SUMMARY:

• Over 16 years of Information Security, Risk Assessment, Identity & Access Management and Governance experience with focus over Cloud Security, Risk and Compliance, Federation & Single Sign On, SAP Application Security and Mobile Application Security.
• Governance, Risk & Access Management: Advisory and principal implementation consultant to numerous fortune 500 companies like 3M, Polar, Pepsi, BHP Billiton, Sanofi Pharmaceuticals, NEC, ULTA, Ecopetrol, Qatar Petroleum, Loves Travel Stops. In - depth consulting expertise around new technologies - SAP GRC 10/10.1, SAP Identity Management 7.1/7.2/8.0, Sailpoint Identity IQ, Oracle Identity, BMC Control SA, Ping Identity, Active Directory Federation Services. Experienced in leading and delivering multiple client initiatives around SAP Security, SSO, Risk & Access Management.
• Cloud Security: Certified by (ISC)2 in CCSP and early adopter of Virtualization since Xen, ESX and AWS. Advisor for SaaS,PaaS and IaaS setup for Startup companies on AWS.
• Compliance and Regulations: Has experience in compliance and regulations like SOX, HIPAA, PCI DSS, FISMA, EU Data Privacy Export Regulations and implementation controls and regulations like NIST 800-53, ISO 27001.
• SAP Application Security: Lead many SAP implementations as an application security architect for SAP ECC, CRM, SRM, BI4 (BOBJ), HANA, Mobility (SMP/Fiori), Netweaver. Implementation of SSO, Multiple Authentication Methods, Custom 2FA, TOTP, OTP, Mobile 2 Factor Contract and many other forms of Authentication.
• Advisor & Architect: Extensive experience in advising customers in strategizing their identity, access and risk management roadmap and streamlining their requirements. Involved in solving complex business problems related to identity crisis, single sign on and application security. Assisted SAP on multiple occasions to help their customers in bottleneck situations.
• Product & Project Management: He has spent almost 6-7 years of his career managing products and their lifecycle for SAP and Partners for SAP. He is well versed in product based ecosystems and their entire cycle starting from conception to realization and support at a very detailed level. He has 4-5 years of project management experience.
• Industries and Customers: He has served many customers including 3M, Loves, Sanofi, JABIL, ULTA, Ecopetrol, Qatar Petroleum, Polar C.A., Reliance Industries, Novartis, Electricidad de Caracas, BHP Billiton, Pepsi Bottling Ventures, Aricent, Barloworld etc. Industry experience in domains of utility, oil and gas, high tech, manufacturing, pharmaceuticals and petrochemicals.
• Community: Authored many articles in various technology magazines on Application Security and Identity Management and Speaker at various occasions on request for e.g., in SAP TechEd, SAP Summit, RIM Conference, Free and Open Source Meet (FOSS Meet), etc. Open source contributions to technological innovations in the domain of Identity & Access Management and Enterprise Mobility are plentiful.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Consultant

Responsibilities:

• SAP IDM 8.0 Upgradation in parallel upgrade mode
• New and better workflow integration
• Active Directory Integration
• Business Role Design
• Provisioning migration from old to new system
• Change Management for old to new system
• Re-vamped all JML processes
• Go-Live with 7000 users
• Training, Documentation and Support hand over to a team of 4 administrators

Confidential

Sr. Consultant

Responsibilities:

• Non SAP IdM Integration
• Connectors for WorkDay, Salesforce and Concur
• Reporting - User Access Review, Business Role Review, User Life Cycle, System role distribution.
• SSO with Ping Identity for SAP and non SAP applications
• SoD function analysis for non-SAP systems for SAP IdM
• SAP GRC Integration
• BPC, RTR and MTO Access Review and Access Request custom built on IDM - Table Based Security.
• Export Control Regulations Access Review and Access provision
• AWS IAM Integration with SAP Identity Management

Confidential

Implementation Lead

Responsibilities:

• Build Company Diretory, VPN over VPC.
• Application Cluster, CDN (CloudFront and S3) and Failover Landscape with Redshift and RDS. Site - to Site VPN with AWS. SES and Topic and Queue Management System IAM Integration with Directory Service Continuous Integration of Java based product with CodeBuild and CodeDeploy DNS Management with Route 53 Reverse Proxy Setup with WAF Protection for web application

Confidential

Project Manager & Principal Architect

Responsibilities:

• SAP SSO with Netweaver SSO
• Kiosk based SSO
• SSO over VPN
• SSO for laptops
• SSO for SAP GUI, NWBC, BI/BO
• SSO with Active Directory Federation Services

Confidential

Project Manager and Principal Architect

Responsibilities:

• Requirement Analysis for the whole SAP landscape for identities of 3 types - store employees, corporate employees and warehouse employees
• Automatic hiring procedure for non-employees via portal through an approval workflow.
• Automatic exit of employees
• GRC Integration for SoD, Risk Management
• Reports for Identity life cycle
• Self Service Password Reset (per system)
• Job Role Mapping
• 2-Factor Authentication TOTP, Custom 2 Factor Authentication.
• Mobile SSO for FIORI
• SSO Implementation for 3 third party vendors with SAML and SAP Netweaver SSO.
• OAuth Integration with 1 third party vendor
• Integration with UPS, Cadence, QuikQ, TMW (3rd party vendors)
• Customer Portal with 200,000 identities (external facing) and provisioning capabilities to custom systems based on web service.
• SAML Integration for SAP BI
• Archibus Integration
• HANA Integration

Confidential

Principal Architect

Responsibilities:

• Requirement Analysis for the whole SAP landscape for identities of 3 types - store employees, corporate employees and warehouse employees
• Automatic hiring procedure for non-employees via portal through an approval workflow.
• Automatic exit of employees
• GRC Integration for SoD, Risk Management
• Reports for Identity life cycle
• Self Service Password Reset (per system)
• Upgrade path to IdM 8.0 (Rampup)
• Provision mobile users in such fashion that users get ready access to their devices

Confidential

Project Manager and Principal Architect

Responsibilities:

• Requirement Analysis for the whole SAP landscape for identities
• Automatic hiring procedure for non-employees via portal through an approval workflow.
• Automatic exit of employees
• GRC Integration for SoD, Risk Management
• Reports for Identity life cycle
• Self Service Password Reset

Confidential

Principal Architect

Responsibilities:

• Implemented GRC AC 10.1 AC and workflows for process automation
• SOD reviews supporting Production requirements and project releases
• Report matrix on all security domains
• Implementation of SAP IdM 7.2 and integration with SAP GRC 10.1
• Implementation of SAML Enterprise wide Identity Provider

Confidential

Enterprise Security Architect

Responsibilities:

• Evaluated needs of new modules - SRM, MAM, MoC, GRC
• Evaluated NWBC rollout to all desktop users
• Evaluated SoD and existing user base and upgrades for HANA as necessary
• BI/BO security best practice implementation across the board
• Role re-evaluation and cleanup
• Security evaluation for BPC and GRC 10.0

Confidential

Project Manager

Responsibilities:

• Started with a fit-gap analysis and found the gaps of the requirement and finalized all requirements with the Office of the CIO and proposed an Agile Project Model where the visibility of progress is more then conventional approach.
• Trained a team of 6 who work in the company and would be a part of my team to implement IdM.
• Developed a few custom connectors to provision to the entry card system and the in-house system from IdM.
• An existing development based on ASP.NET was used to connect to the REST API of the IdM server to request provision of roles and users. TIBCO was used as an intermediate bridge between IdM REST API and the ASP.NET application
• 11 SAP servers were added to the IdM Landscape in a phased manner and the AD users were finally provisioned by IdM.
• Workflows were established for approvals and a pre existing GRC system was used to analyzed contents of ABAP roles before assigning to a user
• Sizing was accomplished and a Fault Tolerant and load balanced server for IdM was built including a DR site.

Confidential

Project Manager

Responsibilities:

• All SAP Production systems needs to be SSO enabled for SAP GUI.
• There should be a choice of enabling or disabling the option of SSO from a portal for specific systems.
• The user at times has more than one user on one system. That case should be handled accordingly.
• The users should be able to do password logon as well if SSO is disabled by choice.
• Non-AD users and non-employees should not be able to SSO.
• All 30,000 AD users information should be reconciled before rollout.
• Rollout and training to end-users should be done in a phased manner.

Confidential

SAP IAM Architect

Responsibilities:

• Existing BMC Control SA with 120,000 identities to be upgraded 7.2
• New systems to be added to IdM - Lotus Notes, 2 new SAP production servers
• Addition of automatic AD group assignment and SAP role assignment based on username format
• Addition of automatic revocation of rights based on HCM personnel status
• Lotus Notes account to be deleted after specific days based on position obtained from HCM
• VIP members shouldn’t get any email notifications
• Username should be changeable according to the process of the company
• Introduction of Kiosk users who has 1 portal user and 1 SAP user and self-service password change options.

Confidential

Project Manager & SAP IAM Architect

Responsibilities:

• Netweaver SSO is be implemented for 12 production server and 200 VIP accounts to be SSO-ed
• Users needs to have a choice of SSO, if needed they need to be able to switch off SSO for a particular server
• Users need to be still able to login with username and password when SSO is disabled
• In case a new user is added to the list of SSO enabled user, an automated email should be fired to the user mentioned easy to follow steps in order to facilitate SSO.
• SPML to be used to SSO to web services using Kerberos tokens issued by Microsoft Active Directory.

Confidential

Principal Architect

Responsibilities:

• Implement MAM with integration to SAP ECC.
• Implement ITS SSO over Kerberos in Windows to Single sign on Windows users over Intranet and VPN to access ESS/MSS

Confidential

Principal Security Architect

Responsibilities:

• An application to be built on Sales Force App Suite needs to be connected to SAP without providing username and password.
• The SAP Application needs to trust the Sales Force Application and allow the connection to be established over SNC without a user name and a password from a designated IP address and a designated encryption using a specific private key.
• The complexities of the connection needs to be behind the screen and the user will be asked whether the SAP server can trust the Sales Force Application or not.
• The configuration should also be possible at design-time and run-time.
• This was implemented for Overcast, a famous Cloud Integration Platform listed by Gartner.

Confidential

Principal Architect

Responsibilities:

• The users of the company needs to access ESS and MSS over ITS Server.
• The ITS service accessed over IE browser shouldn’t ask for password when accessed via a domain registered computer.
• The same should be applicable for VPN users as well.
• When a user doesn’t use a domain logged on user, the IE browser should redirect to the standard SAP authentication page.
• The servers are all in AIX and they are to be rolled in 3 servers.