Objective

To ensure my 7+ Years of Experience SAPSECURITY &SAPGRCExpertiseprovides an efficient and effective structure for ensuring the security, integrity, accuracy and availability of all the enterprise information.

• Extensive and Hands on Experiencein GRC Implementation, Automation, upgrade experience with GRC CUP, RAR, ERM, SPM, SAP CUA (Central User Administration) integration with SAP ECC 6.0.with an excellent understanding of Sarbanes-Oxley Act ( Section 302 and Section 404).
• Strong Experience in understanding Segregation of Duties and Audit Compliance Standards.
• Strong experiencewith multipleSAPsecurity lifecycles(Analysis & Conception, Implementation, Quality Assurance &Tests and Cutover).
• Excellent knowledge in profile-basedsecurity, structural authorizations, Central User Administration, Computer Aided Test Tool (ECATT/SECATT), Segregation of Duties (SOD), SAPGovernance Risk and Compliance.
• Rich experience in Integration ofSAP Security in SAP R/3, SD/MM/HR/PP/IM/PS/BW/SEM-BPS modules withFI/COand in overall business processes such as, order-to-cash, purchase-to-pay and make-to-Order.
• Worked in all phases of full life cycle implementation using ASAP methodology including analysis, design development, blue print phase, configuration, Cut-over phase, Testing, Training, GO-Live and Post implementation support.
• Utilized flexible security framework that can beadapted tospecific customer (business partners) needs for Interaction Center CRM (Security) and Access Control Engine, User Centered Design (UCD), ACE, CRM 2007, Business Roles, & Technical (ABAP) environments.
• Monitoring the status of Background jobs, Work Process, health checks, analyze system logs.
• Configured RFC connection between the systems in a landscape.
• Involved in upgrades (4.7to ECC 5.0 & 4.7 to ECC 6.0).
• Experience working on End to End business process for Trade Payables, Trade Receivables, Inter-company Payables, Intercompany Receivables, Material Movements, Stock Transfer Orders, Scheduling Agreement.
• Proficient with MS Word, Excel, PowerPoint.
• Ability to work effectively in cross-functional team environments and experience of providing training to business users.
• Superior Communication skills, strong decision making skills, Organizational skills, and customer service oriented, comfortable working in a fast-paced, hands-on, growth oriented environment. Excellent Analytical and Functional skills.
• Proven ability towork on multiple tasks concurrently completing them with in time and budget.
• Proven ability to work effectively in a team environment.
• Possess excellent planning and organizational skills.

Technical Skills:

SAP Security FI, CO, GRC AC 5.2/5.3/10.0, Virsa tool, IDOCS

SAP Version

SAP R/3 ECC 6.0, 5.0, 4.7, 4.6C

SAP Specialization

SAP R/3 Security , CUA, Data migration, Authorization, Transport, SOD, Profile Generator

Languages

Java, Perl, PHP, SQL, ABAP, XML, HTML

Operating Systems

Linux, UNIX(Solaris, AIX, HP-UX), Windows Server 2000/2003

Databases

Oracle 10g, MS SQL Server 2005

Other Tools

FTP, HTTPS, AS2, PHP, VMWARE, QTP, CVS, Remedy ARS, Visio

Education

• Bachelor of Engineering in Mechanical Engineering.

Experience

Confidential,
Apex, NC
SAP GRC Consultant

09/2010 –Present

Project Contribution:

• Configured and Implemented GRC Access Control Suite 5.3
• GRC implementation; automation; upgrade experience with GRC RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP GRC.
• Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues.
• Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations.Risk
• Using RAR produced Analytical Reports on User, User Groups, Roles and Profiles. Analysis reports provide real-time data and Management reports retain an offline history of SoD status.
• Performed remediation and mitigation against various risks associated with roles and users. RAR has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change.
• Experience in creating and assigning FF ID’s and extracting Fire Fighter logs. A firefighter ID is a temporary user ID that grants the user exception-based, yet regulated, access. The firefighter ID is created by a system administrator and assigned to users who need to perform tasks in emergency or extraordinary situations.
• Configured distribution list in CUP, by creating an LDAP connector, created distribution group and add DL group to DL Approvers.
• Created distribution list users in LDAP and UME, assigned distribution list to Roles.
• Configuring and trouble shooting of HR triggers in CUP
• Created SAP HR Connector, HR Triggers, Field Mapping.
• Configured Workflow, actions and rules.
• Configured HR trigger provisioning and scheduled background jobs.
• Configured User Data source and defined authentication system for requestors using CUP
• Strong capability in using CUP to use the work flow functionality to ensure a comprehensive and compliant change management process for risk control and maintenance.
• Experience in using CUP to configure workflow for User Access Review and User SoD Review.
• Setting up role creation methodology, condition group and role approvers using ERM.
• Skilled in using ERM to configure an approval workflow for role maintenance in Workflow Engine.
• Successfully measured the system for SAP License audit 2010.
• Tracing the functionality after development phase and then designing the Roles/Composites, following SOD analysis and approval process to meet the timely deadlines.

Confidential
, Atlanta, GA
SAP GRC/Security Administrator

02/2009 –09/2010

Project Contribution:As a SAP GRC/ Security Administrator

• Administered SAPsecurityincluding project and module implementation, SOD detection and resolution, role creation and maintenance, and user ID creation and maintenance.
• Strong knowledge on SAP Security architecture creation and maintenance for SAP R/3, PI, MM, SD, & FI.
• Understanding the role design document and identifying the client requirements.
• Troubleshooting user access through authorization error analysis (SU53, SU56) and System Trace (ST01).Missing authorizations can be found with this analysis functions.
• Defining and assigning Role Approvers, Monitors, Risk ID owners, and Business Units.
• Risk ID creation and assignment to appropriate approvers & monitors for the risk. All the risk are later stored in the companies rule set.
• Analysis & Remediation of SOD violations against the various risk in SAP GRC 5.2.
• Role based Simulation of SOD at Transaction Code Level, Authorization Object Level, CriticalRole Level & Mitigation Level.
• Creation of a new Mitigation Control to reduce risk at User, Role and Profile levels. Mitigation is used only when we are not able to remediate or completely remove a particular risk.
• Mitigate the User ID against a particular risk to reduce or minimize the SOD violations.
• Schedule the various background jobs to perform the risk analysis based on business unit. The background job can be scheduled based on the user requirements. It is usually scheduled for day ending or weekends.
• Defining, Updating/Modifying the rule sets as per request. Each organisation has its own rule set based on the business structure. Mostly rule set is also defined by modifying the default rule set given by SAP that is GLOBAL rule set.
• Reviewing the Functional specification and technical specification for customized T-codes.
• Customization of roles and modification of existing roles. The profile generator is the tool used for this purpose.
• Creating and maintaining authorization objects for Transactions.
• Restriction of Org and Non-org authorization values in Master and Derived roles
• Restriction of critical authorization object at activities level in various designations
• Maintained authorization groups for all the required tables in the table TDDAT
• Utilized Active Directory based authentication, single sign-on, administration and password policy enforcement to enhance SAP Security.
• Worked on acquiring list of MSAD users under different security groups/user group classification
• Basic MSAD configuration.
• Worked extensively with SPM in creating and assigning of FIREFIGHTER IDs.
• Created User accounts of type “S”
• Implemented user exits to restrict users from logging into the firefighters ID using SAP GUI.
• Defined password in the security table and assigned an owner to ID.
• Assigned firefighter controller to the firefighter ID.
• Distributing Fire Fighter logs to owners.
• Assigning temporary ID to super users allowing emergency access and reporting for audit purposes.

Confidential,
CT SAP Security / GRC Consultant

12/2007 – 01/2009

Project Contribution:

• User master Record creation/ modification using SU01, including complex design restrictions.
• Mass user creation using SU10.
• Utilized SECATT for mass user creation allowing automatic testing of SAP business processes.
• Created QTP scripts for mass creation and deletion of users and roles during system clean ups, Mass role generation, user assignments and others as required for team.
• Role creation/ modification using Profile Generator (PFCG) including complex design restrictions.
• Ensured accuracy and segregation of duties through comprehensive testing of all profiles and authorizations.
• Expertise in resolving Authorization issues by analyzing Authorization Checks.
• Troubleshooting user access through authorization error analysis (SU53, SU56) and System Trace (ST01).
• Work with Functional, BASIS, and Network teams to troubleshoot complex access problems
• Monitor and maintain user ID through User Information System (SUIM) – created monthly audit reports.
• Worked extensively with SE01, SE09 & SE10 in managing mass transport
• Worked on audit logs using SM18, SM19 and SM20.
• Database and Server monitoring, system back up scheduling through Monitoring Transactions such as SM50, SM51, DB12, DB 13 etc.
• Monitoring & analyzing system logs, monitor background job logs, workload analysis, update troubleshooting, checking the status of work process, dump analysis (ST22) & clearing.
• Proficient in working with the tables USR*, AGR* and USH*.
• Extensively used VIRSA/GRC Access Control Suite to meet the SOX compliance.
• Performed risk analysis at User level and Role level and to mitigate risks for the users using Risk Analysis and Remediation (RAR) tool.
• Automated workflow for user maintenance using auto provisioning tool Compliant User Provisioning (CUP).
• Performed role maintenance using auto provisioning tool Enterprise Role Management (ERM).
• Using Superuser Privilege Management (SPM) tool provided Firefighter access required to address critical issues.

Confidential,
CA
SAP Security Administrator

08/2006 – 11/2007

Project Contribution:
As SAP Security Administrator I have to solve the authorization issues of end users,Creating roles and assign to users.
R/3 Security:

• Roles creation, deletion and modification based on requests.
• Single and mass roles transportation.
• Adding the standard and customized t-codes into the roles.
• Authorization groups creation and maintain authorization groups in the roles.
• Creating the new authorization objects and maintain as per request.
• Assign authorization objects to transactions.
• Adding the roles for existing users based on request.
• Passwords reset and lock/unlock the users.
• Increasing the validity period for users.
• Resolving the authorization issues using authorization check.
• Used system trace to trouble shoot authorizationproblems.

Confidential
, CA
Sr. SAP FICO / Integration Check Coordinator

05/2005 – 07/2006

Project Contribution:As a FI/CO Consultant

• Support Led SAP FICO implementation initiatives and support activities right from the requirements gathering – facilitation of client core team workshops, process mapping, blueprinting and global solution design, localization, testing and post go live support
• Responsible for weekly progress updates to the Executive Management Committee.
• Coordinated and set the strategic direction of management projects / team activities and schedules.
• Configured settings for check printing and assigned forms to payment methods and assigned ACH payment methods to EDI compatible payment methods.
• Posting period variants, fiscal year variants and field status groups. Defining line layouts for document posting and document changing, Worked on exchange rates, currency translation, realized gain loss postings, exchange rate difference key, validation group, open time/line item indicators, gain/loss GL account setup, Financial Statement Version.
• Worked on Intercompany postings, full, partial, residual incoming payments.
• Cash Discount Accounts are defined and also created accounts for Underpayments, Overpayments, Exchange Rate Differences, Rounding Differences, and Lost Cash Discounts.
• Worked on Functional specifications of checks, invoices and Check Design. Defined Check lots, Void reason codes.
• Worked on GR/IR accounts, maintained reconciliation accounts and the Special Purpose Ledgers.
• Configured Electronic Bank Statement, created search strings for check mapping, assignment of external business transactions to various movement types and GL accounts and funds movement within House Banks of different companies. Importing of electronic bank statement, displaying bank statements, conversion programs, post processing of bank statements and electronic check deposit.
• Worked on Data Migration including the mapping, conversion and loading of data thru LSMW projects.
• Worked on P to P processes, assisted the end users in GR/IR mismatch issues, involved in FI-MM integration, movement types, purchase requisition/order and valuation class.
• Tested all the customizations before and after the upgrade.
• Performed clearing between Customer/Vendor accounts, ran batch jobs, created variants & shortcuts.
• Provide user training of new configuration and reporting to management and business groups.
• Involved in month end closing and year end rollups for FI and CO activities.
• Drove decision-making and build consensus implementing key business process and best practices.

Project Contribution: As an Integration Check Coordinator/ Security Administrator

• Recommend, document, and execute procedures associated with patch management, transport management, copy/refresh strategies, client landscape maintenance.
• Good knowledge of Security and Authorizations, HR, IDM, CRM and authorizations-user management, SOD, monitoring, tracing and troubleshooting.
• Facilitate and execute technical tasks associated with functional testing and enhancements. Responsible for managing and training other Junior Basis/Security resources. Implement daily and weekly backup’s schedules, maintain backup and restore documentation.
• Configuring and troubleshooting the printer at SAP Level.
• Assist in Documenting and Maintaining security policies and procedures and all SAP authorizations, profiles and roles.
• Worked in close coordination with Audit team for user role removal in SAP R/3 and supported audit team in generating audit reports
• Secure Store & Forward Mechanisms (SSF) and Encryption, Decryption of documentation.
• Setup, Schedule and monitor batch jobs in SAP and interfaces.

Confidential,
IL
FI/AP/AR Implementation member,SAPVersion 4.6 C

08/2004 – 04/2005

As a team member involved in theImplementation of the FI Accounts Payable& GLmodule. Interacted with Client Business Users for requirements gathering and analysis, Review/Update the Functional Design Documents forSAPProcess Improvements, Functional design for extraction of data from legacy system and data mapping as per the Requirements ofSAP. Understandthe required Customizing activities and its impact on the proposed development activities

• ConfiguredSAPAP module, created vendor and account groups, tolerance groups, automatic payment programs, document flows.
• 3-way match invoicing, Inventory valuation, Tolerance groups, automatic payment system, vendor down payments, Material movement, payment requests, house banks, accounts -payment program configuration.
• Designed, documentedSAP(AP)reports in coordination withABAP developersfor respective functional specs by creating libraries, report groups.
• Designed, created payment proposals, configured settings for payment release, interest calculation.
• Created payment programs inSAP(AP), createdHouse banks, bank keys, defined payment, discount terms, settings for reconciliation of bank accounts, customer, vendor account re-grouping.
• Configured the Balance Sheet Adjustment Accounts and Exchange rate Gain/Loss accounts forGoods Receipt (GR), Invoice Receipt (IR) and Goods Issue (GI)for Canadian Company code.

Confidential,
PA
SAPQA Analyst

01/2004 – 07/2004

• Analyzed the functional requirement documents along with As-Is model and To-Be model.
• Developed detailes test cases, test scenarios, and test scripts based on FRS.
• Configured the test preparation - organizational structure from accounting view - Company Code, Chart of Accounts, defined posting keys, maintained field status variants and assign to company code, screen variants for document entry as per business specifications and tested the configuration in various scenarios.
• Tested the Integration between different modules - GL, AP, AR, Bank Ledger, Treasury, CO (CCA, Internal Orders), SD and MM.
• Tested and validated the customizations of credit control area for credit management in the application components AR and SD.
• Quality tested Sales (SD-SLS) customer contracts (Master, Quantity, Value, Service Contracts) and Contract release orders.
• Validated credit limit checks for SD processing, Risk management for receivables, assign Company Code to Credit Control Area.
• Tested customizations for the material ledger, reconciling accounts for the material ledger in different currencies, settings for material costing, maintained costing sheets, Costing & Valuation variants, product cost by period and valuation categories with balance sheet values by account.
• Tested Integrations of FI, FI-AA and CO-CCA. Involved in the design of Asset Class and Charts of depreciation in Fixed Assets.
• Configured Asset Accounting structure/valuating fixed assets, Treasury cash management, foreign exchange and payment program for payments.
• Validated customizations of appropriate settlement profiles to facilitate settlement to CO-PA and to CCA, Payment processing in AR and Automatic Account Determination.
• Developed AR aging report, created Invoice Layout and processed invoices.
  Worked on month-end and year-end processes (Balance Sheet and Profit & Loss Statements).