SAP security manager:

Solutions-oriented SAP Security Specialist with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of ERP business objectives. Excellent technical, analytical, interpersonal, communication and management skills.

• Track record of increasing responsibility in secure network design, systems analysis and development, and full lifecycle project management.
• Demonstrated capacity to implement innovative security programs in SAP R/3configuration tools, SD, MM, PP, FI/CO, HCM modules, SOD (Segregation of Duties) tools, GRC VIRSA Compliance Calibrator, Firefighter and Access enforcer, Security programs that drive awareness, decrease exposure, and strengthen organizations.
• Hands-on experience leading all stages of system development efforts, including requirements definition, design, architecture, testing, and production support.
• Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams.
• Adept at developing effective security policies and procedures, project documentation and milestones, and technical/business specifications.

Core Competencies: Security Project Management, ERP Implementation, IT Audits, Network & Systems Security Audits; Business Impact Analysis; Regulatory Adherence; Data Integrity/Recovery; Disaster Recovery Planning; Contingency Planning; Research & Development; Risk Assessment; Cost Benefits Analysis, Security Audits, SAP GRC.

Platforms: UNIX (Solaris, HP-UX), Cisco, Juniper networks, Microsoft Windows® operating systems NT,2000, XP, Linux (Red Hat, Yellow Dog), Sun SPARC, Mac OS, J2EE, AIX and ClearCase applications.
Networking: TCP/IP, LAN/WAN, Novell, DECnet, Banyan, ISO/OSI, IPX/SPX, SNA, SMS/SQL, Ethernet, Token Ring, FDDI, LDAP, VPN, SSH, SecureID, PGP, PKI, PIX, ASA, Checkpoint, HIPAA, CFR-11.
Languages: UNIX Shell Scripting, C, Basic, Troff, Nroff, HTML, Perl, PHP.ABAP, VB, CATT scripting, SQL Server.
Methodologies: CoBIT, COSO, PCAOB AS5, SAS 70, Basil II, GLBA, SOX, PCI DSS, ISO 17799, ISO 27001,SB 1386, Single Sign On (SSO), PMBOK, RUP, SDLC, FAR, DAR
Tools: LAN Manager, ISS RealSecure, Checkpoint Firewall, Norton Firewall and Ghost, McAfee/Norton Virus Protection Utilities, HP OpenView, Network Flight Recorder, IBM Tivoli, Tripwire, PKI,SSL, DES,IKE, Snort, LDAP, SAP GRC 5.3, VIRSA, APPROVA, Firefighter, Profile Generator, SNC(Secure Network Configuration), Movaris, Lotus Notes, LiveLink, ARIS, Microsoft Office System (including Microsoft Word, Microsoft Excel, Microsoft PowerPoint®, Microsoft Access, and Microsoft Outlook®), Microsoft Project, and Microsoft FrontPage®.

Professional Experience:

Confidential, Huntington Beach, CA 2/2002 Present
Manager, Information Security
Established and managed enterprise-wide information-security program. Oversee companywide efforts to identify and evaluate all critical systems. Design and implement security processes and procedures and perform cost benefit analysis on all recommended strategies. Collaborate with external auditors to conduct in-depth compliance audits and penetration testing, presenting all results to senior management. Develop curricula and facilitate awareness training for management and employees. Supervise daily activities of Information Security officer and Network Administrators.

Define customer requirements, perform security audits and provided results and recommendations:
Clients included: Boeing company, Raytheon, ELG lending, DirecTV, PC Mall, Pan American Bank, United Credit Corp, Outdoor channel TV, Newegg Computers, Impac Funding, Hines Nurseries, Capital Commercial Bank, Dole Foods, County of Riverside, CA, Applied Materials, Capital Commercial Bank, 99 ¢ Only Stores Plus many others.
Worked with Big 4 Engagement teams from: PwC, KPMG, BDO Seidman, Jefferson Wells, Deloitte & Touché.

Key Contributions:

• Maintained and communicated on the intranet all SAP security policies and practices.
• Designed and Implemented One LDAP on Sun Solaris to support Identity Management.
• Designed Security and Data migration of multiple NT domains into secure Active Directory environment. Migrated all applications to Windows Server 2003
• Spearheaded creation of four new information-security departments, including Risk Assessment, Vulnerability, Penetration Testing, and Security Engineering services.
• Identified key automated controls via review of business process documentation. Validated Sarbanes-Oxley documentation for completeness, adequacy and testability. Reviewed controls for Risks and Gaps
• Participated with administration of SAP Security team including problem resolution, ID creation and maintenance, transport creation/release/move, and role creation/maintenance·
• Designed SOD matrices using SAP GRC V5.3 for SAP HCM Security. Created over 4,300 security roles both single and composite, remediated all conflicts to satisfy audit requirements.
• Created CATT scripts for mass user creation and maintenance, Assign roles to user ids, implemented security in BW and HR modules to satisfy Business requirements
• Instrumental in developing and implementing Business Continuity and Disaster Recovery (BCP & DRP) Plans for corporate sites throughout US and Worldwide Data Centers.
• Designed and implemented SAP HCM, Segregation of Duties issues, generated Security Access Matrix, trained developers on VIRSA tools and SDLC procedures. Implemented paperless Change Management using HelpStar, reduced processing time by 70%, while establishing an auditable trail.
• Materials Management, migrating from a legacy Program managed the RFP and negotiation process for recommending and selecting of HCM system, worked as program manager for implementation of SAP HCM including Personnel management, Time management, Benefits administration, e-recruiting, EEO4 and EEO5 reporting in the public sector
• Project manager for implementation of SAP R3 Materials Management, migrating from a legacy system, maintained project schedule from blue print to production support
• Implemented SAP administrative functions including transport management, client management, peripheral management and user management.
• Setup user IDs for all production SAP/R3 and BW users and assigned authorization levels based on their job descriptions.
• Designed, developed and implemented SAP Security roles using Profile Generator for the modules FI-CO, HR, SD, MM, PP, CRM, SRM and SAP BW. Tested all controls for SoD issues.
• Project Manager for BW data modeling, Object activation and development, performed UAT and go-line testing, ran class room sessions for end user training and support.
• Re-engineered configuration of TMS (Transport Management System) chose transportation workflow and validated the security roles.
• Validated all Super users in SU01, removed users from SU01 based on their job functions. Implemented HMC (Hardware Management Console) for automated controls.
• Program manager for a SAP conversion project From ECC 5.0 to ECC 6.0 for a retail client in Southern California and Texas
• Supported project team security admin and testing requirements for sandbox, development, training, test and production
• Hand selected employees from Information Technology department to build Risk Assessment Team charged with analyzing all critical systems, developing reports to document systems vulnerabilities, and recommending appropriate solutions.
• Created companywide policies and procedures governing corporate security, email and Internet usage, access control, and incident response, implemented VIRSA Compliance Calibrator, automated SOX and PCI DSS reporting requirements.

Confidential,Anaheim, CA 1997 2002
Manager Security & Audits
Managed all end user access to SAP and non-SAP applications, ensured all end users have access to functions and data necessary to perform assigned job duties, and established appropriate controls around sensitive and confidential data transmission, Implemented VERSA including SOD reporting. Built and mentored cohesive, qualified teams committed to meeting schedule and budgetary needs.
Key Contributions:

• Authored numerous ISO 17799 and BS7799 procedures and security policies in support of engineering operations, participating in regular audits to ensure regulatory compliance.
• Provided knowledge transfer to client’s project representatives,
  Use the SAP Audit Information System to structure and conduct thorough security checks and configured important security monitoring mechanisms.
• Designed, Implemented and managed Central User Administration (CUA)
  Configured standard SAP role maintenance tools to produce secure company-specific roles and authorization profiles Implement und use the SAP Security Optimization Service (SSO)
• Performed operational and financial integrated audits and pre- and post-implementation reviews, worked with stakeholders to remediate weaknesses.
• Helped establish annual audit plan for core competency areas using risk assessment methodology.
• Reviewed systems for adequate management controls, efficiency, and compliance with policies, regulations, and accounting principles. Made recommendations to comply with BS7799 and Safety controls.
• Created flowcharts to document business systems and processes for IT audit reports, automated over 50% controls for auditable trail.
• Coordinated with Engineering, Finance and Treasury departments to create remediation plans for deficiencies found during audits.
• Advised process owners on new applications, identified potential security concerns, developed approach to mitigate risks, and worked with IT to implement recommendations.
• Chaired Change Control Board function, maintained Global view of company priorities by providing objective decisions consistent with change control policies and procedures, reduces emergency changes from 80% to 10%.
• Managed creation of high-profile HATP (High Availability Transaction Processing) solution, supervising development teams working in multiple locations.
• Developed highly effective Software Manager Application to enable disk-free software upgrades deployed through ATMs and desktop systems worldwide.
• Deployed over 2,500 systems in Windows 2000 environment, ghost from master in record time.

Confidential,Newport Beach, CA 1991 1996
Director Engineering, Network Developer
Provided comprehensive remote and onsite support for domestic and international customers including Tier-III support for LAN/WAN products and sales support for key accounts of all sizes.
Key Contributions:

• Designed and implemented customer call-center support procedures and customer network design strategy for sales and marketing teams.
• Developed and maintained consultative relationships with IT management and staff in the areas of data management, data enter operations, change management, security and contingency planning.
• Recognized for outstanding quality of customer service with numerous customer-support awards and personal commendation from clients.

Confidential, 1983-1991
Director Product Development
Director Engineering
Project Manager
Designed products in the US and manufactured in the Far East, transferred technology for the manufacture of telephone answering machines, feature phones, FAX machines, cellular phones and telecommunications products.
Manufactured over 70,000 units per month in six countries

Education and Credentials:

BS Electronics Engineering
MBA

Professional Training and Certifications
CISSP Certified Information Systems Security Professional
MCSE - Microsoft Certified Systems Engineer
Professional Affiliations:
Member Information Systems Security Association
Member- INFRAGARD, Guarding the nation’s infrastructure
Senior Member Society of American Military Engineers