SUMMARY:

• Having 8 years of SAP HANA, SAP Fiori, SAP R/3, ECC 6.0, SAP BI, SAP BOBJ, SAP Bank Analyzer, SAP CRM, SAP HR, SAP BPC 10.0, SAP Portal Security experience, Central User Administration and Experience in GRC AC 10.1, 10.0 & 5.3 components.
• Worked in Successful completion of three End to End full life cycle security implementations and various roll - outs / deployments and upgrades for major clients in the industry for Finance, e-commerce, Manufacturing, Pharma, Retail, Oil & Gas industries.
• Hands on experience in SAP Security End-to-End Implementation of ECC modules, HANA, Bank Analyzer, BI and GRC 10.1.
• Have performed all SAP authorization related activities with well - equipped knowledge of User administration, Profile maintenance, Transport management, Trouble shooting and with an excellent understanding of Sarbanes-Oxley Act and SOD compliance.
• Under GRC Access Control have implemented all four modules (ARA, EAM, ARM and BRM) .Did the SPRO settings along with the functional consultant, set up configuration for AC setup the task specific customizing and configurations for MSMP and defined Condition types and defined the BRF+ workflow while setting up BRM.
• Designed and implemented security analytics solution in HANA database for sophisticated reporting of data.
• Very good understanding and exposure to SAP S/4 HANA, SAP BW/4 HANA Analytics Security.
• As part of implementing BI 7.3, created a matrix of restrictions to be imposed at data level of the business, created Analysis Authorizations and restricted users as per the client specific requirements.
• Role and complete authorization design including SOX and Segregation of Duties. With the help of Risk Analysis in GRC, involved in performing internal/external audits with consultants from top audit firms.
• Performing GRC UAR and semi-annual SOX audits, including SAP user licensing.
• Supporting Project (creation of bulk user, Support and test ID’s, roles. Adding T codes, custom T codes, Authorizations) Updating the Specification for any change with the proper approvals from central role owners.
• Proficient in analyzing and translating business requirements to technical requirements in SAP.
• Superior Communication skills, strong decision making skills, Organizational skills, and customer service oriented, comfortable working in a fast-paced, hands-on, growth oriented environment.
• Hand on experience with implementation of SAP HANA, SAP FIORI and SAP BOBJ.
• Implementing HANA security at data level using analytical privileges.
• Hands on experience in SAP Security Implementation of ECC modules like MM, SD, FICO, PS, QM, SM, PLM, VMS, WM, Java stack of SAP ME, MII.
• Experience in implementing SAP BI 7.3, Business Objects BOBJ 4.0
• Designed and implemented security analytics solution in HANA database for sophisticated reporting of data.
• Creating Analytical privileges and scripted calculation views for row level security and data masking in HANA DB.
• Implemented folder level security for BOBJ and restricting on applications.
• Use of SAP FIORI catalogs and catalog groups and design the required roles for accessing FIORI tiles.
• Executed license measurement using SLAW, USMM.
• Experience in support of SAP CRM and ECC systems for Profile Maintenance and User administration involving creation/deletion/locking/modifying users.
• Experience in redesigning of the SAP roles based on the SOD violations.
• Creating, modifying and assigning roles, Restrict access at field level, T-code level and Authorizations level using Profile Generator Tool (PFCG).
• Troubleshooting user missing authorizations using SU53 and ST01. Assigning missing authorizations as per the user’s requirement.
• Designing of Authorizations based on the Industry Business Hierarchy .
• Creating Analysis authorizations in SAP BI and assigning to specified roles. Support for the BI authorization issues.
• Extensive use of RSECADMIN, RSA1 for analysis authorizations and Info providers.
• Experience in creating and assigning roles and groups as part of Identity management in SAP Netweaver portal.
• Monitoring the critical transaction codes and ensuring that they are assigned to the concerned users only.
• Generate security reports for Critical transactions and Objects and for users who never logged on.
• Transporting the generated roles and profiles using STMS.
• Worked with User Information System, creating and changing users and assigning roles to users.
• Created users and maintained user master and established security policies and procedures.
• Configured Central User Administration (CUA).
• Used CUA to maintain users (Creation, deletion, locking etc).
• Assigning firefighter access to users and Generating Log report for Firefighter Ids in Production systems.
• Maintaining SAP Check Indicator Defaults and Field values thus reduced the scope of SU24.
• Maintained table security using authorization groups.
• Good working knowledge of AGR* tables.
• Worked on MDM security for creating users and assigning the necessary user groups, assigning roles to the groups.
• Creating test cases for the business scenarios and uploading into HP ALM tool.
• Worked for integrating the automated provisioning/de provisioning of users using ORACLE IAM.
• Worked on ticketing tools like Remedy and ITSM to resolve the issues & problems in different kinds of Sap Security modules.
• Collaborate with other team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the Client requirements.

TECHNICAL SKILLS:

ERP Applications: SAP R/3, SAP BI 7.3, ECC6.0, GRC 10.1, 5.3, SAP CRM, SAP BOBJ, SAP FIORI, SAP HR, SAP ME, SAP Portal, BPC 10.

Operating System: UNIX, Linux, Win 2000/2003/NT 4.0

Database: SAP HANA SPS 12, Oracle 11g, MS-Access, MYSQL

Tools: Remedy, ITSM, MDM, ControlM, HP ALM, IDM.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. SAP Security Consultant

Environment: SAP HANA, SAP BA, SAP BOBJ, ECC 6.0, GRC 10.1, SAP BI

Roles And responsibilities

• Full life cycle design and implementation of SAP HANA, BI, BOBJ with ECC component, SAP FIORI and integrating the systems with GRC 10.1.
• Designed and implemented security analytics solution in HANA database for sophisticated reporting of data.
• Using Analytical privileges and building column level security for restricting users to specified countries and legal entities.
• Created scripted calculation views for data masking of specific columns containing super sensitive business data.
• Created SQL scripts for mass user administration.
• Defined audit policies in HANA database in conjunction with business requirements and created an automated procedure by integrating with Control-M for monitoring the audit logs.
• Implemented single sign on and restricted user concept for reporting users accessing the reports through BOBJ 4.2
• Using HANA Administration console for session administration and trace administration.
• Making use of HANA web IDE for creating design time/ repository roles with lowest level of segregation of access and used HANA application life cycle management for transporting the roles in HANA.
• Creating delivery units and bundling up the packages in the delivery units for transports to the target environment.
• Use of SAP FIORI catalogs and catalog groups and design the required roles for accessing FIORI tiles.
• Designed and implemented the model for GRC 10.1 integration with ECC, BW, Bank Analyzer, HANA, Gateway systems.
• Implemented business role concept in GRC 10.1 for simplifying the user provisioning.
• Making use of composite roles in GRC 10.1 for using UAR and Configured Firefighter for business use.
• Creating multiple MSMP workflows with different stages in the path specific for the projects requirement.
• Using BRF+ for configuring the decision table
• Creating access control owners and setting them up as Role Owner, Mitigation Approver, Mitigation owner, Risk Owner, Firefighter Owner, Firefighter approver based on the requirement.
• Created Analysis Authorizations and menu based roles in BI to be integrated with BOBJ system for reporting.
• Performed EAM administration which includes FFID Owners, Controllers, Firefighters and firefighter ID table mappings validity based on business request.
• Create, develop, implement and maintain the SAP security processes and policies as required. Help & educate business group on best practices of SOX and audit controls.
• Implement SOX compliance controls, Security configuration standards& monitor
• OSS Operations Support System Management for project requirements including OSS ID administration, issuing developer keys.
• Worked on role remediation with Business teams and involved in removing the transaction codes from the roles and restricting the objects at the authorization object level.

SAP Security Consultant

Environment: ECC 6.0, GRC 10.1, SAP BI, HANA, BOBJ, SAP SRM, Portal

Roles And responsibilities

• Involved in Blueprint, Requirement gathering, Design, Development, and Maintenance of SAP application security and SAP roles.
• Worked on creating roles and necessary privileges in SAP HANA for BI.
• Implemented folder level restrictions in SAP BOBJ 4.2, maintained folder level security and transports using promotion management.
• Creating and monitoring multiple MSMP workflows with different stages in the path specific for the projects requirement.
• Created Analysis Authorizations and menu based roles in BI to be integrated with BOBJ system for reporting.
• Simulate users before actual assignment in SAP. SOD violations found need to be mitigated by using Mitigation Control Document.
• Assign firefighter Id’s to support users in order to resolve provisionally broad issue. SAP ARA: SPRO Configuration: configuration parameters, background job syncs, SOD Rule generation, batch risk analysis, Alerts.
• Creation of access owners; creation of FF Id, Assign owners / controllers / fire fighters to FF Id, monitoring of FF logs, consolidated Log Report.
• Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations (Risk).
• Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
• Producing SoD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using Risk Analysis and Remediation /Compliance Calibrator.
• Performed UAR reviews, SOX audit and license administrations using USMM and SLAW.
• Created automated scripts using LSMW and SECATT.
• Use of SAP FIORI catalogs and catalog groups and design the required roles for accessing FIORI tiles.
• OSS Operations Support System Management for project requirements including OSS ID administration, issuing developer keys.
• Worked on role remediation with Business teams and involved in removing the transaction codes from the roles and restricting the objects at the authorization object level.
• Through knowledge of SOX compliance and best practices in SOD remediation. Streamlined the User Access Request process by clearly defining the appropriate access for each functional team.

SAP Security Consultant

Environment: ECC 6.0, GRC 5.3, SAP CRM

Roles And responsibilities

• SAP Security Implementation of ECC modules like MM, SD, FICO, PS, QM, SM, PLM, VMS, WM, Java stack of SAP ME, MII.
• Creating, modifying and assigning roles, Restrict access at field level, T-code level and Authorizations level using Profile Generator Tool (PFCG).
• Worked on SAP check indicator defaults and field values using transactions SU24 and maintained check indicators for Transaction code during testing. Worked closely with ABAP team for Authority Check Statement maintenance.
• Orientation and knowledge transfer to new hires and building new client support teams.
• Designing of Authorizations based on the Industry Business Hierarchy.
• Creating and uploading roles, uploading authorizations in SAP GRC.
• Creating user access request through GRC CUP up on the request.
• Created UME role for users, approvers, admins and IT team in GRC.
• Importing Roles in to GRC CUP with respective to Functional area.
• Creating Fire Fighter (FF) ID’s, tagging users ID to FFID’s. Daily monitoring usages of FF and reviewing the respective approval mails from controller of FF ID’s. Working on Trace (ST01) resolving query, if any
• Analyzing the issues in SAP GRC systems for RFC connections, Background jobs.
• Created Business process, functions, risk, rules and generating rules sets.
• Creating test users and maintaining their authorizations for the client to perform SIT and UAT.
• Creating Analysis authorizations in SAP BI and assigning to specified roles.
• Experience in creating and assigning roles and groups as part of Identity management in SAP netweaver portal.
• Creating test users and maintaining their authorizations for the client to perform SIT and UAT.
• Providing Hyper-Care support post Go-live.

SAP Security Consultant

Environment: ECC 6.0, GRC 10.0, SAP Portal

Roles And responsibilities

• User Maintenance (User creation / Deletion / Lockdown / Activation/ Password Management).
• Creation and maintenance of roles using PFCG.
• Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
• Created security reports for critical transactions and objects and for users who never logged on.
• Checking the missing Authorizations using SU53 and ST01.
• Effectively analyzed trace files and tracked missed authorizations for user’s access problems and inserted missing authorizations manually.
• Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards
• Used STMS system to transport the objects from Development to QA and then to Production
• Worked with functional team leads to define the new transactions.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Documented the procedure for all SAP tasks process and controls. Resolving critical helpdesk issues within SLA.
• Functioned on security tickets and satisfied the client by reducing the ticket volume to a manageable number.

SAP Security Consultant

Environment: ECC 6.0, GRC 5.3

Roles And responsibilities

• Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations (Risk).
• Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
• Performed remediation and mitigation against various risks associated with roles and users. ARA has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change.
• Make use of Role Creation Role Change Request form in order create a new role or make changes to an existing role; Change Request Board approvals mandatory for transports. Simulate the role using GRC before moving the changes to quality environment.
• Working with profile generator (PFCG) in creating Single roles, composite roles and derived roles.
• Working on Role enhancement requests as per the business requirement.
• User Administration includes user creation & modification in Dev, Quality & Prod systems.
• Applying the system trace ST01 and SU53 to identify and resolve authorization issues for end users.
• Terminating users on disable access date as per the request.
• Utilized SU24 to maintain authorization checks for various T-codes.
• Reconciling user master records by running PFUD.
• Using CATT Scripts for creation of mass users.
• Resolving CUA problems & maintaining CUA settings as per the requirement.
• Creating the fire fighter ID & maintaining all the relevant FF tables.
• Monitoring inactive users and locking inactive users in production system.
• Working on User Administration part in EP system.
• Assigning groups in EP system and also worked on active directory.
• Made sure that user id is mapped properly in EP system.

SAP Security Consultant

Environment: ECC 6.0

Roles And responsibilities

• User Maintenance (User creation / Deletion / Lockdown / Activation/ Password Management).
• Creation and maintenance of roles using PFCG.
• Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
• Created security reports for critical transactions and objects and for users who never logged on.
• Checking the missing Authorizations using SU53 and ST01.
• Effectively analyzed trace files and tracked missed authorizations for user’s access problems and inserted missing authorizations manually.
• Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards
• Used STMS system to transport the objects from Development to QA and then to Production
• Worked with functional team leads to define the new transactions.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Documented the procedure for all SAP tasks process and controls. Resolving critical helpdesk issues within SLA.
• Functioned on security tickets and satisfied the client by reducing the ticket volume to a manageable number.