SUMMARY:

• IT Professional with several years of experience in SAP Security
• Experience in maintaining security on SAP R/3 releases 4.6c, 4.7d, ECC 5.0, and ECC6.0
• Previously involved in SAP ECC project lifecycle implementations from the Design phase to Post - implementation phase on various security projects
• Experienced in user administration and role assignment in CUA (Central User Administration), using SU01 and Solution Manager
• Designed various types of roles (Master Role, Derived Role, Composite Role and Single Role designing) using Profile Generator (PFCG); while ensuring SAP best practices are followed
• Designed role matrices for new implementations through the grouping of t-codes based on Role-to-task matrices from the business
• Experience with GRC 10.0 and IDM in basic administration and maintenance
• Utilized GRC CUP (Compliant User Provisioning) to assign single roles to end users going through role/manager approvals and Risk Analysis for SOD violations; also configuring initiators, custom approver determinators, and approvers in the config tab
• Maintained weekly SOD reports for each business area and provided audit with reports
• Used GRC RAR and Approva for running risk simulations and identifying SOD violations
• Recently worked with the GRC component SPM - Firefighter to assign emergency access
• Practical knowledge in Enterprise Portal Security and the SSO function with the use of NetWeaver 2004s;
• Experienced in maintaining CUA landscape, connecting systems, utilizing tcodes SCUA, SCUG, SCUM, and SCUL; troubleshooting idoc errors (BD87)
• Performed HR security through assignment of jobs, positions and structural authorization profiles
• Some experience in developing business roles, PFCG roles, and web UI roles for CRM 7.0 and also assigning these to service users for the CRM module
• Experience with BI and CRM 7.0 security administration in an HR based environment
• Worked on process improvement and role redesign - identifying/analyzing security issues, and recommending multiple solutions
• Worked with the functional and development teams for role development and strategy
• Experienced using security tables such as AGR* and USR*
• Extensive skills in SAP ECC Security troubleshooting (SU53, ST01, SUIM, and ST22)
• Experience in working with transports (using STMS) - transporting roles to prod; used tools such as ChaRM and Rev-Trac for transport processes and approval workflows
• Used t-code SM20 to pull data for audit log purposes; also retrieved many reports for security audit checks in all systems
• Thorough experience in the maintenance of authorization objects with t-code SU24
• Implemented and established standards for custom authorization objects via SU21
• Utilized tool called HPQC (Quality Center) Test Director during the implementation phase and initial build
• Experienced in basic Basis support tasks such as using STMS, client admin, box lockdown, and maintained server and tuning for performance
• Great cooperation and communication with Business Process Owners, the Steering Committee and auditors to solve various security problems

TECHNICAL SKILLS:

ERP: SAP R/3 4.6c/4.7d/ECC5.0/ECC6.0/ NetWeaver 2004s

Applications: Microsoft Office 2010, 2007, 2003, and Microsoft Visio

Operating Systems: Windows 7/Vista/XP/2000/NT, UNIX, LINUX

PROFESSIONAL EXPERIENCE:

Confidential, Richardson, Texas

SAP Security Admin/Analyst

Responsibilities:

• Responsible for daily Production support globally across all systems including ECC 6.0, BI, SolMan, PI, SCM, CRM, HR systems, and all Portals; performed this utilizing the CA Service Desk ticketing system to resolve requests, incidents, and change orders
• SAP GRC 10.0 and IDM tools were installed by the SAP team, and utilized by our team
• Performed user provisioning, role maintenance, role administration, and security reports/analysis
• Emergency access (EAM/FireFighter) support provided to the business to resolve high impact production issues promptly
• Supported and participated in ‘Project Clean’, a Role re-design project across all modules led by security consultants from SAP utilizing the three tier role build strategy (display/task/gen role)
• Troubleshooting user provisioning issues (SU53 and ST01 traces)
• Utilized SECAT to create/run ecatt scripts to help mass user creates and role builds/maint
• Worked closely with role owners and role approvers to analyze and determine the most appropriate and efficient way to deliver authorizations to end users
• Users assigned their respective Enterprise roles in IDM, providing users access across all sap systems with technical roles assigned
• Performed Role simulations within GRC access management for any role changes to analyze risks/impact involved, and any SOD violations created; communicating all risks to role owners
• Performed user admin in IDM for only users in Dev and Qa systems
• Managing the full life cycle of role changes from Development to testing in QA and finally importing into Production by utilizing ChaRM, a transport/ccb management tool
• Assisted in process improvements for ChaRM workflow, approvals, tickets, and user admin
• Utilizing SAP Service Marketplace (developer keys, search SAP notes, user id creation, and user access within the marketplace)
• Performed some BI security support and provided access to queries/reports (incl. custom) & power user access
• Used SUIM reports and se16 security tables daily for role/user information/analysis
• Completed monthly security checks and int/ext audit requests; SUIM reports for analysis on users with critical auth objects, access and system settings
• Participated in on-call support on a weekly rotation within the team
• Provided excellent communication and customer service to the business and end users

Confidential, Fort Worth, Texas

SAP Security Consultant

Environment: SAP ECC6.0, BI 7.0, Sol Man, SRM, CRM 7.0, GTS 10.0, IMRO, XI/PI, BizRights Approva

Responsibilities:

• Production support across all systems and all Business Units of Textron (months Oct - Jan)
• Resolved all types of security tickets using USD Service Desk including role creations, role maintenance, user administration, audit reports, open client and OSS id requests
• Provided developer keys and SAP Service Marketplace ids and authorizations to users
• Responsible for weekly queue monitor, on a rotating basis
• Attended Change control status calls for various role create/change requests
• Utilized the Rev-Trac transport and approval component in SAP
• Used ecatt scripts to perform clean up requests, such as deleting obsolete roles from all systems
• Performed SOD checks, using BizRights Approva, on all roles that were modified or newly created to ensure there are no violations within the role, including singles within composites
• Business Systems Modernization project (BSM) at Confidential - Responsible for IMRO & Production Operations security role design and development, analysis, testing, and user administration, assignment roles and solving USD tickets (Feb - present)
• Assisted security team in developing business roles and assigning PFCG roles for CRM 7.0, and also administering and defining web UI roles for functional and service users in the CRM module
• Assigned project roles (config, abap, business) to users in GTS, IMRO, ECC, CRM, and SRM
• Created many RFC and other system users for Basis to perform their connection activities
• Performed security audit checklists on all new and refreshed systems ensuring CUA connected, parameters set, and access is safe for users
• Based on Role-to-task matrices provided from the business, analysis was performed to group the t-codes to each Business Process Role
• Designed role matrices for new implementations through the grouping of t-codes, each pertaining to a Business Process role
• Defined role strategy for composite role build based on the Business Process roles provided
• Performed SOD checks on all single roles to ensure no violations
• Performed maintenance in CUA landscape, connecting systems; use of t-codes SCUA, SCUG, SCUM, and SCUL; troubleshooting idoc errors (BD87)
• Went through many review meetings on the role design and strategy to the business
• Worked with the functional teams to fill in all missing authorization values in security roles, based on their transaction task instructions performed in the development system prior to design
• Worked with the ABAP team to ensure all custom t-codes had auth checks and objects assigned
• Performed unit tests on each role to test each t-code executes with proper authority
• Created test ids, password resets, and test scripts for teams to test our security roles
• Utilized HPQC for solving defects created by the functional testers during Fuctional testing, integration testing

SAP Security Consultant

Confidential, Atlanta, GA

Environment : SAP ECC6.0, BI 7.0, Solution Manager, SCM, XI/PI, GRC 5.3 suite

Responsibilities:

• Completed change request tickets using the SAP Service Desk application on all systems for development, integration testing, and production support
• Performed user administration using the CUA (Central User Admin) tool across all systems, which include new hires, temp workers, contractors, and terminations
• Utilized GRC CUP (Compliant User Provisioning) to assign single roles to end users going through role/manager approvals and Risk Analysis for SOD violations
• Created CUP requests for FireFighter (Super user Privilege Management) access in Production for emergency issues
• Made modifications to the FireFighter ids and roles segregated by functional modules
• Conducted single role modifications to transaction codes and authorization objects through tcode PFCG, while also monitoring organization values
• Extensive use of tcodes SE10 and STMS for transporting roles and authorization objects in SU24, after check/maintaining the values that are brought in
• Locking and unlocking of users and user groups on specified systems when patches or refreshes need to be done using SU10 and EWZ5 for mass lock
• Administered OSS ids for OSS notes issues through the secured SAP Service Marketplace
• Performed plant analysis through plant config table T00W1 and SUIM reports for pulling data
• Used tcode SE16 and analyzed security tables such as AGR* and USR*
• Conducted user administration for SCM/APO in SU01 and assigned SCM roles as requested
• Assigned SCM roles SAP BC LVC USER (for displaying the liveCache) and SAP BC LVC ADMINISTRATOR (for administering and configuring liveCache)
• Administered SCM roles through pfcg and in the UME web tool based in IDM by using SCMBC-SEC-USR-PFC (Authorization and Role Management)
• Created users in the XI/PI system module and assigned basic user access as well as specific XI roles ensuring that all system data is in sync with all other integrated softwares and 3rd party tools

SAP Security Administrator

Confidential, Scottsdale, Arizona

Environment: SAP R/3 ECC 5.0 to ECC6.0, HR, CRM 7.0, GRC Suite

Responsibilities:

• Performed various security role clean-ups in the R/3 system in order to ensure compliancy and tighter security
• Assisted in the system upgrade of ECC 5.0 to ECC 6.0, which included numerous testing of roles and authorizations involved, the use of t-code SU25 and the process of downloading/uploading the authorization tables USOBT C and USOBX C into the upgraded system
• Checked to see if there was a user master record created for each user defining a user ID and password. Ensured each user was assigned to a user group, in the user master record, commensurate with their job responsibilities
• Assessed and reviewed the use of the authorization object S TABU DIS and the table authorization classes (TDDAT) to determine whether all system tables are assigned an appropriate authorization class related to their job
• Assessed and reviewed the use of the authorization objects S Program and S Editor and the review of program classes (TRDIR) to see whether all programs were assigned the appropriate program class and the users are assigned program classes that commensurate with their job responsibilities
• Reviewed through audit information system (SECR) or through a review of table USR02, whether user master records have been properly established and in particular the profiles SAP ALL and SAP NEW are not assigned to any user master records
• Reviewed GRC Firefighter roles to ensure that they had the correct authorizations pertaining to their emergency job functions
• Performed Production support across all systems including ECC 6.0, BI 7.0, Solution Manager, CRM, and GRC 5.3 Compliant User Provisioning
• Performed SOD risk analysis for adding new access to business users and end users
• Evaluated and analyzed security tables such as AGR* and USR*, and utilized SUIM reporting
• Added role approvers and assisted in GRC CUP configuration by adding initiators for new roles
• Administered all users through the Central User Admin piece installed on our Solution manager box
• Provided adjustments to company security processes and strategy for auditing purposes

SAP Security Administrator

Confidential, Fort Worth, Texas

Environment: SAP R/3 ECC 5.0, BI 7.0, ECC6.0, SRM, NetWeaver 2004s, Biz Rights Approva

Responsibilities:

• Participated in the P2P (Procure to Pay) project Post Go-live support for Confidential
• Performed Day to Day maintenance of the enterprise wide SAP Security framework
• Utilized the SAP Profile Generator (PFCG) to create new and modify existing SAP Security Roles/profiles
• Used the USD (Service Desk) ticketing system for all production, q/a, and dev requests
• Used a custom Z-transaction for mass user generation
• Used the Rev-trac transporting system for all authorization object, single role, and composite role modifications, which was connected to the SAP R/3 system
• Troubleshot existing user roles, security objects and authorizations to resolve security conflicts
• Created Master, Derived, and Composite roles
• Perform regular system audits to detect deviations of established procedures, role mapping, and unauthorized system activity and report findings to management
• Developed, maintained, implemented, and communicated security policies and procedures
• Worked with the business managers in refining or changing SAP roles
• Utilized the Segregation of Duties (SOD) system tool to validate user role assignments and to validate modifications to Roles and profiles through the use of the Approva tool
• Verification of approvals regarding user access modifications
• Issued Fire call ids for emergency access, and created SM20 reports to log the user’s actions for a period of time
• Used transaction code SUIM for pulling reports on roles, users, and auth objects
• Interfaced effectively with customers, vendors, and peers
• Knowledgeable of the system landscape and migration flow
• Supported integration testing of roles/profiles
• Monitored progress on work queues to ensure that all open items are being resolved in a timely fashion
• Mentored others in troubleshooting (SU53 and ST01) priority setting, and project management
• Participated in the Cessna D2 implementation, focusing on 4 modules (Supply Chain, Experimental, Operations, and Finance) in an ITAR secured environment
• Developed security role matrices that included Test ids, composite role, single role, and transaction codes for each functional area
• Use of web based testing tool called Test Director to fix defects in our security roles
• Logged all changes of roles in unit tests and in role description tabs for audit purposes
• Performed 3 integration testing cycles before the Dry Runs
• Performed various security role clean ups
• Conducted weekly meetings with Functional Team leads to discuss role changes

SAP Security Administrator

Confidential, St. Louis, Missouri

Environment: SAP R/3 4.6c, HR ECC 6.0, BI 7.0

Responsibilities:

• Extensive use of the Remedy ticketing software for all user support, administration, and role development issues on BI, HR, R/3, AP0, and CRM systems
• Worked in an HR based security environment where jobs and positions are assigned to single roles and composite roles
• Maintained the use of Structural Authorizations to grant access to view personnel data
• Responsible for maintaining Job-based security administration, including design and testing
• Responsible for maintaining user support on various clients in DEV, Q/A, and Production
• Basic user administration and role designing/mapping though the use of t-codes SU01 & PFCG
• Browsed and analyzed various HR and security tables such as HRP1208, PA0001, PA0010, HRP1000 for finding specific jobs, locations, org units, through t-code SE16
• Processed TAW (Temporary Agency Worker) workflows in the HR box through the locking of IDs, changes to validity dates, and updating HR info through t-code PA30, and specific infotypes
• Transported roles across all systems through extensive use of t-codes PFCG (to create the transport requests), SE10 (to view and release requests), and SCC1 (to import roles on a separate client)
• Performed table protection through the use of t-code SE54 to create auth. groups
• Responsible for role-cleanup (the removing of closed plant specific roles on all systems)
• Developed recommendations for improving security design to accomplish providing appropriate access to SAP in a timely fashion, minimizing risks around access to critical transactions, and minimizing issues around segregation of duties
• Used an MS Access based RBE tool to analyze the frequency of transactions used on a user to determine if user doesn’t use an assigned t-code so that role-cleanup can take place
• Worked with functional teams on FI, MM, and SD modules for role development testing and analysis
• Worked with internal auditors for approval processes regarding SOD (Segregation of Duties) issues in the mapping of roles
• Assignment of the Power user role and reports role in the BI system for users to access BI data
• Performed BI InfoObject maintenance through transaction RSD1 and also used RSECADMIN to manage the authorizations in an HR integrated environment
• Solved missing authorization issues though the use of maintaining auth. objects in t-code SU24, and then bringing those changed objects though the Expert Mode in PFCG
• Mapping jobs to roles, and positions to roles using eCATT scripts through t-code SECAT
• Used t-code PO03 to maintain jobs
• Used GRC component Firefighter 5.2 to create super user ids for emergency access and assigned them the FF roles depending on their job
• Troubleshoot R/3 security problems by using different methods such as system trace (ST01), parameter change (RZ11), buffer reset, SU53, and SU56 in order to analyze security problem

SAP Security Analyst

Confidential, NJ

Environment: Windows XP, SAP ECC 6.0, BW 3.5, VIRSA 4.0, CRM 5.0, HR

Responsibilities:

• Responsible for the implementation of Role-based security administration, including design, testing and documentation
• Worked with profile generator (PFCG) in creating single roles, derived roles, and composite roles
• Created and assigned roles to users on CRM 5.0 system
• Worked with functional CRM consultants to determine what authorizations were needed for specific users
• Created many Service user ids for the CRM piece so that the client’s customers had access to various data on the client’s system
• Worked with the GRC component Compliance Calibrator in identifying conflicting single roles and composite roles
• Created new and edited the existing Roles as per the requirements coming through Help Desk which involves the inclusion of transactions in the menu tree or editing the activities as per SU53 results
• In the process of implementing HR security on a separate box - responsible for basic HR security administration (creation of users, assignment of jobs and positions, and assignment of org units)
• Ran security reports for critical transactions and objects and for users who never logged on
• Worked with functional team leads to define the new customized transactions
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes
• Troubleshoot R/3 security problems by using different scenarios such as system trace, parameter change, buffer reset, SU53, and SU56 in order to analyze security issues
• Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization error using Trace, ST01 and SU53
• Extensively used Central User Administration (CUA) using SCUM and SCUL
• Performed basic Basis tasks - STMS system to transport the objects from Development to QA and then to Production, Client administration tasks using SCCL and SCC9, monitoring servers and jobs, and box lockdown of users using tcode EWZ5
• Created CATT scripts for mass user creation
• Coordinated with the functional and business teams
• Scheduled the security background jobs that generate the reports using transaction code SM36
• SAP User Access Management and Auditing for Sarbanes-Oxley Compliance requirements and remediation of security roles for SOD conflicts
• Assisted in the Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls
• Resolved many missing authorization issues by analyzing the SU53 screen shots
• Configured roles and authorization objects to secure reporting users