Sr. Sap Security Consultant Resume
Houston, TX
SUMMARY:
- Over 8 years of experience as a Security Administrator in SAP R/3(ECC 6.0, 5.0, 4.7,4.6C, 4.0B), BW (BI 7.3,7.0, BW 3.5, 3.2, 3.0), Business Objects (3.1, 4.0), BPC, HANA, HCM, SCM, SRM, EWM, APO, CRM, CLM, Solution manager, PI/XI, VIRSA/GRC 5.3,10.0,10.1.
- Actively involved in all phases of SAP project life cycle including Go - Live, Hyper care and Support.
- CRM - Set up CRM 7.0 security for Marketing and Campaign Management, Business Partner Security and Product Security. Proficient in use CRM7.0 security administration tools as ACE, Business Role and Technical Roles (PFCG).
- BI Security- Secured BI Info Areas, Info cubes, Queries, Info objects, Hierarchy and Info objects. Successfully upgraded BW3.5 authorizations to BI7.0 Analysis authorizations. Restricted Analysis Authorizations (Using RSECADMIN Tool) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level. Extensively used new BI tools like Authorization Monitoring and Legal Audit. Defined Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1).
- BOBJ Security - Design and Implement Business Objects (BOBJ) Security. Extensively used Central Management Console.
- HR Security - Designed and Developed HR Security in Personnel administration and Payroll accounting, Benefits, Compensation, Time Management, Travel, Payroll, E-Recruitment, Personnel Development and Org Management modules. Implemented Structural Authorizations to Restrict PD Objects.
- Created Security Roles for ESS and MSS (Actions, Org. Assignment, Basic Pay, Additional Payments, Recurring Payments/Deductions, Qualifications, Appraisals, Absences, Attendance and Absence Quotas)
- Liaison between Security and other teams - Basis, PMO, Functional Teams.
- Configured GRC Access Risk Analysis (ARA), ARM (Access Request Management) and EAM (Emergency Access Management) and Process Control
- Expert in User Tracing and Troubleshooting User Authorization issues using SU53 and ST01.
- Experienced in producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*).
- Have experience working with Audit teams to perform scheduled internal audits for other projects within the company. Have experience on Basis Administration activities as well.
- Extensively worked on HR Authorization Objects like P ORGIN, P ORGXX, P ORGINCON, P ABAP, P PERNR, P PCLX etc.
- Well versed working on SAP HCM Organization Structures ESS/MSS, PA, PD, Payroll, Time, Travel, E-Recruiting and other HCM Modules.
- Hands on experience on S4 HANA Security with SAP HANA DB with ECC and as well as SAP HANA DB with BI/BOBJ.
- Troubleshooting BI authorization related problems using RSECADMIN, RSD1 and RSA1 T-codes.
- Experienced in Setting up Global level/Folder level/Object level Security in BOBJ and restricting reports on different access levels as per requirement.
- Preventative, mitigating and compensation controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy.
- Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards.
TECHNICAL SKILLS:
Domain: SAP Security & GRC 5.3, Versa, 10.x Applications.
ERP: SAP ECC 4.7, 6.0, HR, BI/BW 6.0, CRM ABAP 7.0, SRM ABAP 7.0, APO, HANA, GRC 5.3, 10.0,10.1, PI 7.31, GTS 7.0, MDM, Solman 7.1, Portal.
Programming Languages: C#, C++, Visual Basic and HTML
Operating System: WINDOWS - 7/Vista/XP/NT/98
Databases: Oracle, DB2, SQL SERVER, MySQL, Sybase.
Ticketing Tools: Service Now, Remedy, HP QC, HP ALM.
PROFESSIONAL EXPERIENCE:
Confidential, Houston, TX
Sr. SAP Security Consultant
Responsibilities:
- Design, develop and implementation of SAP Security at PLANT level and other organizational levels such as Company Code, Sales Organization, Purchase Organization, Division etc.
- Design and develop and implemented the Master and Derived role concept to set up the security at Plant and other Organizational values.
- Responsible for defining SAP Security Enterprise Design across all below mentioned systems
- Worked with Business Process Owners, Super Users, & End Users In Resolving And Improving Security Aspects at Verizon.
- Maintained SLA’s for all kind of tickets (Problem/Incident/Request).
- Used Profile Generator to create, modify and customize User Authorizations, and Authorization Profiles in ECC. Design and implement HANA-BI security.
- Created custom roles in HANA DB for Developers, Modelers, Administrators and Business users.
- Created Analytical privileges based on business requirement.
- Troubleshoot complex authorization issues in HANA.
- Setup SSO between BOBJ and HANA system.
- Identified and implemented controls around HANA database.
- Effectively analyzed systems trace (ST01) and User Information System (SU53) and tracked missing authorizations for user access problems and inserted missing authorizations.
- Specified the Auth Objects that are to be Maintained and modified for Various Custom Transactions using SU24 and SE93 in HR, BW and R/3 Environments.
- Extensively used SAP HANA Live Authorization Assistant tool to convert existing ABAP PFCG authorizations to respective permissions in the HANA system.
- Scheduled and Monitored Back Ground Jobs Using SM37 Transaction.
- Design, develop and implementation of direct role assignment (User Based Access).
- Worked with security related tables such as AGR TCODES, AGR USERS, AGR AGRS, USR02, AGR 1251 etc.
- Defined Security Project Plan (using MS Project) by ASAP phases
- Defined security team daily activities/tasks
- Trained client resources on Security best practices
- Lead security requirements meeting with functional and technical teams
- Lead and defined all Security testing phases (Unit, Integration, and User Acceptance) across all applicable systems.
- Design, develop and implementation of Indirect Role Assignments (HR Position Based Access).
- Design, develop and implementation of Structural Authorizations (Organizational layer access).
- Defined Cut-Over/Go-Live and Post Go-Live tasks and processes.
- Used RSECADMIN in BI for Creating, Maintaining and assigning of Analysis authorizations.
- Worked with Reporting Users, Power Users and Administration Users in Identifying and Resolving Authorization Issues in BI System.
- Created Queries and restricting access through Variable Filled Authorizations in BI.
- Worked on SAP BI 7.0 Portal and Enterprise Portal user management.
- Created SECATT Scripts for mass upload of Users and Roles.
- Implemented and worked with SSO (Single Sign-On) on all the systems in landscape.
- Provided complete documentation for all areas of Security (role design, GRC, IDM configuration etc).
- Created Structural authorization profiles for client organizational structures and assigned to users.
- Created SECATT Scripts for mass upload of Users and Roles.
- Implemented and worked with SSO (Single Sign-On) on all the systems in landscape.
- Developed Single, Master Derived Roles and tested them in Various Clients and systems in the Landscape.
Environment: ECC 6.0, BW 7.4, SEM, Business Objects 4.1, Data Services, HANA, CRM, SRM, APO, Solution Manager 7.1, GRC 10.1, SAP Portal.
Confidential, Dublin, OH
Sr. SAP Security & GRC Consultant
Responsibilities:
- Responsible for defining SAP Security Enterprise role redesign Design across all below mentioned systems
- Design, develop and implementation of SAP Security at PLANT level and other organizational levels such as Company Code, Sales Organization, Purchase Organization, Division etc.,
- Implemented Global and Enabler roles concept to set up the security at Plant and other organizational levels.
- Worked with Business Process Owners, Super Users, & End Users in Resolving and Improving Security Aspects at KRATON.
- Maintained SLA’s for all kind of tickets (Problem/Incident/Request).
- Used Profile Generator to create, modify and customize User Authorizations, and Authorization Profiles in SAP Systems. Responsible for validation of requirements to convert technical into Access Controls capabilities
- Responsible for review, design, develop, test and implementation of Access Controls capabilities.
- Responsible for support pack upgrades from lower to higher for open technical issues if require
- Effectively analyzed systems trace (ST01) and User Information System (SU53) and tracked missing authorizations for user access problems and inserted missing authorizations.
- Specified the Auth Objects that are to be Maintained and modified for Various Custom Transactions using SU24 and SE93 in HR, BW and ECC Environments.
- Design, develop and implementation of HR General and Structural Authorizations.
- Design, develop and implementation of HCM (P & F) Processes and Forms AS ABAP Security.
- Scheduled and Monitored Back Ground Jobs Using SM37 Transaction.
- Worked with security related tables such as AGR TCODES, AGR USERS, AGR AGRS, USR02, AGR 1251 etc.
- Responsible for gathering the requirements for complete GRC Access Controls capabilities.
- Responsible for GRC Access Controls 10.0 configuration and DEMO for BPOs, Key Stake Holders, super users etc.
- Lead and defined all Security testing phases (Unit, Integration, and User Acceptance) across all applicable systems
- Defined Cut-Over/Go-Live and Post Go-Live tasks and processes
- Used RSECADMIN in BI for Creating, Maintaining and assigning of Analysis authorizations.
- Worked with Reporting Users, Power Users and Administration Users in Identifying and Resolving Authorization Issues in BI System.
- Created Queries and restricting access through Variable Filled Authorizations in BI.
- Worked on SAP BI 7.0 Portal and Enterprise Portal user management.
- Created SECATT Scripts for mass upload of Users and Roles.
- Implemented and worked with SSO (Single Sign-On) on all the systems in landscape.
- Provided complete documentation for all areas of Security (role design, GRC, IDM configuration etc)
- Created Structural authorization profiles for client organizational structures and assigned to users.
- Created SECATT Scripts for mass upload of Users and Roles.
- Implemented and worked with SSO (Single Sign-On) on all the systems in landscape.
- Developed Single, Master Derived Roles and tested them in Various Clients and systems in the Landscape.
Environment: SAP Net Weaver 2004s, SAP ECC 6.0 with Modules, FICO, OTC, P2P, R2R etc., HCM and HCM (Processes and Forms), BI 7.1, 7.3 XI, Solution Manager, APO, SAP GRC AC 5.3 (CUP, RAR, SPM and ERM), SAP Access Controls 10.0 (ARA, ARM, EAM & BRM.
Confidential, Seattle, WA
Sr. SAP Security Administrator
Responsibilities:
- Role Administration (new creations/modifications/remediation) by using PFCG tool
- Add/remove the excessive access from the existing role at organization values level.
- Secured roles by Company Code, Plant, Cost Centre, Profit Centre, and Purchasing Organization etc. to avoid cross country access.
- Worked on BI Security creating, maintaining Analysis Authorizations using RSECADMIN tool.
- Troubleshooting BI authorization related problems using RSECADMIN, RSD1 and RSA1 T-codes.
- Mass Profiles generation for the Roles.
- Creating new roles & modifying existing roles (Single, Composite and derived).
- Create Mass Transport for the generated roles and profiles.
- Performed unit testing and system integration testing for the newly created & Modified Roles.
- Coordinated overall UAT testing of the Re-Design Security project.
- Analyzed customer programs and transaction codes for authority checks.
- Responsible for review, design, develop, test and implementation of Access Controls Capabilities.
- Configured & Supported Emergency Access Management, Automated User provisioning, Access Risk Analysis & Business Role Management in GRC 10.0 Access Control.
- Ensure segregation of duties (SOD) exists in the SAP systems.
- Troubleshoot existing user roles, security objects and authorizations to resolve security conflicts, supporting users, setting up new accounts, password resets, put users in appropriate groups and resolve any issues in production system.
- Using System Trace to record authorization checks in different sessions (ST01).
- Periodically analyze user master records and develop strategies to reduce any risks to the business from an authorization perspective.
- Created Business Partners and assigned in Org Structure using BP, Mapping business role to position using PPOMA CRM.
- Created Composite Roles (Activity Groups) by using Profile Generator and assigned them to users and Organizational Units.
- Helped Support team on user mapping for the newly created roles & removing old roles.
- Role modifications like adding t-codes and object level modifications based on Client requirement.
- Created Structural Authorization Profiles and assign the profiles to positions and User IDs as per the organizational structure.
- Assigned roles based on positions for users in PO13.
- Worked on HR triggers in GRC and with HR authorization issues based on user requirement.
- Mapping of HR records to the user id’s.
- Participated in building security roles and structural authorization profiles and Helped in solving critical post production support issues.
- Transporting Security changes from development systems to quality and production servers.
- Involved in Hyper Care Support after the Roles transported to Production system.
- Preparation of project estimations, identifying resources from within the team for the work in projects.
- Preparation of reports (Daily/weekly/monthly) for the work done by team and providing weekly/monthly updates to higher management and business.
- Analyzed the existing roles and Performed Remediation on cross-country access.
- Preparation of role matrix sheet & consulting business owners to get approvals.
Environment: SAP Net Weaver 2004s, SAP ECC 6.0 HR, BI 7.1, XI, Solution Manager, SAP EP, SRM - EBP, APO, SAP GRC AC 5.3 (CUP, RAR, SPM and ERM).
Confidential, Houston, TX
SAP Security Admin
Responsibilities:
- Created the roles, authorizations and administered User Master Data as per the client SAP Controls and SOP (Standard Operating Procedures) documentation as required by the Audit.
- Used to work on the daily tickets, which are related to production support using the latest ticketing tool called “SOLV”.
- “Re-designed” the Roles related to Supply Chain Management and HR use to work closely with the functional team and Finance team to develop the Custom transaction codes and Roles depending on the Business Requirements.
- Identified Segregation of Duty (SOD) conflicts and proposes recommendations that lead to implementation of mitigating controls and elimination of risks.
- Designed the Job Aids for the Controls and Executed the SOX Controls for Yearly, Quarterly and Monthly.
- Analyzed/ updated roles to resolve Authorization issues in ECC 6.0 after careful analysis as per system trace (ST01), authority check (SU53) and checks in ABAP code (SE38).
- Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24.
- Worked in creating Background jobs using ABAP help (SUPC/PFUD).
- Designed, Developed and maintained Single roles, Composite roles, Master and Derived roles and Secured roles by Organizational levels for different modules in SAP.
- Worked with the ST01 tracing and analyzing the trace records for the user in the process of trouble shooting.
- Experience managing and maintaining USOBT C and USOBX C tables by using SU24 /SU25.
- Design, develop and Activation of Rule Sets.
- Created mitigation controls for SOD issues and scheduled batch jobs to provide reports to the Management team on a quarterly basis for review.
- Worked closely with the SNC/APO and IBM Maximo functional team, created the custom roles and t-codes by gathering the requirements from the business, maintained the authorizations checks, and made sure that the custom t-codes are well restricted.
- Monitored the system logs and ABAP dumps (SM21) and fixed the problems occurred.
- Setup Transportation Management System (STMS) and transported change requests across Dev, QA, Pre-Prod and Production systems.
- Transported the generated roles and profiles using STMS and handled normal and mass generation of roles.
- Restricted access to SE16/SM30 by creating table specific custom transaction codes to the table using SE93.
- Preparing the reports for USOBT C, AGR 1251, and AGR 1252 for existing landscape and comparing the results to New landscape which is used for comparing the results after the client copy.
- Monitored access to key authorization objects such as S BTCH ADM, S ADMI FCD, S TABU DIS, S TABU CLI, and S DEVELOP for debug access etc.
- Made the client copy from existing system to new landscape for the QMT, Odyssey, Power Portal systems.
- Created the Groups in Portal and assigned the roles to the groups depending on the functional requirement.
- Created the LDAP configuration for assigning the groups to users in Portal Environment.
- Setup Profile Generator to create authorization profiles (SU25).
- Worked on SAP Check Indicator Defaults, Field Values and maintained check indicators for transaction codes using SU24.
- Make sure that the authorization groups for all the required tables have been maintained in TDDAT table using SE54 transaction.
- Worked User Administration using Central User Administration (CUA).
- Activating and troubleshooting using T-codes SCUL, SCUA and background jobs related to CUA.
Environment: SAP ECC 6.0, SCM 7.0, GRC 10.1, XI/PI GTS and Solution Manager 7.1.
Confidential, Atlanta, GA
SAP Security Consultant
Responsibilities:
- Analyze business control requirements and map to technical restrictions.
- Conducted workshop with Key functional users.
- Design and develop security for various components like Headcount, Actions, Learning Solution, Time, Succession Planning, Performance Management, Labor and Benefits.
- Secured BI Info Areas, Info cubes, Queries, Info objects and Hierarchies.
- Restricted Analysis Authorizations at Characteristic Values, Attribute Values, Hierarchies and Key Figure level.
- Extracted Structural authorizations from HCM system to BI using standard SAP extractors. Extracted Employee, Position, Org Unit and Timekeeper group information.
- Restricted Roles based on Personnel Subarea, Cost Center and Employee Subgroup.
- Restricted sensitive HR information like SSN, Annual Salary, Hourly Pay, Ethnicity and so on.
- Designed and performed fully integrated tests of delivered solutions; investigated, diagnosed and analyzed issues and recommend solutions.
- Managed and tracked project schedule.
- Created Analysis Authorizations using the new RSECADMIN tool to restrict BI reporting users.
- Created workbook security strategy.
- Created Portal Roles so that Users can access to Roles/Queries through the Portal.
- Design and Implement Business Objects (BOBJ)Security.
- Administration using Central Management Console to configure Users, User groups and folders.
- Imported SAP roles and users from SAP ABAP systems into SAP Business Objects Enterprise.
- Set up SAP system as authentication in SAP Business Objects Enterprise.
- Created Custom Access Levels to secure sensitive HR Information.
Environment: ECC 6.0, BW 7.0, Business Objects XI 3.1 SP2, HCM
Confidential
SAP Security Associate
Responsibilities:
- Implemented Info object level BW security and created BW security Authorizations using RSSM transaction.
- Analyzed user’s outputs and corrected security deficiencies (SU53 &SU56).
- Locked all the critical transactions (SM01).
- Installed the Central User Administration system to have a single point control over the client systems (SCUA).
- Created Genesis Security Strategy document according to company security norms.
- Train User and Authorization Administrators (Ongoing user admin support).
- Identified and fixed the manual changes in SU24 for specific transactions.
- Tested customized Z transactions for functionality and added manually the authorization objects and field values as per security guidelines.
- Full trouble shooting support for the user’s authorization failures in all SAP applications and resolving the Security issues and support in integration testing of Roles/Profiles.
- Creation and Modification of User Master Records for Project and End Users.
- Management, User Administration Monitoring, User Tracing and Troubleshooting User Authorization issues using SU53 and ST01.
- Produced/analyzed reports in SAP using SUIM, and security related tables (AGR*, USR*, etc.).
- Experienced in using *CATT* scripts for Mass user creation and maintenance.
- Worked closely with the Technical Lead to create and maintain security roles, discuss status reports, policies related to the SAP R/3 system, project timeliness and deliverables .
Environment: R/3 4.7, BW3.5.