Summary

• An experienced professional with overall 8 years of IT experience and SAP Security GRC consultant with around 6 years of extensive experience in SAP Security Implementation and Production Support Specialized in SAP Security in GRC ,ECC, BW/BI, SRM, CRM, Virsa Compliance Calibrator, Virsa Firefighter CUA.
• Seeking a challenging and a responsible position in the field of SAP Security GRC that enables to bring the best of my abilities, utilize my skills and knowledge towards the growth of the organization, and be exposed to the latest tools and technologies

Key Strengths:

• I was involved in numerous SAP Security and IT infrastructure implementation,and has
• significant experience in all stages of SAP Security delivery cycles Security Analysis, Security
• Design and Implementation, Testing
• I have Implemented five SAP security models with focus towards Segregation of Duties SOD ,
• Sarbanes-Oxley Act SOX , and with best security practices.
• I have extensive experience in managing and delivering engagements, leading teams and working
• with all levels of management. As a SAP Security and GRC consultant, he assisted different
• teams, i.e. Business Process experts, Internal Auditors, Functional Consultants, Change
• Management, Solution Architecture, Central Infrastructure Team.
• I have an a excellent understanding of SAP audit and compliance, having performed and managed
• numerous IT and application controls reviews.

Core Competencies:

• SOD Tools, SAP GRC 10.0
• SAP 4.7, ECC 5.0, ECC 6.0, BW/BI, CRM, SRM HR
• Databases, Oracle, DB2, Max DB
• Operating Systems, Win2000, Win 2003, Win 2008 R2, AIX, UNIX and Linux
• SAP GRC Access Controls 10.0 GRC300
• SAP GRC Principles and Harmonization GRC100
• SAP ABAP as Authorisation Concept ADM940
• SAP BW User Management and Authorizations BW365
• SAP Authorizations in HCM HR940

Professional Experience:

Confidential

SAP Security Analyst

• Work with the Business Process Owner, SAP Functional/Technical SMEs for requirements gathering, blueprint, role redesign, testing and go-live activities
• Extensive strong experience in SAP GRC 10 and GRC 5.3 Version including migration/upgrade, Full implementation etc
• Identifying and recognizing business needs. Prioritizing the SAP GRC AC components implementation Configuration of business requirements in SAP GRC system
• Setup background jobs and scheduling synchronization jobs for profiles/roles/users
• Connector configurations Satellite systems to GRC 10.0 system
• Analyzed and evaluated the existing system and provided TOBE approach to reduce the SoDs in ECC system
• Consolidated GRC 10.0 Issues and highlighted the Problem Statement, Detective Preventive In addition, Corrective Procedures, root causes in GRC 10.0 AC. Interacted on a weekly base with System stakeholders and risk owners
• Configured centralized / decentralized firefighter ID base, Role base FFID and Region code.
• Assisted in performing post installation activities for on Production and Non-production Systems performed ARA Configuration and Configurations EAM / SPM / FF , Integrated GRC 10.0 system with target systems, Rebuilt Custom Rule-Sets from ground level and Included custom built Functions and Risks.
• Prepared the production SAP GRC system for go-live activities included were end-user Training, GRC Support Plan, GRC End User to Access Mapping, performed Training Sessions, Production Readiness Checklist, prepared Training content
• Configured four components of Access control, Created global RuleSet and Customized GRC RuleSet, Performed Post installation configurations, customized MSMP Workflows Multi Stage Multi Path and also worked on Business rule framework plus BRF plus
• Implemented all four omponents of Access Control i.e. Access Risk Analysis ARA 10.0, Central Emergency Access EAM 10.0, Access Request Management ARM 10.0 and Business Role Management BRM 10.0
• Configuration of the GRC system with the satellite systems such as ECC, BI and HR
• Work with the basis team to configure system parameters RFC connection for GRC to connect with other SAP systems
• Activating the application, BC sets and generate SAP Pre-delivered roles for system connectivity
• Perform GRC configuration and use GRC tools in the creation and maintenance of security roles
• Create SAP transports and work within change management guidelines ensuring that all transports moved into production maintain system integrity
• Emergency Access Request management and follow the change management process for user/role assignment

Confidential

• Implemented GRC 10 ARA EAM component Modified ECC 6.0 roles
• Password self-service configuration
• Preparation of complete GRC 10 AC implementation plan
• Conducting Business requirements gathering workshops and collating all the requirements for building the Business Blueprint documentations
• Conducting technical know-how sessions to the business teams on ARA and EAM
• Presentations on Access Risk Analysis
• SAP GRC landscape design.
• Activation of SAP GRC BC sets.
• Activation of relevant SAP GRC rule sets.
• Preparing and delivering the end user training.
• Understanding existing process flow for creating new user SAP account
• Providing suggestions to improve the approval process
• Workflow configuration in GRC system for creating new user SAP account
• Identifying the required request approvers and mapping the same in workflow.
• Password self-service configuration
• Configuration of custom initiator rule based upon business needs.
• Configuration of custom agent rule
• Ran Monitoring background jobs.
• LDAP configuration in GRC system with Microsoft Active Directory
• Ran and scheduling synchronization jobs for users/roles/profiles
• Troubleshooting background jobs issues.
• Modified ECC 6.0 roles
• Defining different types of request types based upon business needs
• Configuration documentation presentation

Confidential

SAP Security Consultant

• Created and maintained the user master records.
• Discuss with end user and collect all information required to design roles.
• Giving the Roles, Profiles to the users upon request.
• Identify any discrepancies in roles and resolve.
• Perform system trace for authorization issues when it makes sense to do so to resolve auth issues.
• Review and request any SU53 auth check report from the customers having problem for validation of errors.
• Maintain spreadsheet of process owners and replies to the role/user review process.
• Create and release the change request for transporting the role.
• Establish new and maintain the Test-Id's in Development and Quality.
• Monitor security parameters.
• Created and assigned roles in Development system.
• User Maintenance creation /deletion /lockdown/password protection /activation
• Restrict open authorizations to sensitive Transaction codes.
• Maintained Security related tables like USR40.
• Reorganizing and Redefining of existing roles
• Ensured confidentiality, integrity, and accessibility of information from the designated backend systems
• Used to check tables USOBT C and USOBX C to check what authorization checks are there for a transaction code and to what authorization objects should be there in PFCG.
• Used eCATT tool extensively for mass generation of users
• Participates with the administration of ID creation and maintenance, transport creation/release/move, role creation/maintenance, and Organizational levels creation/maintenance
• Analyzed the existing business process for existing profiles and implemented that in the current environment.
• Perform trouble shooting on R/3 security problems using system traces
• Specialist on different projects like Implementations, Upgrades, Redesign, Rollouts, Audit and Production Support.

Confidential

IT / ADMINISTRATOR

• Install or repair Windows or Macintosh Computers with standardized applications and networking software, diagnosing and solving problems that develop in their operations.
• Respond to user questions and explain the operation of network applications and equipment.
• Install and configure local area data communications networks, which may carry data, voice and video communications following organization standards.