PROFESSIONAL SUMMARY

• Strong experience in Software Development Life Cycle (SDLC) Implementations, SAP Security, Confidential, HANA, GRC configuration and implementations
• Strong experience in developing, implementing, and maintaining application security using Profile Generator (PFCG) for various SAP modules such as FI/CO, MM, PP, SD, HR, HCM, PS, SCM, SRM, CRM, SolMan, BI/BW.
• Experienced in UME administration for all Java based applications such as PI, Ariba, eSourcing portal and experienced in SAP NetWeaver administration functions.
• Hands on Experience on HR/HCM Security, Organization Structures PA, PD, Payroll, Time, Travel, E - Recruiting and ESS and MSS Modules.
• Experienced in working for Full Life Cycle Implementations, Go-Live, Post Go-Live, and Production Support projects.
• Experienced in Solution Manager, working with work centers, System Development Landscape (SLD), Change and Request Management (CHARM) and also used CTS+ and REVTRAC for change management process.
• Worked with ASAP, Prince 2, Agile and other project management methodologies. Familiar with Agile (work requests) and Waterfall (Prince 2 or ASAP) methodologies.
• SPAD, SCOT configuration and maintaining profile parameters and checking SOST for fax errors.
• Adhered to the Service Level Agreements (SLA) to complete the tickets within turnaround periods.
• Good understanding of ABAP Programming Language.
• SAP Security Lead, SAP HANA Security & GRC Architect and Analyst, with over 12 years of extensive experience in SAP Security and Confidential administration, system implementations, upgrades, migrations. Knowledge in data warehousing, modelling and reporting.
• Detail Oriented, organized, customer focused individual, with strong professional integrity. Ability to establish and maintain high level customer trust and confidence, business relationships with excellent communication skills both technical and business audience.

EMPLOYMENT HISTORY

Bloomberg, LP

SAP Security, HANA Architect

Confidential - Security Design

• Worked on cloud based Confidential to enable self-service functionality for suppliers to register and maintain supplier information.
• Designed security controls for cloud based Confidential for suppliers to have two factor authentications.
• Configured SAML2 for single sign authentication to logon on over the organization network.
• Configured SOAP Adaptor for inbound and outbound cXML messages from Ariba to ECC and vice-versa to import and export supplier information, Invoice details, purchase order and materials/goods movement information.
• Updated roles for various groups with Ariba authorization objects such as /ARBA/PROG, /ARBA/RFC and business partner authorization objects such as B BUPA RLT, B BUPA BZT.
• Designed Security documentation for user and role administration and security (SOD) controls.
• Designed and documented Security for Master Data Governance (MDG) team to monitor and maintain Vendor information in ERP/ECC.
• Created a batch Job role and batch user to import supplier information on a periodical Confidential from Ariba to ECC using transaction code /ARBA/SIPM IN
• Created Authorization group to group all Ariba tables into one umbrella for better control and security to be maintained through SM30.

HANA DB Implementation

• Been part of implementation for database migration from oracle database to HANA DB.
• Configured HANA security policy and controls through HANA studio and Web IDE.
• Configured Audit policy and auditing controls in HANA System.
• Worked on Data Storage Security such as Data Volume Encryption root keys stored in SSFS.
• Configured password policy to enforce Authentication policy and configured SAML2 and SSO for Authentication. Also worked on certificate management to establish trust between systems.
• Been part of establishing JDBC/ODBC & HTTP connections along with Confidential team.
• Built design time roles or repository objects using stored procedures or sql statements and deployed them as runtime objects according to the SAP best practices using security artifacts for database users such as administrators, modelers and other users. Imported roles as delivery units to other systems and clients.
• Created package structures to secure roles from other users who have object level access
• Created Delivery Units to export and import packages from development to production.
• Created SLT user and schema and assigned appropriate authorizations for data replication.
• Created Analytical privileges for row-level security to view HANA models and data preview
• Role regeneration for the S/4 HANA upgrade project to identify irregularities and correct them and assignment of proper access controls for newly introduced transaction codes and authorization objects within the roles. 
• SU25 for comparison with SAP values and then checking SU24 changes for transaction codes check indicators and field values. Transaction codes that have undergone authorization object level change in new release and the re-generating the roles or authorization profiles that were affected by the change.
• Developed simple finance authorizations in application layer, identifying transaction code changes such as FAGLL03, FAGLB03 and so on and authorization changes. All information is now available in one table ACDOCA.
• Worked with Hadoop using SAP Data Integration with Data services or BODS for batch processing. Real time replication is done via SLT.

NetWeaver Administration

• Experienced in Identity management administration for user provisioning and user roles and user groups assignment using Identity Management in UME (User Management Engine).
• Configured LDAP and SAML2.0 for single sign-on authentication for accessing portals or NetWeaver applications.
• Defined UME actions which are collections of permissions used for Web Dynpro applications. Deployed UME actions with the applications and defined in the file actions.xml.
• Configured Access Control Lists (ACLs) to control the user of objects.
• Created Web Dynpro applications to create iView and used the URL to display as pages on portal.
• Activated services in SICF to establish communications from between ABAP and JAVA systems.
• Configured application gateway for network security to communicate with external applications.
• Configured SOA Manager for SOAP messages for inbound and outbound messages.
• Traced (ST01) and analyzed log files (SLG1) for troubleshooting issues.

Other duties:

• Reviewed SAP Security and documented the recommendations and provided suggestions to implement best SAP Security solution such as table maintenance via SM30.
• Designed roles for new projects following proper naming conventions and robust security standards.
• Re-designed existing roles which were poorly designed.
• Tracing (ST01/SU53) users authorization errors.
• Providing BW and BOBJ security support to the development teams and end users
• GRC administration for Access Controls and Process Controls
• Role creation, user provisioning and providing support for UME or Portal Security.
• Provisioned users using Central User Administration on multiple non-production and production systems
• Running CATT (SECATT) scripts for mass provisioning of users and role assignments.
• Role building for various markets restricting the user’s access to their respective markets in line with the business needs. Building roles for processes such as order to cash, procure to manufacture, make to deliver, procure to pay, record to reports involving modules such as FI/CO, SD, MM, PP, SCM, CRM, GTS, APO, HR BI-BOBJ and so on.
• Administered UME Security for eSourcing to maintain suppler details, Portals, etc.
• Configured and maintained RFC connections to establish communication between various SAP systems within the SAP System Landscape and also to establish communication with non-SAP applications.
• Created Incidents and maintaining OSS connections for customer support from SAP

Zoetis, New Jersey

SAP Security & GRC Analyst

My responsibilities include:

• Supporting and assisting 10,000 plus user base as part of Hyper-care after the go-live. Overall over the globe supporting more than 40,000 customers and consultants in more than 70 countries across the globe.
• Managed off-shore teams and liaised with the team and provided direction and guidance on how to carry out the tasks.
• Role building for various markets restricting the user’s access to their respective markets in line with the business needs. Building roles for processes such as order to cash, procure to manufacture, make to deliver, procure to pay, record to reports involving modules such as FI/CO, SD, MM, PP, SCM, CRM, GTS, APO, HR BI-BOBJ and so on.
• Provisioning users using Central User Administration on multiple non-production systems
• Resolving GRC issues and educating users, managers and owners with proper use of tool for Access Request submission, Risk Analysis and so on.
• Maintaining SOD Rule sets and mitigating controls for Access Control to identify risks and notify violations.
• Created and maintained Mitigating Controls to exclude certain risks for which the business had, in system and out of system controls.
• Master Data setup for Emergency Access Management for approvers, controllers, internal auditors and users along with firefighter user ids for firefighters.
• Securing Firefighter user ids from unauthorized access by creating user exit for the firefighter user ids.
• Setup batch jobs for generating Crystal Reports, Table format reports for Risk Analysis, etc.
• Setup of batch jobs ­to synchronize roles, profiles, users and roles from repository.
• Configuration for automatic provisioning of users, roles directly to user master record.
• Configuring secret security questions for Password Self Service functionality.
• Master data setup for Access Control owners for ARM, EAM, BRM and ARA (RAR) both in GRC system and NetWeaver Business Client (NWBC).

Central User Administration

• Configured CUA to connect various systems to Central system for user and role provisioning.
• Created logical systems for Central and Child systems and assigned clients to the logical systems.
• Migrated users from central to child systems or vice versa accordingly.
• Maintaining CUA and provisioning of users via CUA into various child systems.
• Performing text comparison to import roles from child systems to CUA client.
• Troubleshooting IDOCs using SCUL to identify the reasons for user master records or roles not being assigned to the child systems.
• Troubleshooting the system connectivity issues and for authorization error using SM59.

Confidential - BOBJ Security Implementation

• Implemented BI/BW Analysis Authorization using RSECADMIN, granting access to Multi-Providers and restricting access by company codes, plants, distribution channels and hierarchical restrictions.
• Assigned Analysis Authorization objects to roles using S RS AUTH Authorization object.
• Restricting access to reporting users by assigning display and execute permissions and power users by assigning maintain authorizations using S RS COMP & S RS COMP1 and other objects to grant access to relevant queries and reports.
• Imported and Mapped the roles in BOBJ environment and granting permissions to relevant folders by assigning the groups permissions.
• Creating Access Levels and Universes as well as folder groups and granting End user level and Power user level access to the relevant groups.
• Troubleshooting and rectifying the authorization and permission issues in BOBJ as well as in the backend using RSECADMIN.

Confidential

SAP security/GRC Administrator

• Confidential is Australia's national weather, climate and water agency. It provides regular forecasts, warnings, monitoring and advice spanning the Australian region and Antarctic territory, the Bureau provides one of the most fundamental and widely used services of government.
• Bureau’s IT systems comprises of various operating systems and applications. Bureau has implemented SAP applications to cater for its wide variety of Enterprise Resource Planning solutions. It ranges from FICO, MM, CRM, Human resources, ­­Business Intelligence, Enterprise Portals, Solution Manager and Process Integration and so on.
• As a Security and Confidential Administrator I have worked on various projects and have provided SAP Security services such as

GRC Access Control

• Identified and Activated BC sets for Access Control to work by default.
• Worked with SPRO to setup and maintain configuration settings, connections to plug-in systems.
• Created and maintained RFC connections to ERP systems where the AC 10.1 plug-in is installed.
• Created and maintained SOD Rule sets for Access Control to identify risks and notify violations.
• Created and maintained Mitigating Controls to exclude certain risks for which the business had, in system and out of system controls.
• Enabled Risk Terminators for certain transactions if violations exist.
• Worked with Business Rule Framework (BRF+) to activate business rules and customize according to the organizational requirements.
• Creation of Initiator Rules, Agent rules to setup Multi Stage Multi Path workflows for access requests, approvals and provisioning of users, access assignments, role updates, risk analysis and remediation.
• Master Data setup for Emergency Access Management for approvers, controllers, internal auditors and users along with firefighter user ids for firefighters.
• Securing Firefighter user ids from unauthorized access by creating user exit for the firefighter user ids.
• Setup batch jobs for generating Crystal Reports, Table format reports for Risk Analysis, etc.
• Setup of batch jobs ­to synchronize roles, profiles, users and roles from repository.
• Integration of HR Triggers with Access Control for automatic provisioning of users, roles in back-end.
• Configuration for automatic provisioning of users, roles directly to user master record.
• Configuring secret security questions or activating HR Triggers for security questions to be read from HR Master Data for Password Self Service.
• Master data setup for Access Control owners for ARM, EAM, BRM and ARA (RAR) both in GRC system and NetWeaver Business Client (NWBC).
• Provided support to Business Process Owners, Role Owners, Managers and Users to familiarize with the tool.
• Documented Risk and Control Matrix (RACM) for SOX controls.

SAP Identity Management (SAP IDM)

• Identity Services configuration built as a standards based single access point for querying and managing identity management in the complete system landscape.
• Established tight integration with SAP Business Suite and other non-sap application for usage of identity services for authentication to gain access to various systems.
• Configured identity services to provide web services access to identity data in Identity center.
• Utilized standard protocols such as LDAP, SNC, SSL, TCP/IP in order to make the service available to a variety of applications.
• Administered Identity Services operations such as creating and modifying users as well as assigning and removing privilege assignments and role assignments.

Confidential

• Configured Change and Transport System (CTS+) for transporting ABAP and non-ABAP objects from AS ABAP and AS JAVA/NWDI systems from multiple development workbenches to multiple backend system.
• Configuration and deployment of system landscape for projects and customer use as per business requirements.
• Installed SAP Solution Manager 7.1 with SAP NetWeaver 7.1 SP9 and configured SLD, SMSY and LMDB for collection of data from data suppliers that provides information to work centers in SAP Solution Manager Diagnostics.
• Installed Test Data Migration Server (TDMS) an extraction tool that populates data to development, test and training systems from live production systems.
• Utilized Software Update Manager 1.0 SP12 for upgrading of ABAP and NetWeaver applications such as EP, BW and PI from 7.2 to 7.40. Familiar with SWPM for installation of ABAP and NetWeaver systems used for 7.3 or higher.
• Configuring and maintaining RFC connections to establish communication between various SAP systems within the SAP System Landscape and also to establish communication with non-SAP applications.
• Confidential support for the SAP Support and business units including issue resolution, system tuning/monitoring, security, DB reorganizations, implementing advanced corrections, applying SP Stacks, patches, System refreshes etc. has been done either onsite or remotely.
• Configuration of Solution Manager for alert monitoring and email notifications.
• Ongoing Confidential support of an existing SAP GL (Financial/General Ledger) System.
• Ongoing monthly system/health checks have been carried out onsite.
• Development of technical specifications and administration documents.
• Implementation of new transport and QA approval strategy and assisting in the redesign of the SAP security strategy.
• Client/System refreshes from Production when required by the business.
• Setting up batch jobs to run on a periodical Confidential for technical and functional teams.
• Setting up advanced alerts in system for monitoring purposes using CCMS.

SAP Systems upgrade from 4.6C to ECC 6.0

Worked on a SAP Systems upgrade project as a Security Administrator, where the Bureau SAP systems were upgraded from 4.6B to ECC6.0 version 7.40, BW3.0 to BI/BW7.40, EP7, PI. As a security Administrator I worked on various aspects ranging from:

• Requirement gathering and holding numerous meetings and workshops with the Business Process Owners.
• Prepared a detailed document on existing security controls and emphasized the need for overhaul and re-design of the security roles.
• Prepared a Security Strategy and Plan document for the project.
• Prepared a detailed design document for the security solution (blueprint) that provides all the information required to build, test and implement the security configuration.
• Developed a SOD Matrix derived from ANAO best practices guide and Deloitte Audit Group recommendations for SAP Security controls that are compliant with Australian and International Laws and Regulations for the organization.
• As part of business blueprint I prepared a security blueprint for design and implementation of security roles using the new set of segregation of duties (SOD) rules.
• Developed Security Policies and Procedures document as well as process flow diagrams for various processes.
• Been part of the full implementation cycle overhauling the existing roles and redesigning of security roles in accordance with the business policies and procedures of the organization.
• The Security Documents were audited and approved by Business Process Owners, Role Owners or System Custodians as well as External Auditors such as Deloitte and Price Water Coopers.

Confidential, Melbourne

Network Security

• Web Filtering - Bluecoat Proxy - configured bluecoat devices (SG510) as a web proxy to allow internet access only to AD authenticated user group, who are allowed. Configured Rules based on categories (such as gaming, entertainment) to allow/deny access. Deployed Bluecoat director (dedicated appliance) to manage the bluecoat proxy.
• Firewall - Worked on check point firewall software installed on Dell server also Check point UTM appliances running R70. Deployed firewalls on the internet edge and also in DMZ zone. Configured the Firewalls in Router mode when the Layer 3 is terminated on the firewalls. Configured Firewall rules based on Source IP, Destination IP and Destination TCP/UDP port.