SUMMARY:

• 16 years of experience in SAP Security, GRC
• I’m a senior SAP Security specialist with experience in SAP Security for Confidential ERP, HCM and BI, BPC, SAP NW IDM 7.1/7.0, CRM, SRM, NetWeaver Portal and SAP GRC 10.1 Access Control including three implementations, SAP Security Upgrades and multiple SAP Security Support projects. Strong experience in security architecture, strategy, design and implementation, eCATT for mass security tasks, CUA configuration and set up, SAP HCM/ Confidential - Structural Authorizations, SAP BI 7.0/ BW 3.5 Migration and Implementation of SAP GRC Access Control 10.0, 5.3(including Access Risk Analysis (ARA), Access Request Management, Emergency Access Management (EAM/Firefighter) and Business Role Management).
• My other specialties include SAP security assessment and redesign, SAP NetWeaver Identity Management(IDM) 7.0/7.1, Org. Structure/Position based security design, XI, Solution Manager, CRM 7.0/2007, BI 7.0 Analysis Authorizations, BW, Portal, ESS/MSS, SRM, SSO configuration through multiple mechanisms(SNC, SAP Logon tickets & SSL/X.509 certificates), SOD evaluation and Audit systems implementations. I’m experienced in all phases of the project life cycle including scoping, planning, upgrading and implementing SAP Security. I've worked as SAP Security Team lead for large Beverages, financial, engineering, technology, education and public sector Companies as well as consulting companies and have conducted several SAP full life-cycle implementations, has delivered superior solutions in high-pressure environments with tight timelines.
• End-to-end experience of GRC Access Control 10.0 implementation including its technical aspects, Migrating/upgrading from earlier GRC versions to version 10.0.
• Has worked as Team Lead on multiple full project life cycle projects as well as several support and upgrade projects.
• Experienced in SAP Confidential, ERP, SAP Security, SAP-WAS, SAP HCM/ Confidential & Payroll, SAP NetWeaver Portal, SAP Confidential 6.0(SD/ MM, PP, WM, FI/CO, Confidential ), 5.0 R/3, 3.1i, 4.6B, 4.6C, 4.7, CRM 2007, SRM, PI/XI, ESS, MSS, NetWeaver Identity Management(NWIM) ver 7.0, SAP GRC Access Control, Windows Server 2003 Active Directory and its Security, LDAP, Confidential .

PROFESSIONAL EXPERIENCE:

SAP Security Solution Architect

Confidential, Greater Atlanta Area

Responsibilities:

• Implement and deploy Security to SAP systems
• BW security development for operational reporting supporting granular multi-dimensional, drillable operational reports and charts for the bottlers.
• BW security development for information exploration project.
• Security design and development for SAP Business Objects.
• Design and delivery of BIG major and minor releases, special projects and off-releases in accordance with defined Demand & Release Management processes
• Deployment of CokeOne+ solution to BIG Bottlers.
• Audit Remediation work
• Landscape Management, including upgrades, refreshes/builds and EWR reports
• Knowledge transfer to BIG team members and bottlers
• Provide thought leadership, solution architecture, and design for the Security Solutions
• Governance of template and local change requests
• Functional and Technical Documentation of design, processes and procedures
• Ensures the solution is in compliance with related Confidential standards
• Confidential Structural authorizations.
• Sarbanes Oxley and Segregation of Duties management.
• Project Management.
• Leading and coordinating across diverse teams to achieve desired outcomes.
• Use transport management system in complex environments.
• Understanding of key enabling technologies that support business processes.

SAP Security Consultant

Confidential, Greater New York City Area

Responsibilities:

• Establishing and maintaining user rights, system access and authentication within Belden’s SAP environment
• Oversight and administration of SOX compliance within Belden’s SAP environment
• Development and administration of SAP security and authorization processes and documentation
• SAP security administration and support with SAP R/3 4.6c/4.7 Confidential 6.0, SAP HCM and NetWeaver Process Integration (PI).
• SAP project management.

SAP Security /GRC Administrator

Confidential, Greater New York City Area

Responsibilities:

• Administrator for global SAP implementation: End-to-End Full Life Cycle implementation including Confidential, FI,PS,BPC, CPM,BI et al; Production Support & Security Design and development of Security roles including derived/enabler roles based on Org Levels like company codes, profit centers, plants etc.
• Implement, configure, maintain and support the Governance Risk and Compliance (GRC) 10 suite of products.
• Contextual Structural Authorization for SAP HCM Security.
• Support SAP Confidential, BI, BOBJ, SAP BPC 10.0, Solution Manager and NW Portal systems.
• Transaction Authorization, Analysis/Reporting Authorization

Sr. SAP Security/GRC Consultant

Confidential, New York, NY

Responsibilities:

• Configured Security roles for SAP Confidential, SRM, SUS, BI & BOBJ, Portal and Solution Manager.
• Processes included in the implementation are: RTR, PTP, OTC and also Confidential (for SAP Confidential mini-master only).
• Configured and implemented SAP GRC Access Control 10.0 including GRC Access Risk Analysis, Emergency Access Management and Access Request Management.
• Also interacted with Compliance/Audit to insure successful audits.

Sr. SAP Security Architect

Confidential

Responsibilities:

• Global SAP Confidential security design and architecture: The Company operates internationally in Europe, Asia and Australia.
• Creating security roles and users
• User authorizations and administration
• System access
• Central User Administrator
• Support specialized areas of SAP Security:

Confidential

Responsibilities:

• Design and set up SAP CRM Security Business roles and PFCG Roles for WebUI users.
• Knowledge of security-related information, technology products and services that relate to the business needs of Turner Construction.
• Maintain up-to-date documentation of all SAP security configurations, policies, and procedures.
• Assist in developing and enforcing Turner Construction and Technology Services policies, procedures, and standards.
• Configured and implemented Single On(SSO) for three use cases:

SAP Security Technical Expert

Confidential, Bentonville, AR

Responsibilities:

• SAP security administration, maintenance and role design.
• Set up custom organizational level authorization fields and derived role design and maintenance.
• Troubleshoot and resolve SAP security issues in a support and/or testing circumstances.
• Work with the business to understand SAP security requirements, and be able to provide technical solutions.
• Configure GRC toolset (RAR, SPM, ERM and CUP modules).
• Recommend, implement and assure compliance with policy and procedures affecting the SAP environment on a government and company level.
• Support SAP system security internal and external audits.
• Set up SAP security processes, policies, and standards ( Confidential and BI 7.0, PI or Portal).
• Design BI 7.0 security and the analysis authorizations.
• Configure CUA environment and support it.
• Excel and Access database manipulation for Role Manager.
• Knowledge of basic business operational models to facilitate discussions with business teams.

Confidential

Solution Manager

Responsibilities:

• End - user/Support Role Maintenance
• Role Unit Testing/Transport
• Documentation
• SAP GRC Access Control Suite (ACS) Maintenance & Operational Activities
• Risk and Remediation (RAR)
• Compliant User Provisioning (CUP)
• Superuser Privilege Management (SPM)
• Non-Production Support ( Confidential, BI, PI, EP, ACS, CUA, Solution Manager)
• User and Role Maintenance
• Monitoring and Simulation
• Experience in configuring, implementing, updating and supporting the SAP GRC Access Control suite version 5.3: Risk Analysis and Remediation (RAR),Compliant User Provisioning (CUP), Enterprise Role Management (ERM), Superuser Privilege Management (SPM). Technical expertise in implementing SAP GRC with an enterprise-wide scope and design of new SAP roles and the redesign of existing SAP roles to reduce the risks associated with segregation of duties(SOD) issues. Ongoing maintenance of the software configuration within the SAP GRC Access Control application. Review and deployment of service packs that are released by SAP for SAP GRC Access Controls. Working in conjunction with other support organizations to address any database or performance issues for the SAP GRC Access Controls suite of products.
• Daily monitoring of jobs that are necessary for the GRC application(s) to run effectively and efficiently, for example nightly management risk analysis reporting. Experience with development of GRC Security Strategy as applicable to SAP application suite.

SAP Security Consultant

Confidential, St Louis, MO

Responsibilities:

• Role Development for SAP Confidential (including PA, PD, Time Management, Payroll, Benefits and WFM), FI, BI 7.1, Portal and XI/PI including table Security and custom authorization design, SAP Security architecture design. Implemented Confidential Structural Authorizations using the Context solution. Strong understanding of Confidential Master Data Elements and Confidential Organization Management.
• Configured and administered SAP GRC Access Control 5.3(RAR, CUP and SPM).
• Configured custom rule set for Brown Shoe in RAR, also configured CUP as per the workflow requirements of the customer including creating Entry types, stages, paths and Custom Approver Determinators(CAD).
• Designed and implemented CRM 7.0 security business roles, Extensive working knowledge on SAP CRM ACE (Access Control Engine) Security model and programming, Customer Interaction Center (CIC).
• Implemented SAP Netweaver Identity Management 7.1(IdM) across a diverse IT landscape including all SAP systems (HCM, FI, BI and Portal), GRC as well as non-SAP systems: MS AD, MS Exchange and IBM iSeries etc., Installation on various components of NW IDM: VDS, IC, Web UI etc. Set up SAP NW IDM Virtual Directory Server (VDS) to load data from SAP Confidential .
• Set up NW IDM Provisioning framework using NW IDM Identity Center
• Scripting in JavaScript and VBScript for custom IDM IC passes.
• NW IDM integration with SAP GRC Access Control CUP.
• BI 7.1 Security design for End user, Power users and administrators; role and analysis authorization development. Generation of BI analysis authorizations through RSECADMIN transaction using structural authorization data extracted from data sources in the HCM Confidential system for MSS and WFM users.
• Designed and developed security for BOBJ Crystal Reports and for BusinessObjects XI 3.1 integration with SAP BI. Knowledge of Business Objects Enterprise, Crystal, WebI, XCelsius, Voyager, Explorer.
• Security design for MSS/ESS, Confidential, Portal, WFM, Confidential reporting security design.
• Supported the implementation of SAP FI and HCM in a position based security environment.
• Supported Go-Live activities related to user provisioning, security role development, configuration of GRC Super-user roles and structural authorizations.
• Development of SAP Portal Security and the role design and testing of SAP Structural Authorizations related to WFM and MSS.
• Created SRM 7.0 (EBP, SUS) roles as per the business requirements:
• Table Security and Custom authorization design, Confidential custom Objects (custom infotypes) and ALE Model data interface design.
• Responsible for Security Configuration, testing, and overall project support up to go live.

SAP Security Architect/ Lead

Confidential, Piitsburgh, PA

Responsibilities:

• FICO, Logistics (Sales and Distribution, Materials Management, Production Planning, Warehouse Management), HCM, CRM 2007 and BI 7.0/BW.
• Developed and implemented improved policies and procedures, implementing best practices solutions for SAP Security change management IT controls to support SOX compliance standards, requesting changes, testing and transporting SAP Security roles to production environment.
• Spearheaded and successfully implemented ongoing SOX and ISO 27000 Compliant Security Solutions designed to balance support of production processes, and governance and audit requirements, improved processes and procedures.
• Design and implement comprehensive Identity Management program that supports Fuji standards and procedures across all environments.
• Developed SOX Sec 404 compliant security solutions designed to balance support of production security processes and governance and audit requirements: Installed and configured SAP GRC Access Control v 5.2 including Risk Analysis & Remediation formerly Compliance Calibrator, Compliant User Provisioning formerly Access Enforcer, Superuser Privilege Management formerly Fire Fighter and Enterprise Role Management formerly Role Expert and upgrade to version 5.3:
• Evaluated and implemented ways to mitigate the current risk, modified existing Fire Fighter Ids, did updates/changes to IT User Roles.
• Developing security processes and procedures associated with the Fuji application landscape.
• Designed current IT user access and how IT users gain access to the system with SAP NetWeaver Identity Management 7.0:
• Worked on SAP Identity Management 7.0 deployment based on an SAP HCM ABAP as the identity source use case. IdM- GRC integration initiative.
• Developed IT security requirements for Identity Management specifically focused on the capturing repositories details and the provisioning framework.
• Transitioned SAP CUA to SAP NW Identity Management solution.
• Upgrade and Migration of SAP BW 3.5 Security to BI 7.0 Analysis authorizations:
• Conversion and activation of custom objects to analysis authorizations.
• Proficient in use BI 7.0 Analysis Authorizations creation and implementation tools: RSD1, RSECADMIN, RSEC MIGRATION.
• Involved in appropriate profile mappings, role assignments and testing through the BEx analyzer.
• PD profiles and BI structure security and authorization design.
• Structural authorization BI analysis and BI structure conversation.
• Troubleshoot client’s issues on new analysis authorizations and concepts around security.

SAP Biller

Confidential

Responsibilities:

• Worked with the SRM business team to prepare and maintain role matrices and user mapping matrix.
• Created EBP, SUS roles and Involved in troubleshooting roles, identified missing objects, arranged the menu structure as per the business requirements and tested roles. Worked with the SRM configuration team in building, testing and implementing the roles Created Users in the SRM environment using the web browser using transaction BBPUSERMAINT. Created SRM users using the transaction SU01 and Assigned the user to Organizational hierarchy for SRM Team members through USERS GEN.
• Continued SAP security support of SAP environment for Fuji including: security development, incident monitoring, trouble shooting.
• Extended Computer Aided Test Tool for automating security tasks and user management, Access Review, Groups Creation/Modification, Authorization Traces and Troubleshooting. Configuration of Single Sign-On with Microsoft Kerberos, LDAP/ Microsoft Active Directory, supporting production environments, designing SAP security and in advising team on Security issues. Experienced in developing testing protocols, process control and tracking documentation.

Confidential, Pittsburgh, PA

Security Team Lead

Responsibilities:

• Worked as SAP Confidential and Approva Bizrights Security Specialist: Confidential, a major multinational corporation has implemented SAP HCM/ Confidential (version 2005).
• Design and set up HCM Security Roles, Profiles and Confidential Structural Authorizations and test all security development through Integration Testing, Parallel Testing and Go Live. Use Approva Bizrights to make this system SOX/SOD compliant.
• Created new Connectors and assigned mitigating controls.
• Coordinated the implementation and acted as SAP Security Subject Matter expert for BA's and BPO's.
• Performed SAP Security Administration functions
• Creating new Roles, Modifying existing Roles, User Administration using Solution Manager.
• Solved production authorization problems by analyzing user buffers.
• Supported Security around SAP Confidential / SCM and CRM modules.
• Assisted in conducting gap analysis between business requirements and SAP’s available features.

Confidential, Cincinnati, OH

implementation consultant

Responsibilities:

• Build and maintain SAP user profiles/ PD Profiles across the SAP Landscape including ESS/MSS, and provide authorization consulting support to project and business managers.
• Design and Implement Confidential Structural Security and standard security for R/3 and MSS, including contextual structural authorizations, Confidential Switch (AUTHSW) activation.
• Create and change User IDs as requested by FICO and Confidential business owners
• Assign users to existing security profiles and activity groups.
• Generate transports for security to move profiles and activity groups to the proper clients. Performs security infrastructure support in Dev, QA and production environments. Responsible for solving highly technical and complex problems across the SAP landscape as it relates to security authorizations.
• Recommends improvements to strategy, application usage, or process, applying knowledge of the business processes in various functional areas with overall security requirements Used ECATT and CATT to do scripting for mass changes.
• Preparation for ESS rollout, provide on-call Support/coverage as per the schedule.
• Prepare SAP Security Documentation, define procedures & SAP Security policies for UCFlex.
• Create/ refine Support roles for Basis, Security, Portal and roles for Payroll, Confidential and ESS.

Confidential, Islandia, NY

SAP Security Administrator

Responsibilities:

• Evaluation of business processes.
• Work with the business functional teams, supporting teams and Internal Audit to create security roles according to a designed strategy to prevent the introduction of SOX compliance violations.
• Implemented Single Sign On (SAP Logon tickets, X.509 certificates) with SAP ERP, BW, CRM and non SAP systems, user mapping and integrated Microsoft Active Directory Server with ePortal.
• Designed high-level strategy for SAP Security (Architecture).
• Deployed Central User Administration (CUA) on SAP ALE functionality.
• Distributed user master records, including migration of existing users
• Implemented Confidential PD Security using Structural Authorizations: Used knowledge of Confidential concepts, infotypes, transactions, Organizational Management etc. for Confidential Security Model, ESS, MSS and Portal Security.
• Ensure SAP Sarbanes-Oxley (SOX) compliance by configuring and using Virsa Access Controls Suite: Compliance Calibrator 4.0, Firefighter, Access Enforcer.
• SAP BW Administration: BW Security workbench- BW Info cubes, Info objects, Hierarchy, Variables, Update and transfer rules, Info Areas, Info object catalog.
• Review critical and sensitive authorizations, implement improvements to meet audit requirements, used Audit Information System.
• Implemented SAP CRM 4.0 and SAP SRM Security.
• Used Mercury TestDirector and eCATT scripting for security testing and tasks.
• Implemented MSS and ESS security using Confidential Contextual Structural authorizations.
• PD and PA Switches (OOPS, OOAC), Created Organizational Plan (PPOM OLD/ PPOME), Personal Master Record (PA40), User ID (SU01, SU10), Info type 105(PA30), Structural Authorization Profiles (OOSP, table T77PR), Tcode OOSB, table T77UA, Infotype 1017 (PO10/ PO13), Assigned Structural Authorization Profiles to User I.D (SE38), Custom Evaluation paths(OOAW, table T77AW), Setup Regular security (PFCG), Create Evaluation paths, Setup Indexing.

SAP Security Administrator

Confidential, Woodbury, MN

Responsibilities:

• Worked on Security administration for over 2500 SAP R3 including Confidential, BW, BCS, SEM and Portal users in Development, Quality, Training and Production instances and provided developers key and reset the passwords. Did user maintenance (User creation /deletion /lockdown /activation /Password management)
• Production support for all SAP systems (R/3 4.5, Confidential 5.0 core components, BW 3.1, Confidential, Enterprise Portals 6).
• Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.
• Configured and implemented Central User Administration (CUA).
• Performed trouble shooting on R/3 security problems by using system traces.
• Created and maintained SAP Authorizations, User Master Records, Table authorizations, Authority checks, Activity group creation, and profiles.
• Implemented Confidential Structural authorizations.
• Working with the technical teams to design technical security including table, report and program interface security for the production environment.
• Documented SAP security policies and procedures for R3, as well as components like BW, BCS, SEM and Portal.
• Ran security reports for critical transactions and objects and for users who never logged on.
• Analyzed customer programs and transaction codes for authority checks.
• Coordinated the user account creation and termination policy with Human Resources and Operations.
• Worked with functional team leads to define the new transactions
• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules such as Confidential, MM, CO, AP, AR etc. in SAP Confidential 5.0.
• Hands-on security upgrade using SU25 and Profile Generator (PFCG)
• Secured roles by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization etc.
• Educated testing team about how to test security profiles.
• Implementation and on-going use of Virsa toolset.
• Used Virsa tools (VRAT/Compliance Calibrator 3.0, Firefighter etc.) for SOD analysis, handling SOD conflicts for users and creating and managing roles, also used in-house developed tools like SOD Matrices & SAP tools for analyzing SOD conflicts, T-code assignment to roles and roles assignments to users.
• Worked with process owners and users to complete authorization tasks and conform to SOD (Segregation of Duties) issues as well as the job role requirements.
• Assisted Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls, worked with the Security audit team.
• Work with Business specialists to help identify and understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts and participate in the mitigation of those conflicts.

Confidential

Environment: SAP R/3 on AIX 5 / WINNT

Responsibilities:

• The landscape includes R/3(Modules: SD, MM, FICO & Confidential ), EBP 3.5, ITS 4.6and 6.20,SAP Workplace 2.11, APO 3.0A, BW 3.0B, KW 5.2, SAP Solution Manager 2.1 and Oracle.
• Batch job Related: Setup, schedule and monitor batch jobs and interfaces, Analyze and create Batch job Triggers, Analyze the Batch jobs spills in production window, Investigation on Background Job Amends, Analyze and schedule jobs for Interface updates, Background Job Processing and Monitoring.
• Patching/spam and Setup ALE/RFC
• Goal of providing excellent system reliability, performance, high availability and overall optimized systems
• System monitoring/troubleshooting including Response Time monitoring,
• Also monitor System Locks & Waits, Database/SQL performance and ITS performance
• Monitor data interfaces: SAP to SAP and SAP to Legacy
• Printing administration/troubleshooting
• Security Issues, access problems
• Performance related queries support
• System Interfaces failure rectifying support
• Responsible for day to day systems administration
• Plan and perform SAP R/3 release maintenance, system refreshes, client-copies, & upgrades.
• Database administration using MS-SQL 7/8,
• Oracle release 8.1 and 9.2, backup/restore,
• Disaster recovery (using Oracle Recovery Manager scripts).
• Maintain Outbound file processing to Legacy system from SAP
• General SAP Security Support and troubleshooting.
• Setup SAP Central User Administration (CUA) and Single-Sign-On (SSO).

Confidential

Environment: SAP R/3 on HP UNIX

SAP- Basis Security Admin

Responsibilities:

• Study the functional/Process flow; regroup the functions by using the SAP best practices wherever applicable.
• Redefine their roles/authorization profiles by studying authorization objects and controls.
• Design and recommend users self - review report.
• Conduct Unit, Integration and User Acceptance Testing on the created roles and authorizations.
• Transports to QAS/PRD, Project management, Client interaction, presentations and user training.
• Post-Implementation Support.
• Work with function team to understand current Audit reports thoroughly.
• Study, review, enhance and recommend the security policies of PUB.

Confidential

Responsibilities:

• Design and implement policies and procedures to manage the creation of security roles and assignment of these roles to end users in order to:
• Ensure the proper authorization is received from the business owners.
• Prevent the introduction of Segregation of Duty issues with end users. Ensure Sarbanes-Oxley compliance with the established SAP Security model.
• Creating of Authorization objects, Classes, Profiles, Roles and Activity groups for HP systems, User Management/ administration, Creating Bulk Load users
• Maintenance of SAP security (roles and authorizations), and Users for OM Support.
• Segregation of Duties (SOD) check for creating/maintaining users.
• Transport management of fixes from development environment through to production.
• Analyze transaction/functional errors and help ABAP/4 team in resolving bugs.
• Setup Single Sign-On for SAP System users using their Windows/OS network IDs.
• SAP security auditing, Investigate on complex security issues.
• Accept trouble calls from Global business and system end-users.
• Provide implementation support for new deployments as needed.
• Provide operational support to the Application services team for Production issues.
• Assist with the coordination and testing of Security roles as a part of Integration testing.
• Provide functional direction to on-site & offshore contract security resources.
• Analyze security issues to root cause and resolve the issues within the set deadlines
• Adherence to the Service Level Agreement, Meeting deadlines to solve Priority 2/3 issues as per SLA.
• Provide support for periodic audits (internal, external)
• Initiated and implemented Process Improvement Plans (PIP) in the Project
• Internal quality and unit testing and handoff to the Project Manager.
• Recommend “workarounds” to Priority 1 and Priority 2 issues to allow business to continue operation, while root cause remedy is being determined and corrected.
• Participating in conference calls with clients/ HP Project managers for issues pertaining to tickets.
• Communicate to customers worldwide through emails.
• Ensure complete understanding of Remedy Quest and keep it updated.