- Over 6 years of IT experience with 5 + years of SAP Basis/Security Administration.
- Involved in all phases of Project Life Cycle from Blue Printing to Post Go Live phases for Upgrades, Role-Redesign and both Fresh and Re-Implementations using Solution Manager.
- Experienced in implementing security procedures for user creation and maintenance in client-specific model and Central User Administration (CUA) in SAP R/3(ECC), BW 3.5(BI7.0), APO and Enterprise Portals.
- Experience in Data Administration, Identity Management, Information Security, Sarbanes-Oxley Regulatory Compliance.
- Configuration Experience of GRC 5.2 (VIRSA) Compliance Suite: Compliance Calibrator, Access Enforcer, Fire Fighter & Role Expert.
- Remediation/ Mitigation of SOD Violations at roles and User level.
- Involved in redesign of the roles and architecture based on Compliance Calibrator\'s high SODs
- Experienced in SAP Basis Administration functions including Installations, Client Copy/Export/Import, System Copy/Refresh, Support packs,Kernel Upgrades, Spool Administration, Background Jobs, Transport Management, Workload analysis, System Monitoring and Performance Tuning
- Have proficiency in the development, documentation and implementation of regulatory, information security, and business continuity solutions for the distributed environment.
- Posses strong technical, analytical, and interpersonal communication skills to provide quality service and proven results
ERP : SAPR/3 (4.5B, 4.6B, 4.6C, 4.7EE), ECC 5.0/6.0
SAP Netweaver 04/04s : EP 5.0/6.0, BW 3.5, BI 7.0, WAS ABAP & J2EE Engine(620/640/700)
Compliance : Virsa (CC 4.0, FF 3.0), GRC Access Control Suite 5.2
Languages : C++, Java, SQL
Databases : Oracle 9i/8i, SQL Server, MS-Access
Operating Systems : HP-UX, AIX, Sun Solaris, Red Hat Linux & Win2000/NT4/XP
Bachelor of Technology in Computer Science and Information Tech
Senior GRC/SAP Security Consultant
- Played key Role in implementing/Configuring Compliance Calibrator, and Fire fighter GRC AC Suite 5.2 along with Designing Role and Authorization Framework for FI and SCM modules in ECC 6.0
- Creating the test scripts and coordinating the testing with Business Analyst team.
- Designed the Initial SoD Analysis and Remediation Approach.
- Troubleshoot SOD Ruleset Issues and resolve them.
- Created the Firefighter test scripts and completed the testing
- Design and Develop the FF functional and Technical roles based on the inputs from business teams.
- Analyzed the SAP delivered rule set for Risk Analysis & Remediation, which includes Actions, Permissions, Functions and Risks for customization
- Discuss with the client for any additional risks identified and create the Risks with the appropriate functions
- Preparing the Rule Upload files for Business process, Functions, Authorizations, Risk & Rule set.
- User maintenance (creation, deletions and maintenance of users, mass users maintenance)
- As a part of Remediation process, analyzing SOD conflicts to report and research for conflict removal at the object and Tcode level.
- Created Portal users in via UME, and LDAP Database.
- Assignment of roles/groups to users.
- Created pages, and worksets, and assigning them to roles.
- Maintained/generated authorization profiles that access ABAP objects in the backend system for the portal roles.
- Configured GRC's Compliant User Provisioning Tool (AE) to LDAP and CUA by mapping the appropriate fields.
- Gathering End user Role Requirements in coordination with Process Teams and from Business.
- Building Transactions to Role Matrix, Person to Role Mappings, Testing Preparation Documents.
Environment: SAP ECC 6.0, GRC 5.2, Solution Manager 4.0 & EP 7
Confidential, Bellevue, WA
SAP Security Upgrade Analyst
- Security Upgrade from SAP R/3 4.7EE to SAP ECC 6.0
- Created Mass Transports for all the Business and Technical rolesin R/3 4.7EEfor upgrade to ECC6.0
- Collaborated with Functional Teams to close the open authorizations in roles that resulted from Upgrade.
- Updated/Modified roles using Profile Generator with the Transactions and auth.objects new in ECC6.0 in the Development System and transported them to QA to perform unit testing and then to Production
- Resolved Authorization/Security Issues during Business Acceptance Testing, GO-LIVE and post GO-LIVE
- Edited/Updated roles to resolve Authorization issues in ECC6.0 after careful analysis as per system trace (ST01), authority check (SU53) and auth. checks in ABAP code (SE38) in both R/3 and ECC 6.0 results.
- Using eCATT scripts to create users and role assignments.
- Creating custom (Variant/Parameter) T-Codes using SE93 for users who need access to t-code SA38/SE38 for specific reports.
- Editing Standard Area Menu using SE43N
- Updated Profile Parameters using RZ10/RZ11 according to the new ECC6.0 Security standards
- Maintaining the authorization groups for tables and programs and completely restricted the use of default authorization group & NC & .
- Developed and Maintained RFC user's Naming convention for Solution Manager
- Used the SOD analysis results to clean up the Roles
- Developed naming conventions for Mitigating Controls.
- Played a key role in rolling out the GRC 5.2 (Compliance Calibrator) to IT and Business.
- Trained the IT and Business to use the tool and avoid SOD conflicts in Change Requests for Roles and Users.
- Proposed and implemented a Model based implementation and usage of Firefigther.
- The model optimizes the usage of the FF tool in effectively monitoring and granting production access.
- Designed standard operating procedures (SOP's) for usage of FF tool.
- Built special Roles for the Firefighters with wide access to restrict the use of SAP_ALL.
- Integrated the Compliance Calibrator tool into the Firefighter to automatically monitor and mitigate Critical Transaction usage.
- Was the Security point contact for all Audit issues based on SOD and assisted External Auditors by providing standard SAP reports on Critical Transactions/Authorization
- Carrying out internal Audit with various Business Teams
- Performing user maintenance, role maintenance and authorization object maintenance for SAP SCM4.10
- Created and assigned authorization objects for BW reporting in SAP SCM4.10 using transaction RSSM
- Implemented InfoObject-leveland InfoObject field-level security for the reporting users.
- Setup of Analysis Authorizations usingtransaction RSECADMIN in BI 7.0
- Creating new Background jobs using SM36.
- Editing, Monitoring and starting manual runs of background jobs using SM37
- Creating and Modifying Program steps and their variants for Background jobs using SE38
- Setting up E-mail Distribution lists using SO15 for the Background jobs
- Trained SOX Approvers from Business side on various important Security procedures.
Environment: SAP R/3 4.7EE, ECC 6.0,SCM 4.10, BI 7.0, GRC 5.2 & Solution Manager 4.0
Confidential, Camp Hill, PA
SAP Security Role Re-Design Consultant
- Involved in Security Design/Re-Design/Development, Administration and Documentation of SAP R/3 4.6C environment
- Redesign of the roles and architecture based on Compliance Calibrator\'s high SODs coming out of the existing roles
- Re worked with the process owners to build the generic Master Roles and the derived roles based on the org values on a different development/QA landscape and transported them to the existing Production gradually replacing the older dirty roles thus minimal impact for the end users
- VIRSA analysis and acted as SOX liaison for PWC & the business.
- Supported Internal(E & Y) and External security(PWC) audits
- Used MS Access extensively to dump the user SOD analysis and sort and own SODs in region in Functional area and also report the progress count to the IRM (Information Risk Management) team.
- Assisted Basis in hosting the Access Enforcer and in configuring connections to LDAP & SAP Backend system
- Performed user maintenance using t-code SU01 and used t-code PFCG to manage and control security access.
- Created new and edited the existing Activity Groups as per the requirements coming through Help Desk which involves the inclusion of transactions in the menu tree or editing the activities as per system trace (ST01), authority check (SU53) results.
- Created BI portal Groups, assigned portal roles to the Groups, then assign Users to the groups thru UME.
- Configured and assigned AIS roles and authorizations to internal and external auditors.
- Used t-codes SM19 to activate and SM20N to analyze the security audit logs.
- Used t-code SM18 to archive or delete old audit log files
- Maintained SU24 based on the company policies and used to maintain the user authorizations.
- Created and assigned needed authorizations to the helpdesk user to unlock end-users.
- Created and maintained users and roles in distributed SAP system landscape using CUA.
- Maintained portal users and created roles in R/3 system for upload to portal server
- CRM Ondemand module, performed authorization maintenance using Authorization Management Tool (AMT).
- Implemented HR Structural Authorization (Position Based).
- Created PD Profiles using functional Modules using customized Evaluation Path.
- Built Security for MDT (Manager Desk Top) for Supervisors and for Proxies in HR.
- Implemented Check on HR Reporting for HR Reports and Cleaned up SAPDBPNP from the Reporting Object.
- Developed BW authorizations for admin workbench and reporting.
- Defined and involved in Periodic BW Security Reviews and Assessment Process.
- Used t-code RSD1 to make InfoObject authorization relevant.
- Created and assigned authorization objects for reporting using RSSM
- Used SAP delivered templates and revised for BW admin workbench.
- Performed user maintenance using t-code SU01, role maintenance using t-code PFCG and authorization object maintenance using t-code RSSM.
- Assigning t-code RRMX to power & end users, and RSA1 to administrators.
- Implemented InfoObject-level and InfoObject field-level security for the reporting user.
- Implemented authorization variable for authorization values at runtime.
- Tracing standard and custom authorization objects using RSSM and ST01.
- Worked with OSS (SAP Service Marketplace users registration, creating Messages, SAP Software Change Registration (SSCR), Notes, and Support packages download).
Environment: SAP R/3 4.6C, EP6.0, CRM 5.0, BW 3.5, Virsa (FF 3.0, CC 4.0)
Confidential, Philadelphia, PA
SAP Security Analyst
- Proposed Role Based Security Role Design strategy and implemented it for SAP R/3 4.6 C (MM,PP,SD,FICO, WM)
- Worked closely with the technical leads to create and maintain security roles, discuss status reports, policies related to the SAP R/3 system, project timeliness and deliverables.
- Worked on Profile Generator (PFCG) in creating Roles(Single, Composite and Derived) and profiles
- Performed UNIT testing on created roles
- Implemented Central User Administration (CUA) and made the User Administration process more efficient and easy to handle.
- Redesigning roles to accomplish SOX compliance
- Identifying Security's Key Role in Maintaining Sarbanes-Oxley (SOX) Compliance
- Identified gaps in R/3 (SD,MM ) Security and ironed out generosities, designed pre audit checks, configured end user security profiles, used profile generator extensively
- Worked on HR based authorization objects such as P_ORIGIN, P_PERNR
- Designed and Implemented HR, Payroll and Time modules
- Maintained authorization Profiles in (OOSP) using structural authorization
- Implemented structural authorizations to restrict users at the organization level
- Extensively worked on HR Transactions PA20,PA30, PPOME and PPOSE
- Effectively analyzed trace files and tracked missing authorizations for user access problems and inserted missing authorizations manually
- Created User Groups for easy administration & maintenance
- Supported users for the security issues in all functional modules
- Monitored access to key authorization objects such as S_BTCH_ADM, S_ADMI_FCD, S_TABU_DIS, and S_DEVELOP for debug access and etc,
- Continuously improved security configuration to reflect best practices and to prepare for system audits.
- CTS administration and development of procedures for managing daily corrections
- User master maintenance including creating users, locking users, and roles assignment.
- Documented the work done on profiles, design, user access, profile maintenance, and security procedures.
- Transported the generated roles and profiles using SAP transport management system.
- Created custom authorization objects to meet business requirement around security restrictions.
- Ran CC Role based & User based SOD conflict analysis in the background and automated the resulting spool file dumps of the analysis reports to be able to export to Access
- Defined workflows(Managers-Role Owners-Security), approvers, request type default values, existing mitigating controls & connections to the existing Compliance Calibrator engine
- Administered and configured Virsa Fire Fighter on Production servers, user ids and naming convention.
- Performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.
- Assisted in Sarbanes Oxley Compliance - SAP System Audit and documentation of Significant Processes and controls
- Continuously improved security configuration to reflect best practices and to prepare for system audits.
- Involved in indirect roles assignment for HR structural authorizations.
Environment: SAP R/3 4.6C , mySAPERP2004, EP 5.0, BW 3.1
Confidential, Bridgewater, NJ
SAP Security Consultant (Production Support)
- Production Support for all security related issues.
- Performed User maintenance (User creation/ deletion/ lockdown/ activation/ Password management)
- Performed cleaning up of roles and profiles not in use
- Assisted in transports and mass transports of roles
- Used STMS system to transport the objects from DEV system to QA systems and then to PRD system
- Used CATT script to create and modify users.
- Performed UNIT testing on created roles.
- Involved in Role Maintenance install and upgrade.
- Was involved in knowledge transfer and laying security procedures for the team.
- Processed Employee change (EMPC) requests on a daily basis. Employee change report/requests included addition of new users, changes to the existing user master records based on the department and position changes, locking of terminated users.
- Resolved Solution Manager (SOLMAN) tickets. Requests included creation of new roles, changes to the existing roles, temporary role assignments to the users and several other related issues
- Created new security roles and modified existing roles based on the approved requests from the business and functional people.
- Extensively used Central User Administration (CUA) to process requests such as creation of new users, change of role assignments to existing users, deletion/lock of terminating user and several other day-to-day operations relevant to the user administration.
- Performed Mass user creation and Mass role assignment using the CATT scripts.
- Used SU24 to maintain authorization checks for various transaction codes.
- Used SE09/SE10 for single and mass role transports and SCC1 for role import.
- Used SU10 to perform mass changes to the user master records.
- Used SUIM to perform security analysis for various purposes.
- Used SU53 and ST01 to analyze authorization issues for end users.
- Monitored security jobs on a daily basis and rectified the errors (if existed) after analyzing the logs.
Environment: SAP R/3 4.7EE, SRM 4.0 and BW 3.1
- Administered and supported the SAP Production, QAS and Development systems 24x7
- Analyzed R/3, CRM, BW, ITS, Oracle and UNIX system Performance, ABAP short dumps, failed updates, system log.
- Database monitoring, increasing the table space using SAPDBA.
- Configured RFC connections between the systems in landscape.
- Configure change and Transport system (CTS). Used TMS to administer transport systems and configured the transport routes, coordinated development and customizing efforts using workbench.
- Customizing organizers, transported change requests between different clients and systems and used STMS to import change requests.
- Performed online database backups and offline database backups (IXOS).
- Performed client copies between clients on the same system local client copy, remote client copy and client transport between different R/3 Systems.
- Maintaining authorizations and Roles (PFCG).
- Scheduled jobs in the background to clean up spool requests, dumps, batch input sessions, background job logs.
- Trouble shooting system problems by analyzing system log, update monitoring, alert monitors, system traces, system dumps and lock entries.
- Involved in setting up of Network and Local printers and monitored spool (SPAD) and Temse.
- Performance monitoring, workload analysis, performance tuning, system monitoring using CCMS.
- Hot packages, Download patches from OSS and applying OSS notes.
- Daily administrative tasks include monitoring system logs, work processes, locks and updates.
- Monitoring the users. Maintaining the user locks and passwords.
Environment:Oracle, IBM-AIX environment with R/3 4.6C, BW 3.1C CRM 4.0, SRM 4.0 and WAS 6.20
System Analyst (System/Database Administrator)
- Installed and configured one development and production server with HP-UX/Oracle 8i
- Installed and configured standalone training system with Windows NT 2000/MS-SQL 2000
- Monitoring the database growth, checking for performance bottlenecks and taking backups for disaster recovery
- Performance tuning of Oracle and MS-SQL databases
- 24/7 On-Call support
- Daily duties included reporting status of System and Database to ensure it is up and running. Reporting and inspection of alert logs, tablespace monitoring and partitions that span across several instances
- Documented database configurations and procedures
- Database administration, Backups, Table space management and reorganization using BRTOOL
- Daily Administration tasks on Windows NT Servers.
- Configuring the systems for various peripherals, tape drives disk drives.
- Installed, configured and maintained modems, network printers and local printers
- Installing required patches, regular house keeping tasks.
Environment: Oracle 8i, PL/SQL, HP-UX, Windows NT/2000