SUMMARY:

• Hands - On results-driven professional with over 15 years of advanced IT experience in the areas of SAP Security, SAP Identity & Access Management(SAP IDM), Risk Analysis & Management, Audit & Compliance, Fraud & Privacy and Software Engineering.
• Experienced in multiple end-to-end SAP Security Design, Implementation and Administration of Authorization Concepts of different SAP Application modules and Governance, Risk and Compliance (GRC)
• Industry experienced span Telecommunication, Energy, Manufacturing, Confidential and Health-Care
• Strong understanding of information security management principles, SAP application security implementation methodologies, role based access controls, distributed systems administration, and distributed system recovery.
• Experienced in Incident and problem management of complex security problems and development challenges.
• SAP body of knowledge includes Access Controls (GRC), Approver Biz Right, SAP Identity Management, SAP Security of FI, CO, SD, MM, HCM (HR), BW/BI, CRM, SAP Enterprise Portal, HANA, ESS, MSS and Active Directory.
• Experienced in audit (SOX, PCI, FDICIA, and HIPAA) and compliance standards of regulations applicable to business.
• In-depth knowledge of security across technologies, and multiple operating system environments including IP Networking, network protocols, VM Ware and application security.
• Ability to provide leadership and develop knowledge and capabilities of others.

PROFESSIONAL EXPERIENCE:

Confidential, Irving, TX

Senior SAP Security Consultant

Responsibilities:

• Achieved the design, implementation, upgrade, and support of SAP Identity Management (IDM 7.2 SP3 - SP7) that unified, integrated and distributed Identity and Access Management across SAP (ABAP, Business Suites, Portal\Java), Active Directory, and non-SAP landscapes.
• Accomplished the design, implementation,, support and upgrade of SAP Business Object Access Control (SAP GRC: SPM, RAR, CUP) Support Pack 10.0 and 10.1
• Fulfilled the integration of SAP Identity Management (7.2) and SAP Business Object Access Control 10.0 (GRC) for end-to-end, compliant, role-based provisioning.
• Performed implementation and production support of SAP systems: ECC, BW\BI, MDM, HR, SCM, CRM, Business Object, and HANA.
• Performed SAP Authorization Role design with profile generator (PFCG) that improved role security and efficiency.

Confidential, Dallas, TX

Senior Associate

Responsibilities:

• Discharged business advisory and assurance services to clients of PwC in the areas of Application Security, Logical Security, Privacy and Forensic services.
• Performed the upgrade of SAP GRC 4.0 to SAP Business Object access control 10.0 (RAR, CUP, SPM).
• Coordinated and performed the implementation, and support of SAP Business Object 10.0.
• Performed SAP authorization Business Role redesign to align with SOX compliance initiatives.

Confidential, Las Vegas, NV

Sr. SAP Security Administrator

Responsibilities:

• Performed implementation and configuration and of SAP BusinessObjects Access Control (GRC - RAR, CUP, SPM)
• Designed materials for SAP end-user.
• Provide reports of system access compliance and Segregation of Duties violations
• Performing day-to-day SAP security administration and support; analyze and correct authorization issues.

Confidential, Irving, TX

Sr. SAP Security Administrator

Responsibilities:

• Conducted security and continuity assessment. Configured security in SAP to meet corporate security requirements.
• Redesign SAP user roles that maximize benefits of GRC implementation and compliance with SOD, SOX.
• Implemented the GRC access control suite of products. (SUP, CUP, RAR).
• Provided security sustaining end-user support and user provisioning in all SAP environments, ECC 6.0, SCM, SRM, BW\BI, HCM, and GTS with PFCG, SUIM, SU01, and SU24. Performed OSS ID and Developer key administration.
• Secured accurate and complete business and functional requirements from stake holders and subject matter experts.
• Performed upgrade implementation of SAP HR (ESS, MSS, PA, OM, CATS, Benefits and compensation).
• Setup and managed SAP Central User Administration (CUA).
• Introduced and implemented COBIT and ITIL best practices to the organization improving operational processes.
• Interface with audit team to ensure risk mitigating controls are in place and operating effectively

Confidential, San Antonio, TX

Lead Architect - Integrated Application Security

Responsibilities:

• Coordinated and implemented the enterprise initiative to resolve the segregation of duties (SOD) risks in compliance with audit and regulatory requirements.
• Performed rule set customization and role remediation for SAP GRC access control products.
• Developed a and awareness plan for all constituents impacted by Access Controls implementation.
• Lead the security implementation of functional upgrade of BW3.6 to BI 7.0.
• Analyzed and resolved end-user security issues in ECC, SRM, CRM, BI, HR, Logistics and IS/U, with ST01 and SUIM.
• Defined Service Level Agreements (SLA) and work with the business to manage expectations on deliverables
• Provided solutions for resolving SOD conflicts and enabling access to authorized personnel
• Provided input in selection of application system software, with emphasis on security and compliance requirements.
• Utilized IT Service Management approach to implement HP Service manager incident and problem management.

Confidential, Dallas, Tx

Sr. Associate, Technical Risk Services - Business Advisory Services

Responsibilities:

• Performed solution implementation using the COSO model, COBIT and ISO 27002 security standards.
• Design, document and implement security narratives, policies and procedures and guidelines.
• Liaised with business functional teams, supporting teams and Internal Audit to create security roles according to a designed strategy to prevent the introduction of SOX compliance violations.
• Designed and implemented role-based security in compliance with client specific needs, environment, regulatory requirements, and Governance, Risk and Compliance practices.
• Served as external auditor attesting to effective operation of internal controls over financial matters in compliance with SOX, HIPPA and FDICIA regulations.
• Assessed, reviewed and tested risk analysis, general computer/IT controls and Application Controls.

Confidential, Reston, Va

Sr. Security Consultant

Responsibilities:

• Planned, scoped, executed and managed general IT, operational, compliance (SOX, PCI) and application audits, system pre & post implementation reviews audit plan.
• Participate in daily monitoring and problem resolution of all the SAP systems for security issues.
• Assist in the development and update of procedures and policies for the efficient operations of the SAP systems.
• Worked problem tickets and work queues and responded to user issues quickly and efficiently.
• Wrote test plans, participated in creating user rights authorization process (from request to provision).
• . Secured SAP default users, passwords and configuration settings (SAP ALL, DDIC, and Early Watch).
• Provides appropriate controls around sensitive and privacy data and transactions.
• Role creations and assignment with SU01 and PFCG, user master record management, authorization problem analysis using SU53, ST01.
• Analyzed and resolved Segregation of Duties (SoD) issues with VIRSA Compliance Calibrator.
• Provided security to client end users

Confidential, Dallas, Tx

Technical Consultant - SAP Security

Responsibilities:

• Worked with Business Owners to define security requirements that included user roles, authorizations designs, access control and compliance monitoring
• Provided SAP User, Role and profile administration of multiple SAP modules.
• Provide support to internal and external auditor

Confidential, Dallas, TX

SAP Security Analyst

Responsibilities:

• Assessed the operating effectiveness on internal control over financial matters as related to SOX 404 through walkthroughs, testing and reviews of Applications and IT general controls.
• Planned and executed the day-to-day activities of IT, SAP authorization concept and audit engagements for a variety of clients including system development, package implementation an platform reviews.
• Maintained and administered security in the SAP environment(all modules of ECC6, BI,SRM,EP, PI) including the development, implementation, and management of SAP Security Roles.
• Identified and resolved SoD conflicts using VIRSA Compliance Calibrator.

Confidential, New York, N.Y

Technical Security Analyst

Responsibilities:

• Crafted security solution that pro-actively secures sensitive and confidential data.
• Provided audit support to the implementation of a global database and network.

Confidential, Carrollton, TX

Sr. Software Engineer

Responsibilities:

• Responsible for the design, implementation and coding of Tax and Accounting Software with C++ and Visual Basic.
• Redesigned in-house applications and utilities with new and emerging technologies utilizing Visual C++, Java.
• Migrated CD-based application that served more than 25,000 clients into a remote server-based application by setting up Application, Database and File Servers in a Multi-Org data center.

Confidential, Arlington, TX

Database Programmer

Responsibilities:

• Designed and developed database applications and ActiveX controls.
• Administer Computer System Networks for multiple clients.
• Performed Database Administration of SQL Server using DDL and DML

Confidential, New York, N.Y

Systems Administrator

Responsibilities:

• Designed and implemented logical security to protect Databases and Networks.
• Administered UNIX and Novell networks.
• Designed and coded database applications that track asset valued at over $10M.