products.
  • Mitigation & Remediation of Segregation of Duties Risks (SOD) using GRC & Approval/Bizrights.
  • Working knowledge in analyzing and processing SOD and SOX issues within SAP implementation using the GRC 5.3 and GRC 10.1 access control tools such as ARA,ARM,EAM,BRM.
  • Expertise with the BI Analysis Authorization (RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems.
  • Extensively worked with Profile Generator (PFCG), Role creation (single, composite and derived roles) modifications and User Administration by using SU01.
  • Experience in writing eCATT scripts for mass changes in the system.
  • Used Central User Administration (CUA)to handle User Administration/maintenance activities like setting up userids, assigning roles, and resetting password, locking/unlocking users (SU01, SU10, SCUA, and SCUL).
  • Solving user access issues using SUIM, SU53andAuthorization trace using ST01.Worked extensively on Authorization Groups and Customized Transaction Codes. Critical programs were restricted by controlling authorization object S PROGRAM through SE38 and SA38.
  • Proficiency in Creating OSS id and Authorization, Registering developers for Developer/Object Keys access. Raising OSS for SAP for support. Performed roles transport throughout landscape.
  • Created the roles, authorizations, and administered User Master Data as per the Client SAP Controls & SOP (Standard Operating Procedures) documentation as required by the Audit. Conducted end user security training for clients.
  • Experience in creating technical documentation and training manuals.
  • Monitoring the status of Background jobs, Work Process, health checks, analyze system logs.
  • Ability to work effectively in cross - functional team environments and experience of providing training to business users. Assemble the appropriate processes, Components and capabilities to address enterprise security requirement for sap security and audit compliance.
  • Excellent problem solving skills, team player with excellent communicational skill.


SAP Packages: ERP ECC 6.0, SAP R/3 4.0-4.7, GRC 10/5.3, BI 7.0, BW 3x and BO 4.0, CRM 7.0/6.0, SRM, XI/ PI 7.1.

Languages: C, C++, Java, HTML, XML.

Databases: MS Access, DB2, Oracle, MS SQL Server.

Operating Systems: Windows 8/8.1, Windows 7/Vista/XP/2000/98.

Office Tools: Microsoft Office(Word/Excel/PowerPoint/Access)


Confidential, Houston, TX

SAP Security/GRC Consultant

Environment: ECC 6.0, GRC 10.1, BI/BW 7.0, Solution Manager 7.0.,HANA


  • Responsible for all aspects of SAP ECC Security Administration tasks including Coordinating and interacting with business, technical and functional consultants for gathering SAP Security requirements, Design/develop role, User Administration, transport roles/authorization, testing, setup security system parameter, generating analysis reports, troubleshoot authorization error and create/maintain SAP Security process documents for SAP systems.
  • Designed, developed and maintained Master and Derived roles and Secured roles by Organizational levels such as Company Code, Plant, Cost Center, Profit Center, Purchasing Organization etc.
  • Used SAP Security transactions - PFCG, SU24, PFUD, SUPC, SUIM, SU53, SU56, ST01, SE09/SE10, RZ10, and SE16.User Administration/Maintenance: Creating users, assigning roles to users, resetting password, locking and unlocking users (SU01, SU10) in all SAP systems.
  • Used ECATT scripts for creating mass users, deleting mass users, assigning roles to users, locking and unlocking mass users etc.
  • Troubleshoot ECC security problem by using different scenario such as system trace (ST01), parameter change, buffer reset, SU53, and SU56 in order to find security problem.
  • Imported and maintained startup/default/instance profiles (RZ10).
  • Troubleshoot user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug or troubleshoot authorization error, resolving the issue by giving required authorizations in SAP modules.
  • Designed and assigned roles and profiles for Solution Manager 7.0.
  • Maintained authorizations for various Solution Manager 7.0 profiles (Implementation, Distribution, Change Request Management, Monitoring, and Reporting).
  • Worked on BI 7.0 Security (Business Intelligence) and provided access to users to make better business decisions. Configured and maintained Info Area, Info Cube and ODS. Queries and Reporting authorizations in BW.
  • Integrated data from across the enterprise. Created and managed Security roles for BI.
  • Continuously improved security configuration to reflect best practices and prepare for system audits. Tested and implemented security recommendations given by SAP audit team. SAP GRC Access Controls 10.1 (ARA, ARM, EAM and BRM):
  • Responsible for design, develop, test and implementation of Access Controls capabilities.
  • Responsible for review, validate the SAP system landscape for Access Controls capabilities i.e. ARA, ARM, EAM and BRM.
  • Responsible for gathering the requirements for complete GRC Access Controls capabilities.
  • Responsible for support pack upgrades from lower to higher for open technical issues if require.
  • Responsible for GRC Access Controls 10.0 configuration and DEMO for BPOs, Key Stake Holders, super users etc. Has good understanding of key enhancements and its configuration that has been incorporated in SAP GRC AC 10.1.
  • Responsible for validation of requirements to convert technical into Access Controls capabilities. Assisted Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls. Complete overall support includes design and implementation for all Security needs for all user ID admin and Role builds for SOX compliance.
  • Performed SAP HANA migration from Oracle DB toHANADB using DMO.
  • Configured and executed SAP HANA Replication.
  • Administered SAP HANA systems and SAP HANA security.

Confidential, Kalamazoo, Michigan

SAP Security/GRC Consultant

Environment: ECC 6.0, GRC 10.1, Solution manage 7.1


  • Analyzing and evaluating the technical security requirements for SAP R/3 Security.
  • Ensure role-building follows business guidelines, and adhere to the controls requirement set forth by the internal audit/controls teams.
  • Analyzed all customer programs and transaction codes for authority checks.
  • Used SAP Security transactions - PFCG, SU24, PFUD, SUPC, SUIM, SU53, SU56, ST01, SE09/SE10, RZ10, and SE16.
  • Worked on SAP Check Indicator Defaults, Field values, and maintained check indicators for Transaction codes using (SU24).
  • Created new user accounts and role assignments to groups.
  • Communication and interaction with all functional team members such as FI, SD and BA for gathering the requirements and Dealt with the ABAP developers about the requirements.
  • Worked directly with clients in meeting their specific needs in customizing and addressing any securityconcerns.
  • Created Roles and Modified the Existing roles according to the Business Requirements.
  • Experience in Running Role simulation in Access Control in GRC and finding Risks. worked with GRC team for mitigating the risks.
  • Involved with creation and maintenance of activity groups and custom authorization objects.
  • Implemented Info object level BW security and created BW security Authorizations using RSSM transaction.
  • Created test ids for team members for testing.
  • Trouble shooting issues using SU53 were corrected and addressed.
  • Performed transfers, using Solution Manager ChaRM.
  • Performed End to End Testing.
  • Worked on documenting roles in roles database and updated database history of roles.
  • Did Documentation for all Role changes and activities performed.

Confidential, St. Louis, MO

SAP Security/GRC Consultant

Environment: ECC 6.0, BI/BW 7.0, GRC 10.


  • Designing, writing and implementing security related standard procedures for the user administration, roles and profile generation.
  • Security design & support for ECC 6.0, BI 7.0,GRC 10.0
  • Identified & Built Functional controls in each business process with the help of audit team.
  • Create single role, composite role and derived role as per organizational structure in both ECC and BW/BI systems using PFCG. User maintenance on day-to-day basis and role maintenance on requirement basis.
  • Set up security roles and user accounts for over a thousand End Users for primary Go Live.
  • Checked the roles used by users using table AGR USERS and to check transactions belong to which role using AGR TCODES. Analyzed all customer programs and transaction codes for authority checks. Worked on SAP Check Indicator Defaults, Field values, and maintained check indicators for Transaction codes using (SU24).
  • Used Central User Administration (CUA) using SCUM and SCUL to set up over thousand SAP users and created eCATT scripts for mass user.
  • Trouble shooting - Identifying the missing authorizations using SU53transaction/ST01 trace and maintaining them in suitable role and SU56 in order to find security problem.
  • Tested Accounts Payable, Accounts Receivable, Sales & Distribution modules related business functions including Unit Testing, UAT, Security Enhancements. Trouble shooting performance issues and adjustment of SAP profiles. Raised role change requests in Solution manager system. Solved the portal related authorization issues.
  • Worked with the Business Process Owners to restrict sensitive transactions and security authorizations, and ensured segregation of duties across business areas.
  • Analyze user related information including roles and profiles, by utilizing transaction SUIM.
  • Perform License cleanup activities in over 20 systems and has good knowledge on License administration in SAP.
  • Worked on critical authorization objects like S TABU DIS, S DEVELOP, S RZL ADM, S ADMI FCD . Extensively used tables like AGR* and USR*.
  • Maintain OSS user Ids, providing developer Keys, object access keys, and maintain service connections in SAP service market place. Working knowledge in analyzing and processing Segregation of Duties (SOD) and Sarbanes-Oxley section (SOX) issues using the GRC 10.0.
  • Implemented Analysis authorizations (RSECADMIN) for BI/BO security
  • Designed and documented security administration policies and procedure for the production environment.

Confidential, Harrington Park, New Jersey

SAP Security Consultant

Environment: ECC 6.0, BI/BW 7.0, HCM


  • Responsible for Security Configuration, testing, and overall project support up to go live.
  • Involved in revamping of security spec design, development & testing protocol design.
  • Worked on Users & Security, including T-Codes like:SU01, PFCG, PFUD, SCAT, ST01, SUIM, SUPC, SU24, SU53, and SU56.
  • Developed authorization profiles forFI, CO, SD, MMin Development, Test and Production environments.
  • Transported Profiles to Test environment and carried out Level-Zero testing.
  • AdministeredUsers, Authorization Data and Authorization Profiles.
  • Trouble-shoot authorization problems using Repository Information System and tracing authorizations usingSU53, SU24 and ST01.
  • Created and Maintained Users.
  • Carried performance tuning inHR Structural Profiles.
  • Provided support for work book access hierarchies and node level access, Comprehensive knowledge exchange and documentation of security including Profile Generator, Day to day technical supportand resolution of security issues.
  • Maintenance ofHR-Organizationalstructures, assignments (positions, roles).
  • Modification of the User access based on the requirements based on SU53 transaction snapshot after seeking the Managers approval.
  • Creation and Maintenance ofactivity groupsandcustom authorization objects.
  • Creating BW roles and restricting them inQueries, Info Cube, Info Area levels.
  • Worked with different objects related toBW/SEM administrator workbench(S RS ADMWB, S RS IOBJ, and S RS ISOUR).
  • Secured Reporting users by configuring roles and authorization objects.
  • Identified all the org level info objects and confirmed they are Authorization relevant.
  • In BI security created roles andanalysis authorizationbased on the Info Cube and Info Area level.
  • Documented the SAP Security Strategies.

Confidential, Raleigh, NC

SAP Security/GRC Consultant

Environment: ECC 6.0, APO, BI/BW 7.0, GRC 5.3.


  • Extensively worked on User Administration functions such as creating deleting and maintaining Users.
  • Unlock users and reset passwords for the data team members.
  • Designed SOX IT controls to ensure proper SAP security controls are in place that meets all specified audit guide lines.
  • Analyzed FIRECALL Id access in relation to SOX audit and generated change documents and remedy ticket reports.
  • Extensively worked with GRC Compliance Calibrator tool to ensure SOD.
  • Worked extensively on all three landscapes in transporting roles (ECC, APO, BW)
  • Created test ids and test roles for Data team members for testing.
  • Worked extensively on Mass user management after the mock cut over on every production client.
  • Generated a series of Documentation for all Role changes and activities performed.
  • Helped generating sufficient rights and roles for Solution Manager and assign to user for the creation of RFC connections between systems to talk to each other.
  • Communication and interaction with all functional team members such as FI, SD, MM, BW and SEM.
  • Unit testing on single, derived and composite roles.
  • Worked on documenting roles in roles database and update database history of roles.

Confidential, Yonkers, NY

SAP Security Analyst

Environment: ECC 6.0, R/3, 4.7, Bi/BW, CRM, Approva/Bizrights 4.0.


  • Supported the Security Team with best practices on post-upgrade activities related to authorizations assignments to users from SAP R/3 4.7 to ECC 6.0 by using the upgrade tool tcode SU25 and Authorization checks.
  • Closely worked with the Functional, Basis and ABAP Staff for the implementation of special business modifications and SAP enhancements as part of upgrade to ECC.
  • Assisted in identifying gaps in security administration processes and procedures as well as areas for significant improvement, optimization and automation during upgrade.
  • Analyzed and understand existing SAP security environment and designed business requirements to upgrade from SAP R/3 4.7 to ECC 6.0.
  • Identified and fixed the manual changes in SU24 for specific transactions.
  • Involved in remediation of existing IT security processes and SOD issues
  • Technical support for the SAP Process Integration Group (SPI), EMD Process Owners.
  • Designed roles with allowable authorization objects and field values, audit guidelines and non-SOD conflicts
  • Generated Bizright violation reports both critical and SOD as part of UAT testing and monitored for PWC risk and control ID’s.
  • Generated reports as part of SOX task using SUIM reports from R/3, BW, CRM systems.
  • Transported roles to DEV and QA environments as per the Change management process.
  • Deployed users in production systems as per the User Add-Delete request forms maintaining parameter, reference user values and user groups.
  • Identified fixes for production issues related to security and tested them in DEV and QA for transport to PROD environments.
  • Created tickets and documented issues using Remedy application.
  • Tested extensively the customized Z transactions for functionality and documented the manual authorization objects and field values required as per security guidelines.
  • Recommended a matrix with role definitions that relate to the company functional.


SAP Security Analyst

Environment: SAP ECC 6.0, GRC 5.3.


  • Worked in Support and implementation part of the project
  • User administration: setting up User IDs, assigning roles, resetting password, locking/unlocking users.
  • Upgraded from GRC 5.2 to 5.3 Version
  • Analyzed/ updated roles to resolve Authorization issues in ECC 6.0 after careful analysis as per system trace (ST01), authority check (SU53) and checks in ABAP code (SE38)
  • Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24
  • Worked in creating Background jobs using ABAP help (SUPC/PFUD)
  • Designed, Developed and maintained Single roles, Composite roles, Master and Derived roles and Secured roles by Organizational levels for different modules in SAP
  • Worked with the ST01 tracing and analyzing the trace records for the user in the process of trouble shooting
  • Make sure that the authorization groups for all the required tables have been maintained in TDDAT table using SE54 transaction.
  • Experience managing and maintaining USOBT C and USOBX C tables by using SU24/SU25
  • Design, develop and Activation of Rule Sets in GRC Security
  • Scheduling Background Jobs for Synchronization and Risk Analysis
  • Performed Real Time Risk assessment
  • Perform Role and User Level SOD analysis for sensitive access
  • Create/Maintenance and documentation of Mitigation Control
  • Analyzed users and roles through GRC 5.3 Risk Analysis and Remediation (RAR) tool by running SOD reports in Transaction and Authorization level, and provisioning/de-provisioning roles for user access using Compliant User Provisioning (CUP).


SAP Security Administrator

Environment: SAP ECC5.0,BW.


  • Tested customized Z transactions for functionality and added manually the authorization objects and field values required as per security guidelines
  • Identified and fixed the manual changes in SU24 for specific transactions
  • Set up the Profile Generator to create authorization profiles (PFCG)
  • Created and modified roles by using Profile Generator and assigned them to users and organizational units (PFCG)
  • Analyzed user's outputs and corrected security deficiencies (SU53 & SU56)
  • Locked all the critical transactions (SM01)
  • Unlock users and reset passwords for the data team members.
  • Coordinated in completing the SAP security audit requirements checklist.
  • Documentation of lessons learned and coaching opportunities for successive delivery launches.

We'd love your feedback!