PROFESSIONAL SUMMARY:

• Senior SAP Security and GRC consultant with 8+ years of experience in SAP Security and over 4 years of experience in GRC Access Control component along with VIRSA 4.0 Risk Assessment tool.
• 3 Full life cycle implementations of SAP Security projects from design phase to Post implementation phase.
• Strong experience in designing authorization roles for SAP ECC, SAP BW, SAP HR, SAP SRM, SAP CRM and Enterprise Portal systems.
• Experience in SAP S/4 HANA Security using HANA studio - configured Standard, Technical and Restricted Users.
• Successfully created System, Object, Analytic and Package Privileges and assigned to end users.
• Experience in SAP Single Sign on 3.0 (SSO), SAP Enterprise Threat Detection 1.0 (ETD).
• Performed Security on Business Process Monitoring (BPM) using Solution Manager with ECC as managed system.
• Successfully implemented SAP Fiori Security for end user mobile application interfacing with ECC.
• Good experience in structural authorization security of HCM module and troubleshoot user ESS, MSS issues.
• Extensive experience in using ChaRM Lite in Solution Manager (SolMan) for Change Requests and performing retrofits between dual landscapes along with security changes and configuration validations.
• Implemented Security on JAVA Landscape for PI systems and expertise in using UME (User Management Configuration) groups and roles.
• Experience in Security of Transportation Management(TM) and Event Management (EM) of SCM module.
• As a security administrator, strongly expertise in using Profile Generator (PFCG) for creation and maintenance of Roles/Activity groups as required and expertise in Security Administration activities such as creating User accounts, Password resets, locking and unlocking users.
• Created mass users and roles using eCATT scripts, LSMW scripts and BAPI’s.
• Experience in configuration and maintenance of CUA (Central User Administration) landscape.
• Hands on experience in using Service Market place for opening OSS connections, KBA’s search, SNOTE search for corrections and Security enhancements provided by SAP, conduct research in Onapsis for current vulnerabilities check and compliance.
• Experience in cyber security tools CyberArk, Incapsula WAF.
• Extensive experience in analyzing and processing SOD issues using VIRSA 4.0 Compliance Calibrator, GRC 5.3/ 10.0/ 10.1 Access Control tools such as RAR/ARA, SPM/EAM, CUP/ARM, ERM/BRM components.
• Excellent understanding of Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI) controls, policies and procedures.
• Successfully configured SAP GRC Access Control 10.0/10.1 components.
• Involved in Configuration and customization of Multi-Stage Multi-Path (MSMP) workflows, BRF Plus Rules.
• Hands on experience in Rule Set Customizations, Configuring Mitigation Controllers, Approvers, Monitors in ARA.
• Successfully defined best practice methods for usage of security controls for SAP GRC Access Controls.
• Comprehensive knowledge in ITIL best practices coupled with excellent communication skills.
• Experience in documenting monthly audit reports, audit logs, policies, procedures and other tracking documents to monitor health of the system and project.
• Adept in using Quality Center and apply security best practices for requirements management, test planning, defect reporting, defect tracking and ensuring quality standards.
• Experience in onsite - offshore engagement model, team lead off shore team for project activities and provided training and mentoring the team.
• Enthusiastic and eager to take responsibility and initiative in any given task.
• Self-motivated in handling the work assigned and adhere to SLA deliverables and deadlines.
• Experience working in both team and individual environments and always eager to learn new technologies and implement them in challenging environments.

TECHNICAL SKILLS:

ERP: SAP ECC 5.0/6.0, SAP BW 3.5/BI 7.0/7.4, VIRSA 4.0, GRC AC 5.3/10.0/10.1, SAP S/4 HANA, SAP CRM, SAP PI Java, SAP SRM, SAP SCM, APO, Enterprise Portal, SAP SSO 3.0, Solution Manager 7.1/7.2, SAP Fiori, SAP ETD 1.0.

Cyber Security Tools: Cyber Ark Privileged Account Security Solutions (EPV & PSM), Incapsula WAF.

Service Tools: Service Now, BMC Remedy, IBM Tivoli with Lotus Notes, PIER Tool.

Programming Languages: ABAP/4, J2EE, T- SQL, C, C++.

Database: MS SQL Server 2008 R & 2012.

Operating Systems: Windows (Server Edition, Enterprise Edition), UNIX, LINUX (CentOS, RHEL).

WORK EXPERIENCE:

Confidential, Bellevue, WA

Sr. SAP Security and GRC Consultant

Responsibilities:

• Responsible for managing complex SAP landscape (both Production and Project landscapes) which contains SAP components ECC 6.0, BW, GRC, Solution Manager, CRM, SRM, SCM, OER, APO, PI, Enterprise Portal.
• User and Role Administration of all SAP systems in both Production and Project landscapes.
• Troubleshoot and resolve end user login issues, IDOO/Biller Direct issues, authorization issues, portal issues, BW issues and other access related issues.
• Worked on Role enhancements. Created/modified Single, Composite and Derived roles and transport roles from development system to quality and finally into production systems.
• Gather requirement and coordinated with business and technical teams during the role enhancements and support design/development, UAT and production deployment.
• Providing detail reporting on Segregation of Duties (SoD) and critical access violations at both user level and role level.
• Scheduling and working on reports of background jobs as well as foreground jobs during the risk analysis in SAP GRC AC suite.
• Performed role and user level risk analysis and hence mitigating risks and roles as required to achieve the overall security compliance strategy.
• Extensively performed and monitored transaction codes SU01, SU10, SUIM, SU53, SU56, ST01, SU03, SU21, SU24, PFCG, PFUD, SCC4, SUPC, STMS, SE01/SE09/SE10, SM18, SM19, SM20, SM30, SE11, SE16, SE37, SE38/SA38, SE54, SE80, SE93 and SE97 in SAP Security.
• Resolved day to day Support tickets within SLA.
• Used AGR*, USR*, USH* tables and SUIM for different reporting and analyzing purposes.
• Creating OSS ids, S-User ids, Developer keys, Maintain credentials in Secure area at SAP Market Place.
• Planned and supported monthly production and non-production outages.
• Supported I Phone 8 and X Launch from pre-order phase to national launch phase.
• Conducted meetings with process owners to gather project requirements and prepared a common template framework for security roles design.
• Extensively performed impact analysis of existing Retail, Supply Chain, Procurement and Back Office Inventory Roles.
• Worked closely with functional team identifying impacted transaction codes, authorization objects and business areas in SAP ECC.
• Prepared role to process owner matrix to track the analysis and project requirements.
• Re-designed and developed roles and moved it to Quality for UAT.
• Coordinated with functional teams of respective business areas and setup test user id’s and tracked the project UAT phase.
• Perform Retrofits using Solution Manger ChaRM for Dual landscape as per the project changes.
• Conducted meetings with process owners to gather project requirements and prepared a common template framework for security roles design.
• Performed impact analysis of entire existing roles and business areas and projected the Level of Efforts as per Project requirement.
• Prepared role to process owner matrix and coordinated with Business Point of Contacts or Role Owners to explain the impact and tracked for approvals.

Environment: SAP ECC 6.0, SAP BW, SAP GRC (AC 10.1), SAP Solution Manager 7.2, SAP CRM, SAP SRM, SAP SCM, SAP OER, SAP APO, SAP PI, Enterprise Portal, SAP S/4 HANA.

Confidential, SFO, CA

Sr. SAP Security and Cyber Security Consultant

Responsibilities:

• Implemented security strategy during a business divestment and developed roles, coordinated with business and testing teams to resolve or mitigate any technical issues during the build, testing and UAT phases.
• Worked with development teams for custom security and performed traces, authorization checks, role build, role changes, test id’s setup during the project course.
• Defined system scope and objectives and provided requirements, solutions and recommendations at different phases of project which includes design, coding, testing, troubleshooting, modifications, implementation, deployment and SLA’s.
• Used the transport management process to promote security changes following documentation procedures.
• Involved in design, configuration, testing and deployment phase of SAP Single Sign on 3.0 (SSO) implementation and performed analysis of the security solution.
• Documented security test scenarios for SSO implementation and performed end to end testing at both application and network level.
• Identified defects and observations during testing of SSO functionality and monitored the progress of defects from time to time in HP QC (ALM) tool and collaborated with basis team on the issues.
• Performed user administration activities, troubleshoot authorization issues.
• Demonstrated SSO functionality to key users, onsite team and offshore team.
• Worked on analyzing SAP Enterprise Threat Detection 1.0 (ETD) implementation which helps in evaluation of vulnerabilities at application level.
• Documented architecture, technical design, security test case executions and S/4 HANA integration analysis.
• Co-ordinate with Basis team during configuration of SECM logs in ETD for both application and leveraging database logs from SIEM enforcing with organizational security policies.
• Analyzed security breaches with the help of standard pattern detections by monitoring in ETD’s forensic lab for the entire SAP production landscape.
• Conducted research in Onapsis blogs and other cybersecurity forums to find the current cybersecurity risks and vulnerabilities and attend demo sessions on the required topics.
• Worked on analyzing CyberArk security tool as part of Identity and Access Management (IAM) solutions.
• Documented architecture, technical design of CyberArk components such as Enterprise Password Vault, Privileged Session Manager and Application Identity Management.
• Evaluated SAP shared privileged accounts and application accounts to feed into CyberArk EPV component.
• Worked on analyzing Incapsula WAF security tool as part of security implementation on SAP web based systems (CRM).
• Documented technical design, access flows such as learning mode, blocking mode and threat pattern analysis for CRM system.
• Analyzed logs from Apache Servers of SAP Systems for vulnerability checks in the directories as part of testing Layer 7 attacks.
• Analyzed all HTTP/HTTPS URL’s and monitored traffic through Incapsula WAF.
• Performed network related commands such as PING, TRACERT, TRACEROUTE, NETSTAT, NSLOOKUP, IPCONFIG, WHOIS, SSH, NGREP for windows and UNIX systems.
• Analyzed threats such as SQL Injection, Cross Site Scripting, Remote File Inclusions, DDoS attacks using Incapsula WAF tool.
• Lead off shore team for project deliverables, executions and track progress to ensure the completion of the project milestones.
• Prepared off shore activities and transitioned to the team for their day to day work.
• Identified risks at different stages off shore project executions and initiated risk mitigation plans.
• Provided base line estimations of the service deliverables and build flexibility to adapt to changing client needs.
• Status updates to project managers, stake holders and forecast the estimations and performance of the project from time to time.

Environment: SAP ECC 6.0, SAP SSO 3.0, SAP S/4 HANA, SAP ETD 1.0, CyberArk, Incapsula WAF, HP QC (ALM).

Confidential, Dundee, MI

Senior SAP Security Analyst

Responsibilities:

• Involved in meetings for gathering the requirements from business and developing simplified and standardized security roles for the users in each company within the controlling areas.
• Helped the application and business teams for master data loads into testing systems.
• Worked with application teams to get UAT completed in controlled access environment before moving to production.
• Also, worked closely with Basis team in handling system refreshes and performed security refresh procedures.
• Worked on adding new personnel areas into roles in HR module, also sales groups, sales district and sales office in SD module.
• Worked on ChaRM Lite in SolMan for transports and includes dual landscape maintenance for the change requests and performing retrofits and solving any transport issues.
• Validated configuration and implemented security in SolMan around Change Control Management which includes change management work centers (SM WORKCENTER), CTS, Quality gate management and Change request management.
• Also, worked on implementing security for Business Process Monitoring (BPM) using Solution Manger and ECC as managed system. This helped business (especially FI, MM, SD teams) to monitor and forecast the business trends using BPM analytics.
• Created custom roles in HANA DB for Developers, Modelers, Database Administrators and Business End Users.
• Worked on System, Object, Analytic, Package and Application Privileges within SAP HANA system.
• Participated in implementing PI Java Security and created new UME groups, new roles, creating users, assigning groups to users, troubleshoot and trace various authorization issues using diagtool provided by SAP.
• Worked on Security implementation for Fiori Mobile interface on POC in MM module using NetWeaver Gateway system as communication channel for leveraging REST services and OData Services on SAP Business Suite ECC 6.0.
• Re-engineered existing roles by running Security audit logs for business and application support users in identifying SoD t-codes and worked with Compliance team for helping them to configure and mitigate users in VIRSA and hence making roles and user access more compliant.
• Performed key controls review during internal audit of the company.
• Worked with compliance team during the external audit.
• Created custom parameter transaction codes in restricting the roles for table access maintenance (SM30).
• Worked with development team in setting up required AUTHORITY-CHECK for Custom Tables, Reports and Custom transactions.
• Extensively used t-codes SU01, SUIM, SU10, PFCG, SE16N, SWI5, RSABAPSC, SE38/SA38, SE80, SE93, SE97, ST01, SE01/09/10, STMS, SM36, SM37, PFUD, SUPC, PA20, PA30, PPOSE, PO13, RSA1, SCMA & SM WORKCENTER (in SolMan).
• Used AGR*, USR* tables for different reporting and analyzing purposes.
• Used PA*, HRP* tables for analyzing the relationship with different Info Types in the HR/HCM scope.
• Troubleshoot user ESS, MSS issues and perform user administration activities in the enterprise portal.
• Experience and knowledge in how to maintain authorizations by transactions through SU24 and experience in using USOBT C, USOBX C tables.
• Helped team for French translations of all the roles in multiple landscapes.
• Experienced in using MS Excel (VLOOKUP, HLOOKUP, Pivot tables, Macros), Power point and hands-on in document writing.
• Handled bringing 15000 users into SAP during the merger and created accounts for all the users using Active Directory across different landscapes.
• Helping the business to identify the right position role for every user in existing role model.
• Complete user administration in SAP landscapes (creating, modifying, and deleting, locking, unlocking and resetting passwords).
• Worked closely with Basis team and application support team during HR Support-packs (HRSP). It includes moving transports, locking/unlocking users using SU10, completing UAT on new security enhancements from the support packs.
• Analyzed missing authorizations by performing authorization traces to resolve security issues for users by using ST01.
• Performed regular activities and troubleshooting by using SU53.
• Understanding and implementing the Change Control process for any enhancements or operational changes when required.
• Coordinated with the offshore team and monitored the progress of the tasks in the maintenance landscape.
• Communicated technical and non-technical issues along with training in change management process to key users and business users when necessary.
• Worked on different security tickets on day to day basis and performing associated activities to user accounts based on approval workflow.
• Daily tasks also include creating user accounts, maintaining Info types in PA20, system cleanup activities such as account terminations, transfers, access requests, role changes, tracing and prototyping access issues using SU53, ST01, troubleshooting production issues.
• Analyzed RFC calls for Remote Function Modules (RMF’s) from different systems and secured them for user access.

Environment: ECC 6.0, BW 7.0, BW 7.4 on HANA, VIRSA 4.0, SolMan 7.1, XI/PI (ABAP and Java stack), HR, SCM, Fiori .

Confidential, Newark, NJ

Senior SAP Security and GRC Consultant

Responsibilities:

• Handled Security in designing roles for all modules of SAP R/3 such as FI, CO, MM, SD and PP.
• Worked on Role Maintenance, Transaction codes, Profiles, Authorization objects, Authorization groups, Single Roles, Composite Roles, Derived Roles and User Maintenance.
• Analyzed each role and mapped them to transaction codes per business process.
• Created and generated roles, profiles, authorization objects, object classes and assigned to user master record.
• Used Transport Management System (STMS) for Transporting the generated roles and profiles.
• Extensively used the following transactions on daily basis - SU01, PFCG, SU53, SU56, SU24, SUIM, SUGR, SE16 and ST01 for providing technical support to users.
• Working knowledge in HR security implementing structural authorizations in ESS, MSS, PA and payroll.
• Setup and maintain users and their personnel records in HR Structural authorizations, updates to HRP1000, PA0008, PA0105, restricted access to data working with info types and authorization objects P ORGINCON, P PERNR, PLOG, P ABAP, P APPL.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Configured Profile Generator and performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.
• Performed reconciliation of User Master record & roles using PFUD and SUPC.
• Providing Temporary Access to all the Users with proper approval from the respective Business Process Owners in all Productions and Non-Productions Environments.
• Worked with process experts for SOD conflicts and assigned appropriate roles to the users. Also, supported audit team for generating audit reports.
• Meeting the Key Stake holders and Business team for ongoing SAP Role based provisioning and for requirement gathering, analysis, designing Functional and Technical Documents workflow requirements, approval requirements and flow of request and data across multiple systems, serving as a Subject Matter Expert for SAP security.
• Implemented BI/BW Analysis Authorization (RSSM/ RSECADMIN) to maintain security for reporting users and troubleshooting the reporting issues using RSECPROT.
• Worked on implementing custom BI authorizations S RFC, S RS AUTH, S RS COMP, S RS COMP1 as per business requirements.
• Developed and maintained roles based on created analysis authorization and hence assigned to users.
• Performing BO (Business Objects) security at users and groups level, Universe level, Folder access level in Central Management Console (CMC).
• Also performing security at Environment level between browser to web server and web server to BOE.
• Configured all the four components ARA, ARM, BRM and EAM during GRC implementation.
• Configured MSMP workflows in Access Control Suite and activating the delivered business configuration (BC) set for Access Control Multi-Stage Multi-Path (MSMP) workflow configuration.
• Created custom MSMP workflows integrating with custom BRF plus rules as per business requirements and hence maintained agents.
• Involved in post installation and Configuration of GRC activities.
• Performed Risk analysis for role level and user level.
• Created, modified, locked users through ARM component and performed risk analysis.
• Created RFC connection between GRC and Backend systems.
• Part of Transport Management team. Scheduling the Transport releases and coordinating with different teams.
• Configured and maintained Printer set up using the transactions SPAD.
• Analyzed the output and spool requests.
• Implemented Notes in different landscapes.

Environment: ECC 6.0, GRC 10.1, BI 7.0, HR.

Confidential, Secaucus, NJ

SAP Security and GRC Consultant

Responsibilities:

• Changing the Design of a Single Role and Composite Role with Proper approvals from respective Business Process Owners following the Process Norms.
• Troubleshooting missing authorization using SU53 and run trace ST01.
• Monitoring and handling Background Jobs like PFUD for updating User Master Records in all Production and Non-Production environment on daily basis in all systems
• Experience in Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorization for various landscapes using Profile Generator
• Review and Transport the activities performed by other team members
• Extensively used SU22 and SU24 to update the USOBT C and USOBX C tables (transaction and the authorization objects).
• Monitored access to key authorization objects such as S BTCH ADM, S ADMI FCD, S TABU DIS, S DEVELOP for debug access etc.
• Worked with functional team leads to define new custom transactions, objects, classes, integrating them in transaction codes and then apply security restrictions for custom reports/queries and transactions.
• Handling Object level changes for Transaction Codes through SU24 to maintain Authorization in standard or maintained mode.
• Extensively used the following transactions on daily basis - SU01, PFCG, SU53, SU24, SM59, RSSM (for BW) and ST01 for providing technical support to users.
• Executing Computer Aided Testing Tool (CATT) reports to update Org levels.
• Creating analysis authorizations and maintaining them at both user and role assignments using RSECADMIN in SAP BI 7.0 Security.
• Performing Authorization Trace in SAP BI 7.0 and generating error log reports for analysis.
• Experience in user administration 24x7 on call production support, quick turnaround for end user requests, and Helpdesk support for user administration
• Checking for Segregation of Duties (SOD) issues while assigning Roles to Users and while changing the design of a single Role, Composite Role and User group creation.
• Role transport to multiple landscapes, TR release through SE09/SE10/SE01.
• Report generation using SUIM and to analyze the missing authorization based issue.
• Working with tables like AGR* for data collection and verification.
• End-to-end implementation of GRC Access Control Suite 10.0 and configured all the components in it as when required.
• Performed Role and User Analysis, Risk Analysis and Mitigating risks and roles as required.
• Checking the SoD (Segregations of Duties) using Risk Analysis and Remediation before assigning to the users.
• Working on Fire Fighter (FF) for Super User privileges like maintaining Owners, Controllers and Fire Fighter Access to user.
• Checking the log report as and when required for audit purposes.

Environment: SAP R/3, ECC 6.0, GRC 10.0, BI 7.0

Confidential

SAP Security and GRC Analyst.

Responsibilities:

• Undergone internal training on GRC Access Control suite.
• Well experienced in planning, designing, documenting and implementing security related standard procedures for the user administration, roles and profile generation. Created single roles, composite roles and derived roles as per organizational structure in R/3systems using PFCG.
• Monitored User maintenance on day-to-day basis and role maintenance on requirement basis.
• Setting up security roles and user accounts for over 800 End Users for primary Go Live.
• Monitored User maintenance on day-to-day basis and role maintenance on requirement basis.
• Identifying the missing authorizations using SU53/ST01 trace and maintaining them in suitable role and SU56 to find security problem.
• Troubleshooting performance issues & adjustment of SAP profiles.
• Locking critical transactions using SM01.
• Worked with the Business Process Owners to restrict sensitive transactions and security authorizations, and ensured segregation of duties (SOD) over all fields of business areas.
• Successfully transported the generated roles and profiles using SAP transport management system (STMS) and handled single& mass generation of roles and transport of roles.

Environment: ECC 5.0, BI 7.0, GRC 5.3

Confidential

SAP Security Analyst

Responsibilities:

• SAP Security administration and maintenance
• Design, Configuration & Testing of SAP Security Roles
• Creating/ Maintaining the ORG Fields in Objects
• Adequately securing programs, transactions and tables
• Role Download/ Upload, Mass Generation/ Mass Transport.
• Mass Assignment and Re-assignment of Roles/ Users
• Mapping of Missed Authorization Object in T-codes.
• Mapping of T-code with Reports and Programs.
• Monitoring Central User Administration (CUA).
• Maintaining (Create, Delete, Change, Copy) SINGLE, COMPOSITE and DERIVE Role in Customer Namespace.
• Performed Spool Administration, Client Administration, SAP background job scheduling and monitoring, Transport Organizer and other Basis day to day activities.
• Locking critical transactions using SM01.
• Assigning HR ESS/MSS access to the user as per requirement.
• Analyzing SU53 screen shots to debug authorization problems.
• Analyzing ST01 trace log to fix the authorization bugs.

Environment: ECC 5.0, BW 3.5, HR.