SUMMARY

• Over 12 Years of professional experience as SAP Security/GRC Consultant with strong Administration, Design, Development, Configuration and Management skills.
• Specialist in maintaining Security for the SAP products such as Enterprise Resource Plan (ERP), Business Warehouse (BW), Enterprise Portals (EP), Process Integration(PI), TREX, Customer Relationship Management (CRM), SCM Advanced Planner and Optimizer (APO) & Supplier Relation Management (SRM).
• Expert with User Maintenance Profile generator, Central User Administrator, Structural Authorizations in R/3 System.
• Subject Matter Expert for GRC 10 Implementation & GRC Upgrades from 5.2/5.3 to 10.0, 10.1 and exhibit full technical competence.
• Strong configuration and analysis experience in using Profile Generator in SAP Security Administration.
• Remarkable experience with CATT scripts for Mass User Maintenance and Role Assignments.
• Lead various Auditing procedures implemented across the industry including practical experience with SOX.
• Solid experience with Access Controls and RSA Archer Risk Management.
• Extensively worked with Sarbanes Oxley (SOX) Compliance - Strategy management related to SAP business processes, transactions, control infrastructure, financial reporting process.
• Knowledge of core Information Security concepts related to Governance, Risk & Compliance Strong analytical / problem solving skills.
• As Security Lead, worked on SoD Analysis, Sensitive Transactions Analysis, SAP development (includes ABAP), SAP modules( FI,HR,BW,PI,TREX & Portals), NWBC, SAPGUI & Transport Management System.
• GRC Lead and Architect level experience in all components of GRC suite (RAR, SPM, AC & ERM), Redesigning Roles, Profile creation, modifications, User Administration, Authorization objects, User reconciliation, Problem analysis, CATT Functionality and Custom authorization checks.
• Very Strong in BI/BW Security, Info cubes, Query based authorizations, Troubleshooting BW/BI Issues using RSSM and RSSMTRACE.
• Hands on experience in Authentication and Security design for SAP ERP, BPC, SCM, CRM, SRM, PI, Solution Manager, Portals and BI.
• Implementation experience in Single Sign On (SSO) and also using SAP Logon Tickets.
• Good communication and documentation skills, proven ability towork on multiple tasks concurrently completing them with in time and budget.

TECHNICAL SKILLS

SAP Skills: SAP Security Administration, FI, CO, HR, BW, Portal, XI/PI, GRC AC 5.2/5.3/10.0, Virsa Tool

SAP Version: SAP R/3 ECC 6.0, 5.0, 4.7, 4.6C, BW 3.5, BI 7.0, 7.3, CRM 7.0, SRM 7.0, EP 7.0,7.3, PI 7.1, 7.3, Solman 7.0, 7.1

SAP Specialization: SAP R/3 Security, CUA, Data migration, Authorization, Transport, SOD, Profile Generator

Languages: Java, SQL, ABAP, XML, HTML, XSLT

Operating Systems: Linux (Red Hat, SUSE), UNIX (Sun Solaris, IBM AIX, HP-UX), Windows Server ( 2000/2003/2008 )i

Databases: Oracle 9, 10g, DB2 9.5, 9.7, MS SQL Server 2005/2008

Other Tools: FTP, HTTP, HTTPS, VMWARE, Visio

PROFESSIONAL EXPERIENCE

Confidential, Cincinnati, OH

SAP Security / GRC Technical Lead

Responsibilities:

• Lead Confidential Security Onshore and Offshore Teams in Design, Architecture, Develop and Deploy for Roles in ERP, PI, Portal and Solution Manager based on Security Viewer.
• Manage resource planning, project estimation for SAP security projects.
• Worked closely with Business Process lead, Functional teams and other Technical teams to collected the requirements during the global project implementation.
• User administration (SU01, SU10,eCATT and Solution Manager): setting up User IDs, assigning roles Resetting password locking/unlocking users, creation of Multiple R/3 User IDs using eCATT.
• Help Technical/Functional teams in moving Transports on demand and involve in Client Copies/System Refreshes and OSS Notes.
• Maintain SAP Security in terms of Creating Users, Setting Profiles, Creating Roles, Assigning Profiles, Assigning roles and scheduling Security jobs,
• Accomplish Risk Analysis and Implemented Mitigation Controls as per SOD/ SoX controls required by compliance team.
• Developed eCatt (SECATT) Scripts for Mass User creation and change tasks
• Comprehensive use of PFCG, SU01, SU10, SU24 and all SAP Security related tables.
• Per company's SOD Risk Matrix, all the roles have been done SOD checks at both role level and user level using GRC ARA and also implemented mitigation control.
• Develop and Change existing roles, removing and adding Transaction Codes and Authorization to resolve critical access and SOD conflicts in the system.
• Troubleshoot security/authorization related problems using user information system (SUIM) and Display Authorization Data (SU53).
• Authorization groups and tables trace from applications technical data and SE16. Maintenance of ARA, ARM, EAM and BRM configuration parameters through SPRO.
• Provide 24/7 On Call Weekend Security Support and after golive Hyper Care Support to Business Teams.
• SAP Security Support for User Master Records Maintenance; maintain Authorizations Group/Profiles/Roles and Re-assigning Roles/Profiles to users.
• Execute security reports for critical transactions and objects and monitor the user logs.

Confidential, San Francisco, CA

SAP Security/GRC Architect

Responsibilities:

• Develop Security Plan for NW SSO 2.0 with Keberos Implementation and draw architectural diagrams
• Worked on Cross system SOD rules creations and updating the ruleset in GRC10.
• Created critical T-codes functions and risk IDs in GRC rulesets.
• Create and maintaining FF IDs and Assignment of FF ids
• Redesign, implement, and support security processes in an ERP environment, including new implementations, role redesign, or client’s ERP security environment
• Develop and implement Security Work stream plan for GRC 10.1 Upgrade.

Confidential, Dallas, TX

Worked as a SAP Security /GRC Lead

Responsibilities:

• Accountable for all GRC Security and focal point for GRC 10.0 to GRC 10.1 Upgrade.
• Lead HP Security team for Confidential Project from Security Redesign and Role Assignments from
• Perform GRC Role Subject Matter specialist including the ability to provide in-depth application support to internal/external project team members.
• Hands on the SAP GRC migration from 5.3 to 10.0 versions.
• Redesign, implement, and support security processes in an ERP environment, including new implementations, role redesign, or client’s ERP security environment
• Involved in updating SNC parameter to enable SSO for all SAP and Non SAP system.
• Troubleshoot R/3 security problem by effectively analysing trace files using ST01 and authorizations
• For users (SU53) and tracked missed authorizations for user's access problems and inserted missing authorizations manually in order to analyze security problem
• Develop and implement Security Work stream plan for GRC 10.1 Upgrade. Work closely with Functional and Basis team for SAP Outages.
• Help and Support Day to Day to GRC/Security Technical Issues and Approval Requests.
• Conduct Security Audit trails for SAP Security and GRC systems.
• Responsible for all GRC Security User Access Requests, Role Development and SOD.
• Provide 24/7 SAP Security Support in Cutover, Release and SAP Go-lives.

Environment: ERP 6.0 Ehp6, GRC 10, GRC 10.1, PI 7.3, Solution Manager 7.1, NetWeaver Gateway 7.1, HP Quality Center, LDAP, Linux and Oracle 11g.

Confidential, TX

SAP Security /GRC Lead

Responsibilities:

• Perform GRC 5.3 to GRC AC 10.0 SPS 11 Upgrade (Emergency Access (EAM), Access Risk Analysis (ARA)
• Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations.Risk
• Conduct GRC Business Role and functionally driven Mapped & Default role concept delivered.
• Using RAR produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
• Configured distribution list in Access Control, by creating an LDAP connector, created distribution group and add DL group to DL Approvers.
• Creating and assign FireFigher ID’s requests upon approvals and extract FF logs.
• Set up role creation methodology, condition group and role approvers using ERM.
• Document design specifications, installation instructions, configuration manuals, procedure manuals, and other system-related information.
• Daily monitor GRC jobs to run effectively & efficiently, for example nightly management Risk Analysis reporting.
• Work in conjunction with Basis team to address any database or performance issues for Access Controls 10.
• Responsible for gathering User requirements and implement SAP ERP Ehp6 6.0 security authorizations.
• Develop and prepare SAP roles and define jobs by coordinating with functional project team members.
• Work with business owners to define the authorizations needed for users.
• Creating the Developer Keys for the developers and OSS ID’s for SAP Users from SAP Service Place and extending their Validity for OSS notes.
• Assist Security team in Re-designing of SAP Security roles, identifying SOD’s, building SOD Matrix and in creating new SAP Security Roles.
• Set-up SAP authorization profiles and roles that represent the different end users job definitions.
• Effectively analyzed trace files and tracked missed authorizations for user’s access problems and inserted missing authorizations manually.
• Used SU24 to maintain Check Indicator Defaults and Field values, reduced the scope of Authorization checks.
• Built Analysis Authorizations using the transaction RSECADMIN.
• Build and tested BPC roles and provide Security appropriate authorizations to the team.
• Setup security at the Info objects level (field-level security).
• Created Custom Reporting Authorization Objects using transactionRSSM.
• Linked the Custom Authorization Object to the Info provider
• Created roles restricting access toInfo cubes,ODS objects, specificqueriesandworkbooks.
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Troubleshoot authorizations related problems using RSECADMIN
• Build security and successful testing of various objects related to Dashboard.
• Worked with Dynamic actions and info type’s tables.
• Worked on Authorization Objects P ORGIN, P ABAP, P PERNR, P ORGXX etc.
• Assigned structural profiles to users using the program RHPROFL0
• Maintained authorization profiles using OOSP.
• Worked on NWBC and fixing Security related issues.
• Setup and maintain Organizational Structure including Organizational Units, Jobs, Positions, Cost Center assignments etc.
• Assigned tasks to positions and integrated all these into the enterprise organizational plan.
• Assigned the various organization units and positions to cost centers.
• Implemented Central User Administration (CUA) in ERP, SRM, SUS, CRM, PPM, BI, SolMan & PPM landscape.
• Performed user administration activities in the CUA System landscape
• Delinked/Linked child clients from CUA setup during client refreshes using the program RSDELCUA
• Ran reports for segregation of duties conflict between roles and users. Created documentation for process and controls.
• Download USOBT C and USOBT X tables for disaster recovery purpose and to identify customized check/check-maintained status and default maintained field values.
• Experience with configuration of Central User Administration (CUA) for single point of access control.
• Worked on Portal Security such as create iViews, Pages, Roles.
• Created distribution list users in LDAP and UME, assigned distribution list to Roles.
• Created Portal Scripts for uploading mass users, roles
• Created Packages in DEV for Portal Roles to move to Portal QA and Portal Production
• Created Users, Assigned Roles in UME Portal & distribution list of users in LDAP.
• Work with Basis for setting up of XML files in portal systems and validate LDAP authentication.
• Created, modified and assigned user authorizations and profiles to User ID’s.
• Help and support PI users setup and administer the communication channel locks.
• Specific role creation for PI integration and report publishing within BI.

Environment: ECC 6.0 EHP6, CRM 7.02, CUA, Solman 7.0, 7.1, SRM 7.02, TREX 7.3, GRC 5.3, 10.0, LDAP, EP 7.3 BI 7.0, 7.3, XML, XSLT, Sharepoint, Oracle 11g, AIX 5.3, 6.1

Confidential, IL

GRC / SAP Security Administrator

Responsibilities:

• Re-design and cleanup GRC AC, re-architect MSMP, BRF Plus, Approval Workflows.
• Provide technical expertise to SAP GRC 5.3 implementation with an enterprise-wide scope
• Develop prep-work of application of Support packs to bring up AC10 up to the latest SPS level.
• Complete re-work on Emergency Access (firefighter), Access Risk Analysis (RAR), Access Request
• Management (Access Enforcer) & Business Role Management (Role Manager).
• Design and deploy custom GRC reporting based on business requirements.
• Assist with technical deployment of SAP GRC Access Controls/Process Controls 10 for future Rollouts.
• Configure Access Control on Development and QAS systems that was deferred during the Ramp-up
• Implementation by the customer when upgrading from GRC 5.1
• Analyze Access Risk Analysis reports and suggest fixes and perform system configuration changes to resolve system dumps and other system level errors.
• Worked on SU10 to perform mass operations.
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Worked closely with Audit team for SAP Security Audit and generated Audit Information Systems (AIS) logs (SM19,SM20 and SM18)
• Managed and maintained USOBT C and USOBX C tables by using SU24 /SU25
• Create and maintained custom transactions by using SE93.
• Created User Groups by using transaction code SUGR.
• Fix the bugs related to roles and authorizations in order to build security in R/3
• Managing Standard and Custom Authorization Object.
• Transport Roles using the change request method and also the Download/Upload method for transporting the roles to systems not in the transport landscape.
• Transported the generated roles and profiles using SCC1 and SE09/SE10.
• Worked on creating users and transporting roles.
• Created transport packages to move roles from development portals to other systems in the landscape
• Performed user administration activities such as creating user ids, copying user ids, assigning roles & groups.
• Created groups and assigned roles to groups.
• Documented old and new roles and created Security Matrix for tracking user’s access.
• Created Analysis Authorizations to compensate for deactivated objects such as S RS ICUBE, S RS ODSO etc.
• Built Analysis Authorizations using the transaction RSECADMIN.
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Troubleshoot authorizations related problems using RSECADMIN
• Created and loaded profiles as per the requirement from the Cube DSO’s
• Involved in BAT, UAT and GO-LIVE activities.
• Worked with the Business Objects team to create authorizations for the financial reporting.
• Involved in testing crystal reports, live office connections/bindings and X-Celsius reports for the dashboard.
• Worked closely with business teams to fix authorization on Business Objects, Advanced Analysis & Dashboard.
• Build and maintained BW hierarchies as per requirement for various dimensions.
• Build security and successful testing of various objects related to Dashboard.

Environment: ECC 6.0, GRC 5.2,5.3,10.0, BI 7.0, BOBJ 3.0, PI 7.0, EP 7.0, Solman 7.0, Oracle 9,10 & AIX 5.1

Confidential, IL

Lead SAP Security Administrator /GRC Subject Matter Expert

Responsibilities:

• Provided SOD and Role matrices templates to the Business owners.
• Interacted with the Role owners and the team lead for maintaining the correct restrictions on the Transaction codes and the activities within the Transaction codes.
• Worked closely with ECC Developers on LSMW for Data migration.
• Extensively used Automatic Profile Generator (PFCG) to create and maintain Parent and Child/Derived roles and to Upload and Download of roles.
• Transporting the change requests from the Development environment to Testing/QA environments.
• Created custom transaction Codes for restricting access to custom tables, views and programs.
• Created transaction variants for SE16 and SM30.
• Created Authorization groups and assigned Tables and Programs to the groups.
• Implemented Line Authorizations to restrict records and tcode using the critical Authorization Object S TABU LIN.
• Worked on critical authorization Objects like S TABU DIS, S DEVELOP, S RZL ADM, S ADMI FCD and S TRANSPRT.
• Performed reconciliation of user master record and roles using PFUD.
• Working extensively on Compliance User Provisioning (CUP) for access issues.
• Reviewed, Analyzed and manually removed the roles from the backend system using Access Control.
• Helped the users by role administration and guiding them on CUP usage.
• Maintain Ongoing software configs within GRC applications. Review & deploy Service Packs released by SAP.
• Worked with SAP Development on SAP GRC products for version 5.3
• Extensive experience of role maintenance using Risk Analysis at object level.
• Have done risk simulation for impacting Composite roles with assigned users.
• Extensively used the GRC suite of products (Compliance Calibrator, Firefighter, Role Expert and Access Enforcer).
• Created Analysis Authorizations to compensate for deactivated objects such as S RS ICUBE, S RS ODSO etc.
• Built Analysis Authorizations using the transaction RSECADMIN.
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Troubleshoot authorizations related problems using RSECADMIN
• Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1.
• Setup security at the Info objects level (field-level security).
• Created Custom Reporting Authorization Objects using transactionRSSM.
• Created roles restricting access toInfo cubes,ODS objects, specificqueriesandworkbooks.
• Troubleshoot authorizations related problems usingRSSMTRACEandST01
• Worked closely with MAP team for Query Creation, Planning and Assortment issues. .
• Created roles based on the requirements provided by the Solution Manager team.
• Developed Solution Manager roles by customizing the role templates provided by SAP
• Worked closely with Functional Team to fix issues related to Tech Specs and Func Specs.
• Resolved issues using SU53, ST01 and Debug mode.

Environment: ECC 6.0, CRM 7.0, GRC 5.2, CUA, Solution Manager 7.0, TREX 7.0, BI 7.0, Oracle 9i, VIRSA on Windows 2003/2008 VMware.

Confidential, Moses Lake, WA

SAP Security Consultant

Responsibilities:

• Worked extensively on Automatic Profile Generator (PFCG) for creating single, derived roles for modules such as SCM, PP, MM, SD, and FI/CO.
• Extensive interaction with Business Organization Managers to understand User and Role Mitigations and Critical Transactions.
• Created and maintained Authorization Groups for Tables and Reports and assigned them accordingly.
• Analyze and troubleshoot security issues using SU53, ST01 and SUIM
• Supported other teams by providing requested information.
• Worked with table authorizations to control access to tables and created customtable authorization groupsand assigned to tables using transactionSE54.
• Review and correction of sensitive authorizations such asS TABU DIS, S ADMI FCD, S DEVELOPetc.
• Reviewed the Organization structure, jobs, roles and the SOD matrix for the Security developed in SAP and handled SOD conflicts for Sarbanes Oxley Compliance.
• Supported audit team for generating audit reports as per the audit rules provided by the auditors
• Worked with process experts for SOD conflicts and assigned appropriate roles to the users
• Setting up SAP system for auto log-out, password length and expiration and specifying impermissible passwords.
• Worked closely with Audit team for SAP Security Audit and generated Audit Information System logs.
• Working closely with Audit team for user-role conflict removal in R/3 and BI.
• Perform regular system audits to detect deviations of established procedures, role mapping, unauthorized system activity and report findings to management
• Supported Internal and External security audits in the production system·
• Created Security reports as Key Controls for SOX including critical transactions/objects and user administration.
• Manually adjusted the BW roles to conform to BI 7.0 security.
• Setup BI security for user roles (query users, administrative users and power users)
• Built Analysis Authorizations using the transaction RSECADMIN.
• Assigned the Analysis Authorizations to the role using the object S RS AUTH.
• Created Custom Reporting Authorization Objects using transactionRSSM.
• Linked the Custom Authorization Object to the Info provider
• Created roles restricting access toInfo cubes,ODS objects, specificqueriesandworkbooks.
• Built authorizations to grant access to data on various levels of detail
• Setup security at the Info object level (field-level security) and key figure level.

Environment: SAP R/3 4.6, ECC 5.0, SAP BW 3.5, Oracle 8, 9i, GRC 5.1, VIRSA, CUA & Sun Solaris 8,9

Confidential, Jacksonville, FL

Responsibilities:

• Assisted in creating and maintaining security policies and procedures, and all SAP authorizations, profiles and roles
• Created and modified Single roles, Composite roles and derived roles using the Automatic Profile Generator (PFCG) from the Role Matrices provided by the functional team.
• Setup Traces for authorization purposes and Security Audit Logs for audit purposes.
• Created CATT scripts for creating mass users, deleting mass users, assigning roles to users, locking and unlocking mass users. Used SU10 to perform mass operations.
• Used Transport Management System (TMS) to perform transports and mass transports of roles.
• Created and maintained table Authorization Groups SE54 and assigned Authorization Groups to tables
• Created Custom Transactions Code for tables and programs using SE93
• Implemented Position Based Security by assigning Roles to Positions.
• Assigned users and roles to positions using both PFCG and PPOM OLD
• Implemented Structural Authorizations by Evaluation path method in the Org Structure.
• Maintained Employee Master Data using transaction codes PA30, PA40
• Experienced in creating Context-sensitive Authorizations usingP ORGINXX
• Developed enterprise structure to fit company needs including personnel area, personnel sub-area, employee group and employee sub-group.
• Extensively worked on Compliance Calibrator to identify, analyze and resolve all SOD and Audit Issues, simulate the role and assign the role to the user using PFCG
• Assisted Internal Auditors in framing new Rules for combination of new T-codes in ECC 5.0.
• Worked with Internal Auditors in creation of User and Role Mitigations and uploaded them.
• Configured and used Firefighter.
• Extensively worked on Firefighter tool (/n/VIRSA/VFAT) Giving emergency access to the required critical t-codes through Firefighter tool
• Worked with the Internal Audit team to prepare the BW systems for Audit for the current fiscal year.
• Identified gaps and problems in BW role designs and resolved some of the gaps
• Identified BW specific audit rules to generate reports for auditors
• Creating Custom Reporting Authorization Objects using transaction RSSM
• Created roles for restricting access to queries, workbooks, info cubes etc.
• Involved in testing of the roles along with the BW team members
• Troubleshoot authorizations related problems using RSSMTRACE and using RSSM

Environment: SAP R/3 4.6, ECC 5.0, SAP BW 3.5, Oracle 8, 9i, GRC 5.1, VIRSA, CUA & Sun Solaris 8,9