SUMMARY:

• SAP Security Lead, SAP HANA Security & GRC Architect and Analyst, with over 12 years of extensive experience in SAP Security and BASIS administration, system implementations, upgrades, migrations. Knowledge in data warehousing, modelling and reporting.
• Detail Oriented, organized, customer focused individual, with strong professional integrity. Ability to establish and maintain high level customer trust and confidence, business relationships with excellent communication skills with both technical and business audience.

PROFESSIONAL EXPERIENCE:

Confidential, New York

SAP Security, HANA Architect

Responsibilities: 

• Reviewed SAP Security and documented the recommendations and suggestions to implement best SAP Security solution such as table maintenance via SM30.
• Designed roles for new projects following proper naming conventions and robust security standards.
• Re - designed existing roles which were poorly designed.
• Tracing (ST01/SU53) users authorization errors.
• Providing BW and BOBJ security support to the development teams and end users
• GRC administration for Access Controls and Process Controls
• Role creation, user provisioning and providing support for UME or Portal Security.
• Provisioned users using Central User Administration on multiple non-production and production systems
• Running CATT (SECATT) scripts for mass provisioning of users and role assignments.
• Role building for various markets restricting the user’s access to their respective markets in line with the business needs. Building roles for processes such as order to cash, procure to manufacture, make to deliver, procure to pay, record to reports involving modules such as FI/CO, SD, MM, PP, SCM, CRM, GTS, APO, HR BI-BOBJ and so on.
• Administered UME Security for eSourcing to maintain suppler details, Portals, etc.
• Configured and maintained RFC connections to establish communication between various SAP systems within the SAP System Landscape and also to establish communication with non-SAP applications.
• Created Incidents and maintaining OSS connections for customer support from SAP

Confidential, New Jersey

SAP Security & GRC Analyst

• Supporting and assisting 10,000 plus user base as part of Hyper-care after the go-live. Overall over the globe supporting more than 40,000 customers and consultants in more than 70 countries across the globe.
• Managed off-shore teams and liaised with the teams and provided direction and guidance on how to carry out the tasks.
• Role building for various markets restricting the user’s access to their respective markets in line with the business needs. Building roles for processes such as order to cash, procure to manufacture, make to deliver, procure to pay, record to reports involving modules such as FI/CO, SD, MM, PP, SCM, CRM, GTS, APO, HR BI-BOBJ and so on.
• Provisioning users using Central User Administration on multiple non-production systems
• Resolving GRC issues and educating users, managers and owners with proper use of tool for Access Request submission, Risk Analysis and so on.
• Maintaining SOD Rule sets and mitigating controls for Access Control to identify risks and notify violations.
• Created and maintained Mitigating Controls to exclude certain risks for which the business had, in system and out of system controls.
• Master Data setup for Emergency Access Management for approvers, controllers, internal auditors and users along with firefighter user ids for firefighters.
• Securing Firefighter user ids from unauthorized access by creating user exit for the firefighter user ids.
• Setup batch jobs for generating Crystal Reports, Table format reports for Risk Analysis, etc.
• Setup of batch jobs ­to synchronize roles, profiles, users and roles from repository.
• Configuration for automatic provisioning of users, roles directly to user master record.
• Configuring secret security questions for Password Self Service functionality.
• Master data setup for Access Control owners for ARM, EAM, BRM and ARA (RAR) both in GRC system and NetWeaver Business Client (NWBC).

Confidential

SAP Security/GRC Administrator

• Identified and Activated BC sets for Access Control to work by default.
• Worked with SPRO to setup and maintain configuration settings, connections to plug-in systems.
• Created and maintained RFC connections to ERP systems where the AC 10.1 plug-in is installed.
• Created and maintained SOD Rule sets for Access Control to identify risks and notify violations.
• Created and maintained Mitigating Controls to exclude certain risks for which the business had, in system and out of system controls.
• Enabled Risk Terminators for certain transactions if violations exist.
• Worked with Business Rule Framework (BRF+) to activate business rules and customize according to the organizational requirements.
• Creation of Initiator Rules, Agent rules to setup Multi Stage Multi Path workflows for access requests, approvals and provisioning of users, access assignments, role updates, risk analysis and remediation.
• Master Data setup for Emergency Access Management for approvers, controllers, internal auditors and users along with firefighter user ids for firefighters.
• Securing Firefighter user ids from unauthorized access by creating user exit for the firefighter user ids.
• Setup batch jobs for generating Crystal Reports, Table format reports for Risk Analysis, etc.
• Setup of batch jobs ­to synchronize roles, profiles, users and roles from repository.
• Integration of HR Triggers with Access Control for automatic provisioning of users, roles in back-end.
• Configuration for automatic provisioning of users, roles directly to user master record.
• Configuring secret security questions or activating HR Triggers for security questions to be read from HR Master Data for Password Self Service.
• Master data setup for Access Control owners for ARM, EAM, BRM and ARA (RAR) both in GRC system and NetWeaver Business Client (NWBC).
• Provided support to Business Process Owners, Role Owners, Managers and Users to familiarize with the tool.
• Documented Risk and Control Matrix (RACM) for SOX controls.