SUMMARY:

• Over 14 years of progressive SAP security & GRC experience with a focus on managing rollout and operational initiatives.
• Completed multiple full life cycle implementations of GRC 5.3, 10.0 and SAP Security projects.
• Posses a proven ability to lead and manage cross - functional teams, delivering projects on time and within budget.
• Skilled at establishing priorities, meeting deadlines and coordinating functions that are vital in achieving objectives.
• Experience in handling comprehensive Sarbanes Oxley (SOX) compliant related requirements, including Segregation of Duties (SOD), Critical Authorizations and a variety of Security Audits.
• Have coordinated ongoing deployments of projects, ensuring compliance with security and design requirements.
• Able to manage SAP business controls, while designing/applying security development strategies for SAP modules.
• Have established relationships with business leaders to enhance understanding of strategies and priorities, including participation in business strategy, planning and leadership team meetings, either as a member or as an invitee.
• The ability to properly design and implement policies/procedures for effective and efficient handling of security.
• Experienced in coordinating, troubleshooting and support through different time zones for global implementations.
• Diverse background in leading offshore teams to ensure timelines, project plans and budgets all remain on schedule.
• ERP: ECC 6.0,5.0, SAP R/3 4.7, 4.6C, SAP Enterprise Portal 6.0, 5.0, SEM BPS 6.0(BW-BPS), SEM, APO 4.1, CRM 2007, SRM 4.0, EBP 4.0, CRM 7.0, ACE TOOL, BI 7.0, BW 3.5, BOBJ 4.0, MDM 7.0, Solution Manager 7.0, GRC 10.0, Virsa Compliance Calibrator, Virsa Risk Assessment Tool 3.0 (VRAT), Firefighting Analysis Tool 5.2, 3.0 (VFAT), Approva BizRights.
• Installed and maintained the GRC and VIRSA Application VRAT tool, Safe tool and Fire Fighter(FF).
• Implemented BizRights, Approva, IDENTITY MANAGEMENTI (IDM) and created users/auto provision roles to the users through the IDM Process.
• Managed the creation and modification of users, profiles, (PFCG) Roles, authorization objects; user administration, user reconciliation and Ran CATT and ECATT Scripts.
• Maintained check indicators for authorization objects in Transaction SU24.
• Performed comprehensive unit and integration testing on created roles using Mercury tool.
• Experienced on ticketing, on Remedy tool, Peregrine Incidents, Starteam System to resolve Sap security issues and problems in different kinds of SAP modules.
• Created the Developer Keys (SSCR keys) for developers and OSS ID’s for SAP users from SAP Service Place and extended their validity for OSS notes.
• Developed custom authorization objects for queries created by multiple users throughout various organizations.
• Handled tracing and analyzing of missing authorizations and values in BI 7.0 (ST01, RSRT, RSUDO, RSRTRACE, RSECAUTH, RSECADMIN and BEx Analyzer).
• Improved new BI Authorization analysis with Info Object, Info Area and Hierarchy.
• Implemented Hierarchy Security for BW Queries in multiple ways.
• Set up security by INFOAREA, INFOCUBE, ODS, PSA, INFOOBJECT, QUERY and WORKBOOKS-limiting query access within the BEx Analyzer.
• Experienced in tracing and troubleshooting authorization problems using RSSMTRACE and ST01.
• Completed custom reporting authorization objects, provided user requirements, finished design and configuration documentation and maintained values to the objects.
• Oversaw building security for administrative users using SAP-provided templates.
• Worked with the tcode RSECADMIN for creating custom authorization objects and S RS AUTH for assigning authorization objects for BW query end user roles.
• Extensively worked on BI 7.0, which enhanced the enterprise data warehousing, back-end computing challenges, Operational data store objects (ODS) and BI infosets.
• Experienced creating/assigning positions, designating the chief position to desired employees and configuring sub modules of HR like PD and PA.
• Have created a personnel master record and assigned it to organizational plans using PA40 and info types using PA30.
• Worked on position-based security and authorizations through PA20, PO13 and PA30.
• Assigned roles based on positions for users.
• Assigned ESS and MSS roles for new users and maintain Info types.
• Handled payroll authorizations by using the authorization objects: P PCR, P tcode and created custom authorizations - customer specific objects for HR roles.
• Worked with P ORGIN & P PERNR objects for different infotypes and subtypes.
• Assigned structural authorization profiles to user ID’s using RHPROFL0 to automatically assign appropriate structural authorization profile to each user ID.
• Worked on SAP EBP/ SRM profiles, roles, authorizations and security.
• Managed SRM security with application development methodology to build a SRM Buyer, Board Designee, MD, SC and Catalog Approvers.
• Worked with SRM team for granting access to t-codes and authorizations for SRM shopping cart.
• Performed comprehensive problem determination and resolution for authorization testing.
• Experienced with creating master roles for SRM vendors/bidders, buyers and approvers.
• Led SRM users to verify that the user was present in the Org Structure or not using the t-codes PPOSA, PPOSA BBP, BBP MAIN (SRM, EBP administrator).

TECHNICAL SKILLS:

Software/Language: Crystal Report, Visio, Visual Basic, MS-Excel, HTML, Microsoft Office 95/97/2000 and PowerPoint

Operating Systems: XP, Windows 2000, Windows NT, and OS2;

RDBMS: MS-Access

PROFESSIONAL EXPERIENCE:

Confidential, Springfield, IL

Senior SAP Security & GRC Lead Consultant

Responsibilities:

• Serve as a security expert to lead the design workshop and security requirement gathering sessions.
• Developed, maintained and implemented security roles for brand new implementation for ECC, SRM, and Solman, GRC and Portal
• Manage remediation activities for the segregation of duties violations and worked with agencies leads to assess the segregation of duty requests.
• Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorizations for various landscapes
• Central User Administration (CUA) experience to create users, assign roles, and maintenance
• Manage, support and promote security awareness around SAP security procedures, policies and guidelines.
• Maintain User ID’s and security roles across development, Test, and Production systems.
• Conduct audit and review of security roles and assignment of security roles to users for SOD Conflicts.
• Provide after go-live support, review the tickets assignment in Remedy and HPQC to ensure timely resolution and closure.
• Design and Implementation of GRC 10.1 including Installation, Post Installation, configuration, workflows
• Configuration and administration of GRC 10.1 components ARM,ARA,EAM and BRM
• Implemented MSMP workflows for ARM,EAM Log review and UAR
• Designed Custom Rulesets, Functions and Risks
• Have worked on Remediation at Role(Single/Composite) level and User level
• Worked on designing mitigation controls
• Executing risk analysis/simulation at role and user level

Confidential, Chicago, IL

Senior SAP Security & GRC Lead Consultant

Responsibilities:

• Support and contribute on new Implementation, upgrade, Go-Live, Post Go-Live, Production Support, Security Re-design, and segregation of duties (SOD) remediation projects over last 10 years.
• Act as security lead on • Full life-cycle implementations: SAP ECC, HR/HCM, BI/BW, BOBJ, BPC, CRM 2007, SRM, APO, GRC 5.1 / 5.3 /10.0. Solman & Charm implementation and upgrade
• Configure and administer Business Web UI Roles in CRM using SPRO, PFCG and CRMD program.
• Handle user Org Model position assignments using PPOMA CRM.
• Implemented Access Control Engine (ACE ) for Pepsico Bottler
• Extensively worked on CRM Master Data Authorization objects used for account, contact, and employee processing - B BUPA FDG, B BUPA GRP, B BUPA RLT and UIU COMP .
• Designed, Developed Security Roles for SAP CRM Marketing and Campaig n Management, sales and SAP CRM service and analytics using various Auth. Objects - CRM ORD OP (Customer), CRM ORD LP and CRM ORD TE, CRM ORD PR
• Worked on Designing roles for below CRM Components using Specific CRM Marketing Auth. Objects - CRM PAR and CRM PRP MT
• Designed and implemented roles for Solman 7.1 (Charm and Incident Management)
• Successfully implemented HANA Security. Client decided not to leverage the HANA Studio due to performance issues.
• Streamlined PepsiCo’s IT General and Sox controls for the entire SAP Platform Suite, which led to reduced overhead and the elimination of control gaps.
• Extensively report on project statuses to overall release leads to ensure projects remain on schedule.
• Communicate with project leaders (managers, senior managers and directors) on issues, status updates and timelines.
• Received awards on seven separate occasions for service, collaboration and issue resolution by project leadership.
• I have participated in the implementation of SAP GRC 10.0, adjusting the new generated risks with business managers and role owners.
• Configured SAP GRC Components ARA, ARM, BRM and EAM.
• Assigning firefighter id’s to users.
• Directed team meetings with business and security to gather information required to remediate existing risks from previous SAP release.
• Creation of connectors from R/3 systems to GRC system.
• Creating, modifying of functions, risks & business process based on business request.
• Running the risk analysis at User and Role Level.
• Creating mitigation controls and mitigation users.
• Supported other GRC related tasks.
• Supporting the SAP platform globally through Help support and Remedy tickets.
• Managed onshore and offshore team members.
• Involved in GRC AC 10.0 implementation project.
• Configured SAP GRC Components ARA, ARM, BRM and EAM.
• Modify GRC Rule Set.
• Setup of BRFPLUS (BRF+) rules, configure MSMP (Multi Stage Multi Path) workflow
• NWBC configuration
• Maintenance of workflow for access request, EAM Log review.
• Assigning firefighter id’s to users.
• Implementation of Password Self Service.
• Directed team meetings with business and security to gather information required to remediate existing risks from previous SAP release

Confidential, Chicago, IL

SAP Security Consultant

Responsibilities:

• Used Virsa Compliance Calibrator to define, find, resolve, mitigate and/or firefight the organization’s SOD issues.
• Reduced over 2.2 Million SODs to just 22K, allowing a major client to pass their regulatory audit.
• Worked with business teams to discuss SOD issues and suggested the removal of conflicting t-codes from the role or workarounds like firefighter role solutions for critical uses.
• Heavily collaborated with internal and external auditors to discuss progress and approaches on SOD resolutions.
• Provided weekly status reporting to Vice President of IT and Controller on progress updates.
• Gathered business requirements, understood functional processes and designed a scalable, flexible security model.

Confidential, Chicago, IL

SAP Security Team Lead

Responsibilities:

• Led the SAP application security for five, full-scale SAP implementations of different modules, including upgrades to 4.6C, ECC 5.0 and BW 3.0. The tasks associated with this work included maintaining development environment security during the configuration phase, facilitating functional team meetings to derive security requirements, configuration of production environment security, integration test support and client-counterpart training.
• Managed remediation activities for the segregation of duties violations and worked with business units to assess the segregation of duty requests.
• Managed, supported and promoted security awareness around SAP security procedures, policies and guidelines.
• Provided insight into Sarbanes Oxley compliant features in SAP security, including overseeing security audits.
• Developed the security administration’s policies and procedures document for new modules.
• Continuously improved security configuration to reflect best practices and properly prepare for system audits.
• Designed and developed roles in SAP R/3, BW and insurance modules (CD, RI and Commission).
• Created templates for various security matrices (role definitions, roles vs. transaction codes, roles vs. authorizations and user-to-role mapping).
• Developed “best practice” models for SAP security, including naming convention and general role development.
• Extracted the data on current activity groups from the system to create various mapping tables, which are then being used for identifying the roles that are required.
• Trained other security team members on role based security and CATT scripts for automating various routines such as user creation, initialization of passwords, assignment of roles, assignment of parameters, etc.

Confidential, Chicago, IL

SAP Security Consultant

Responsibilities:

• Performed pre- and post-implementation reviews of SAP basis administration and Correction and Control Transport System (TMS/CTS) for the following manufacturing/pharmaceutical clients: American National Can; Sloan Valve; Roche Diagnostic; Juno Lighting; Nabisco; Dade Behring; UOP; Zurich; Kemper and NEC Technologies.
• Performed reviews under the guidelines established by the Information Systems Audit and Control Association (ISACA) to help clients control weaknesses around inherent and configurable controls for R/3 Basis components and CTS. The following are a few of the review tasks:
• Evaluated whether segregation of duty controls was being considered within the security objectives and implementation strategies (i.e., security administrator, user administrator and activation administrator).
• Reviewed authorization procedures to create, delete and update UMRs (SU01, SU02, and SU03).
• Determined whether security guidelines and procedures were adequate to prevent users and IS personnel from gaining access to SAP data and programs.
• Evaluated how SAP-supplied, default parameter (RSPARAM) values were set (i.e., password expiration, logon attempts, password length, SAP GUI logout time, etc.).
• Reviewed how SAP-supplied default profiles/user ID (i.e., SAP NEW, SAP ALL, S A.ADMIN, SAP*, etc.) were handled in production environments.
• Determined whether SAP-defined naming convention was followed while developing custom profile, reports and whether AUTHORITY-CHECK functionality was used in denying unauthorized user executing sensitive transactions.
• Examined how SAP-supplied (RSUSRXXX) log reports were used to monitor user activities.
• Analyzed controls to be placed in preventing unauthorized transport to production environment.
• Performed transaction trace to determine whom had authorization objects to execute critical functions.
• Inspected the results of SAP-supplied log reports to determine weaknesses in monitoring UMR’s activities.
• The result of review (control weakness) was tabulated in the form of recommendation following the standards laid down in SAS70. The complete finding report was provided to clients and detailed the observation, expected business impact and technical solution as to how to mitigate the control weakness so as to perform the system administration process more efficiently and effectively.

Confidential, Chicago, IL

Senior System Analyst

Responsibilities:

• Participated in large implementations, which required working on customization of customer specific IMG projects, including reengineering using SAP software.
• Led the simulation of SAP R/3 FI module implementation under the direct supervision of SAP-certified consultants.
• Provided extensive hands-on review of the organizational structure of FI-GL based on business processes, requirements and integration with other tracks.
• Completed projects in SAP R/3 organizational structure and navigation within SAP environment; creating, configuring, maintaining global settings, company codes, chart of accounts, GL accounts, balance sheet and profit and loss statement structures based on different customer’s specific needs and requirements; customization of various reports and procedures for financial closing.