Sap Project Security Consultant Resume
Troy, MI
SAP Security Consultant
Summary of Qualifications Seven+ years' experience meeting SAP security needs of major corporations. Known for exceptional technical proficiency and astute application of Sarbanes-Oxley and other audit directives. Project management skills combine with demonstrated ability to develop and implement technical solutions to meet critical business needs. Outstanding leadership and interpersonal skills result in productive working relationships and top performance among staff. Effective communicator able to translate between technical and business units, making complex data easy to understand. Experienced to handle full access to confidential company data. Proven track record with R/3,BI 7.0, CRM 2007, SCM,SEM,APO systems-FI, CO, HR, PP, MM, QM, PM and SD modules. Well versed in automatic and manual profile generation as well as SOX administration using GRC 5.3 RAR, CUP AND SPM tools.
Technical Summary :
- Overall Eight years of IT experience including SAP Network administration area
- Six and half years of experience in SAP technology as a Security Administrator.
- Three and half year experience of SAP Security Architecture role including 3+ Full lifecycle implementation in SAP Security projects
- Three years Experience in SAP security production support. Worked with Project team to provide 24X7 supports to troubleshoot security problems/issues ASAP.
- Worked extensively on SAP ECC 5.0 as well as SAP R/3 - 4.7, 4.6c, 4.5 versions.
- Develop and document security role/activity groups, processes, and procedures.
- Extensive experience on Automatic Profile Generator (PFCG)
- In depth two year experience of BW 3.0 - 3.5 and SEM 3.5 security administrations.
- Perform SOD check at Role/activity group level as well as user level using simulation in production system in GRC 5.3 RAR, CUP, SPM tools.
- Business Information Warehouse v 3.0, 3.5 securities experience using Transaction codes RSSM and PFCG. Develop security for RRMX and workbench administration.
- Implement and manage central user administration for large number of user population. Used various CUA tool to manage and distribute changes. Analyze distribution Logs and resolve any issues.
- Define, monitor, and enforce SAP security policies and authorizations. Enhance current SAP security solutions as needed. Manage the user population through Central User Administration
- Maintain Security Audit Log: Configuration, Analysis and Reorganization
- Extensively worked with Sarbanes-Oxley Compliance Teams - Strategy management related to SAP business processes, transactions, control infrastructure, financial reporting process. Sarbanes-Oxley Section 404, Remediation of Segregation of Duties (SOD) within SAP R/3
- Preventative, mitigation and compensation controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy. Implementation experience of VIRSA Systems VRAT tool
- Developed Functions and critical transaction codes in VIRSA platform.
- Experience on working with various SAP tools like CATT Scripts, eCATT, Central User Administration. Advanced knowledge of PD authorization and BW security.
- Respond to requests and generate SAP security reports based on management and department needs. Excellent problem solving skills in a team environment with good communication skills.
- Helped with basis administration duties: analyzing short dumps, database performance analysis, trouble shooting using SAP Online Service System notes, corrections and transports executions, client copy and system refreshes, analyzed system workload and Performance tuning. Scheduled users' batch jobs using SM36/SM37, and setting up variants and remote report printing.
Professional Experience
Company : Confidential, Client : Confidential CHICAGO, IL. Title : SAP Project Security Consultant Duration : August 2008 till Present.
- Security strategies, procedures and solutions for PepsiCo specific ESM (Equipment Services and Finance Management) business modules in different SAP components (ECC, BI, CRM, SCM-ICH)
- Created new CRM 2007 Business Roles for PepsiCo's ESM business - upgrade from existing PCUI to WebUI framework (Business Role dependent view configuration / CRMC_UI_PROFILE, Org Model / Unit positioning - enhanced object assignment, Authorization Report Programs (CRMD_UI_ROLE_PREPARE, CRMD_UI_ROLE_ASSIGN) Synced more than 400 SAP GUI (Backend) roles with Enterprise Portal Roles assignments using LDAPSync for idM (Identity Management) & SOX implementation
- Worked on existing GRC 5.3 RAR, CUP, SPM tools for SoD Analysis, those meet SOX and SAS70 requirements for ESFM business segment and checks for Role modification, Authorization Change Management and User Mitigation
- Created various Functions in RAR tool (GRC 5.3-formerly Virsa)based on Work center, Job, Organization Unit, Profit Center, Controlling Area and so on to automate SOD / SOX compliance as a best Security practice and verified effectiveness with existing BizRight Rule Book.
- Improved security at Authorization Object level based on Internal - External Audit reports
- Created Fire Fighter Roles and Fire Fighter Ids for Super User Privilege Access Management IDs
- Configured Access Enforcer with idM (Identity Management) to simulate SOD checks for any new / existing user's request.
- Worked on Central User Administration for single point of control to user master, profiles, and composite roles (mapping of Single roles in different Child Systems)
- Supported Cut-Over activities (24/7) for Phased Go-Live, including Mass User Maintenance
- Trouble-shooting on various issues and worked on customizing Authorization objects, Activities / values / authorization groups to resolve issues permanently per business requirement.
- Created Derived / Child roles (from Master roles) based on the plant level security, and the roles with only the display authorization and others with create and change authorizations.
- Created generic Authorization Groups for the replacement of generic full authorization profiles.
- Secured HR / ESS application with Organizational Management and Structural Authorizations, including InfoTypes, Subtypes and sensitive HR Tables and Travel Management Application (Employee's sensitive data - banking / credit card, tax, payroll information)
- Implemented BI Security with management of Analysis Authorizations at Characteristics, Key Figure, and Hierarchy Node Level using Transaction RSECADMIN
- Created CRMCall Center Roles in ICWebClient and set up SSO with backend SAP System
- Successfully composed 40 customized enterprise profiles in BSP Application including Portal iViews and WebDynPro Applications in CRM PC-UI Framework and ACE Authorizations
Company: Confidential, Client : Confidential, Troy, MI.
Title : SAP Project Security Consultant Duration : August 2007 - August 2008.
- SAP 4.6C - Divestiture Project Security Administrator
- Redesign SAP security design for R3 4.6C and BW with version 3.5
- STRUCTURAL AUTHORIZATION Implementation in SAP HR 4.6C system
- Two cycles of security implementation in three phase design
- Design structural authorization profile for each divested entity to segregate access for HR employees
- Design security role/activity group/activity groups for each module with thorough discussion with business process owners
- Developed security role/activity group/ activity groups for HR system. Specially restrict access for executive users and salaried users
- Developed Base role/activity groups for FI, CO, MM, PP and OTC modules
- Derived role/activity groups from base role/activity groups for three level of organization structures using PFCG
- Used CATT script to derive more than 1000 role/activity groups and assign role/activity groups to more than 5000 users
- Analyzed each role/activity groups through SOD testing using SAP GRC tool- Virsa tool
- Extensively used Transport Management system to keep track of role/activity group/activity groups and profile transportation - between clients - from development system to production system
- Developed security role/activity group/activity groups for BW Queries and reports
- Discuss and analyzed thoroughly with BW configuration team members and identified Info-objects as authorization relevant
- Developed multi-level security design with maintained hierarchies and custom authorization objects using BW authorizations
- Managed Hierarchies using RSSM and transport it to other systems
- Troubleshoot BW authorization issues using RSSM Trace and analyzing it for missing objects and field values
- Design security for sensitive payroll information and other employee data
- Design security role/activity group/activity groups for ESS / MSS functionality
- Assisted in SAP daily system monitoring, Analyzing Database checks, Transport Management System and Spool Management
Company : Confidential Client : Confidential, Richmond VA Title : SAP Project Security Consultant Duration : April 2007 through July 2007
- SAP ECC 5.0 and BW 3.5 Security Administrator
- Full cycles of security implementation in SAP ECC 5.0 security design
- Developed role/activity group/activity groups from approved design using PFCG. Design role/activity group/activity groups based on the business requirements for different module users
- Developed security role/activity group/activity groups for BW Queries and reports Managed Hierarchies using RSSM and transport it to other systems
- Troubleshoot BW authorization issues using RSSM Trace and analyzing it for missing objects and field values
- Analyzed each role/activity group/activity groups through SOD testing using VIRSA tool
- Used Virsa tools to remove conflicting transaction codes in user master record and provide remediation to allow access for critical authorizations
- Extensively used Transport Management system to keep track of role/activity group/activity group and profile transportation - between clients - from development system to production system
Company : Confidential Client : Confidential, Dallas TX Title : SAP Security Consultant Duration : Jan 2007 through Mar 2007
- Provide technical and procedural expertise in security environment maintenance
- Worked as an SAP security team member to provide production system support at client site
- SAP ECC 5.0 Security administration. Worked with Security team to maintain SAP User IDs, profile, and Fire Fighter IDs
- Design and develop security role/activity group/activity groups and profiles using profile generator.
- Discuss and analyzed on going security problems at client side Provide solutions to existing issues and suggestions to avoid future problems
- Design security role/activity group/activity groups for each functionality in R/3 system with thorough discussion with business process owners
- Developed role/activity group/activity groups from approved design using PFCG. Add custom authorization objects for hierarchies used for reporting purpose
- Developed security role/activity group/activity groups for BW Queries and reports Managed Hierarchies using RSSM and transport it to other systems
- Troubleshoot BW authorization issues using RSSM Trace and analyzing it for missing objects and field values
- Developed security role/activity group/activity groups for HR system. Specially restrict access for executive users and salaried users
- Used Virsa Fire Fighter tools to provide fire fighter IDs in Production environment for developers. Keep track of the activities done by fire fighter IDs and provide reports to management
- Extensively used Transport Management system to keep track of role/activity group/activity group and profile transportation - between clients - from development system to production system
- Used scripting tools like CATT and ECATT for mass user administration. Created CATT scripts by recording transactions and use it to maintain mass number of users effectively within reasonable time periods
- Troubleshoot SAP authorization error logs through transaction code SU53 and provide solution based on it
- Use SAP Trace tool (ST03) to analyze existing authorizations and determine authorization objects to resolve complex authorization problems
Company : Confidential Client : Confidential, ELMHURST, IL Title : SAP portal Security Consultant Duration : July 2006 through Dec 2006
- Provide technical and procedural expertise in HR security implementation
- Designed BW security with version 3.5 For capital planning functionality
- SAP ECC 5.0 Security administration. Worked with Security team to maintain Portal security environment.
- Full cycles of security implementation in BW security design
- Discuss and analyzed thoroughly with SEM configuration team members and identified Info-objects as authorization relevant
- Design security role/activity group/activity groups for each functionality in BW system with thorough discussion with business process owners
- Developed role/activity group/activity groups from approved design using PFCG
- Developed security role/activity group/activity groups for BW Queries and reports Managed Hierarchies using RSSM and transport it to other systems
- Troubleshoot BW authorization issues using RSSM Trace and analyzing it for missing objects and field values
- Analyzed each role/activity group/activity groups through SOD testing using VIRSA tool
- Used Virsa tools to remove conflicting transaction codes in user master record
- Extensively used Transport Management system to keep track of role/activity group and profile transportation - between clients - from development system to production system
- Developed security role/activity groups for HR system. Specially restrict access for executive users and salaried users
- Design security for sensitive payroll information and other employee data
- Worked with SOX manager to identify existing SOD in production system and remove or mitigate them.
- Analyze financial system and identified the most sensitive transaction codes in production system and put under SOD matrices .Run reports based on sensitive Tcode to identify users having access to sensitive financial data
- Used VIRSA Tool to check SOD at role/activity group level as well as User level using simulation tool. Provide VIRSA Firefighter IDs to system administrators in production system.
Company : Confidential Client : Confidential, MADISON, WI Title : SAP BW Security Consultant Duration : Feb 2006 through July 2006
- SAP 4.6C and BW 3.5 Security Administrator
- Designed and administer BW security with version 3.5
- Full cycles of security implementation in BW security design. Manage the project as team lead for BW Security implementation.
- Extensively used Automatic Profile Generator (PFCG) to create Activity groups/profiles for various modules such as FI/CO, MM and SD.
- Configured Profile Generator and transported settings to all clients, setup security for the developers
- Created users and maintained user master and established security policies and procedures and assigned required privileges for the database access.
- Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
- Transported profiles between clients within R/3 system and between R/3 systems.
- Performed transports and mass transports of role/activity groups.
- Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes
- User maintenance SU01 (User creation / deletion / lockdown / activation / Password management).
- Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones with the help of functional heads
- Tracing missed files and authorizations for user's access problems and inserted missing authorizations manually
- Analyzed each role/activity groups through SOD testing using VIRSA tool
- Used Virsa tools to remove conflicting transaction codes in user master record
- Extensively used Transport Management system to keep track of role/activity group and profile transportation - between clients - from development system to production system
- Developed security role/activity groups for HR system. Specially restrict access for executive users and salaried users
- Design security for sensitive payroll information and other employee data
- Lead the project to analyze and remove the sensitive transaction codes from mass users to avoid SOX audit failure
- Successfully identified the most sensitive transaction codes in production system and put under SOD matrices
- Define Functions and critical transaction codes in VIRSA tool. Used VIRSA Tool to check SOD at role/activity group level as well as User level using simulation tool.
- Provide knowledge transfer to other team members. Created documentation for team references.
Company : Confidential Client : Confidential, Troy, MI. Title : SAP Project Security Consultant Duration : June 2005 through Feb 2006
- SAP 4.6C - L3 and L2 Security Administrator
- Lead Security team for daily support and enhancement during multiple releases - FI, CO, MM, SD, BW, HR security development
- Managed BW security with version 3.5
- Two cycles of security implementation in three phase design
- Design security role/activity groups for each module with thorough discussion with business process owners
- Developed Base role/activity groups for FI, CO, MM, PP and OTC modules
- Derived role/activity groups from base role/activity groups for three level of organization structures using PFCG
- Used CATT script to derive more than 1000 role/activity groups and assign role/activity groups to more than 5000 users
- Analyzed each role/activity groups through SOD testing
- Used custom tools to remove conflicting transaction codes in user master record
- Extensively used Transport Management system to keep track of role/activity group and profile transportation - between clients - from development system to production system
- Developed security role/activity groups for BW Queries and reports
- Discuss and analyzed thoroughly with BW configuration team members and identified Info-objects as authorization relevant
- Developed multi-level security design with maintained hierarchies and custom authorization objects using
- Managed Hierarchies using RSSM and transport it to other systems
- Troubleshoot BW authorization issues using RSSM Trace and analyzing it for missing objects and field values
- Developed security role/activity groups for HR system. Specially restrict access for executive users and salaried users
- Design security for sensitive payroll information and other employee data
- Design security role/activity groups for ESS / MSS functionality
- Provide ESS/MSS access to all 16000 users through out the system using portal access and LDAP integration
- Lead the project to analyze and remove the sensitive transaction codes from mass users to avoid SOX audit failure
- Successfully identified the most sensitive transaction codes in production system and put under SOD matrices
- Assisted in SAP daily system monitoring, Analyzing Database checks, Transport Management System and Spool Management
Company : Confidential Client : Confidential, WI Title : SAP security SOX consultant Duration : SEP 2004 To JUNE 2005
- SAP 4.7 - Security Administration and SOX consultant
- Managed BW security with version 3.1
- Worked with technical team to analyze and insert authorization checks in existing ABAP codes. Add external level of checks by inserting authorization check statements.
- Worked with user exits to improve authorizations for tables and data dictionary objects.
- Implement Central User Administration Environment. Define characteristics as local or globally manageable.
- Distribute changes among all uses in all systems. Get log of distribution and resolve any issues.
- Work with profile generator (PFCG) in creating role/activity groups, profiles, composite role/activity groups, derived role/activity groups, and global role/activity groups
- Perform Unit testing on created role/activity groups
- Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones
- Transported the generated role/activity groups and profiles using SAP transport management system (TMS)
- User Administration. Creating new users and maintaining users on day to-day basis User master maintenance through Central User Administration
- Used CATT script for mass user creation
- Helped the Audit team to assess the Organization structure, jobs, role/activity groups and the SOD matrix for the Security developed in SAP and handled SOD conflicts for Sarbanes Oxley Compliance accordingly
- Used Virsa tool for handling SOD conflicts.
- Used extensively in-house developed tools and SAP tools for analyzing SOD conflict, T-code assignment to role/activity groups and role/activity groups assignments to users
- Working closely with the Audit team for user-role/activity group conflict removal in SAP R/3 and SAP BW
- Supported audit team for generating audit reports
- Worked with process experts and Head of Departments for SOD conflicts and assigned appropriate role/activity groups to the users
- Effectively analyzed trace files (ST01) and tracked missed authorizations for users access problems and handling the missing authorizations manually
Company : Confidential Client : Confidential, IOWA Title : SAP Security Consultant (Upgrade Project) Duration : March 2004 Through Sep 2004
- Up gradation Project security administrator
- Upgraded the role/activity groups from 4.5B to 4.7
- Providing SAP R/3 Security Support for SAP R/3 4.7
- Worked on BW version 3.0 and configure security settings for reports and queries generation
- Generated role/activity group matrices
- Creating end user role/activity groups as per the Organizational structure
- Created and modified Single role/activity groups, Composite role/activity groups and Derived role/activity groups using automatic profile generator
- Worked as liaison member between R/3 Development team, Users and Audit Team
- Supported users at different levels for the security issues in all functional modules
- Analyzed Business scope, user role/activity groups and developed user / role/activity group matrix for the better understanding of Security authorization plan
- Conducted a detailed study for SAP Security methodology for Security implementation in Head office and Plant
- Developed the Business workflow and Organization chart for the project
- User Administration, creating user id and assigning role/activity groups
- Worked with process experts on Segregation of Duties (SOD) issues.
- Revamped existing activity groups to make them compliant with SOD
- Created new activity groups as per Segregation of Duties requirements
- Developed procedure manual for the Security of the system, database, user authorizations, backup and recovery
- Extensively used Ms-Access and Ms-Excel for creating role/activity group matrix and Ms-PowerPoint for presentations to the users.
- Conversant with all security related tables in SAP
- Worked closely with Audit team for SAP Security Audit and generated Audit Information Systems logs
- Created transports for mass transports of role/activity groups
- Troubleshoot security related problems
- Provide SAP Basis Support for SAP systems
- Continuous monitoring via CCMS of SAP Systems performance SAP system performance tune
- Work with ABAP programmer/Functional Consultant to program tuning Change Management through CTS (STMS)
Company : Confidential Client : Confidential. Dundee, MI Title : SAP Security Administrator Duration : August 2003 through March' 2004
- SAP 4.6C - Security Role/activity groups and profiles Administration
- Supported Internal and External security audits in the production system every month.
- Work with Business specialists to help them understand where SAP authorization objects are conflicting and suggest the options for mitigating the conflicts
- Execute security reports for critical transactions and objects, and monitor the user logs
- Secured role/activity groups by Company Code, Plant, Cost Center, Profit Center, and Purchasing Organization, etc.
- Analyzed all customer programs and transaction codes for authority checks.
- Analyzed all business role/activity groups and mapped them to transaction codes according to business processes.
- Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction and maintained check indicators for Transaction codes.
- Continuously improve security configuration to reflect best practices and to prepare for system audits.
- Configured Profile Generator and transported settings to all clients, setup security for the developers.
- User maintenance (User creation / deletion / lock / unlock / activation / Password management). Used CATT scripts for mass users and assigning Activity groups.
- Worked on user administration in Development, Quality, Training and Production instances. Provided developers key and reset the passwords.
- Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.
- Performed trouble shooting on R/3 security problems by using system traces.
- Assisted in Sarbanes Oxley Compliance - SAP System Audit and documentation of significant Processes and controls.
- Performed Client copies/deletes in Sandbox, Development and Training.
- Worked with functional team leads to define the new transactions.
- Established security testing procedures and tools
- Documented the procedure for all SAP tasks and controls.
- Helped the testing team on testing security profiles.
- R/3 basis administration in analyzing short dumps; database performance analysis, setting up the profile generator for user role/activity groups
- Maintained and configured Correction and Transport System
- Knowledge transfer on SAP R/3 security environment
Company : Confidential Client : Confidential. Chicago, IL Title : SAP Security Administrator (L3 Support) Duration : Nov 2002 through August 2003
- SAP 4.6B - Security level3 Administration
- Extensively used Automatic Profile Generator (PFCG) to create Activity groups/profiles for various modules such as FI/CO, MM and SD.
- Configured Profile Generator and transported settings to all clients, setup security for the developers
- Created users and maintained user master and established security policies and procedures and assigned required privileges for the database access.
- Extensively worked on Authorization objects, fields, authorizations, authorization profiles.
- Transported profiles between clients within R/3 system and between R/3 systems.
- Performed transports and mass transports of role/activity groups.
- Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes
- User maintenance SU01 (User creation / deletion / lockdown / activation / Password management).
- Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones with the help of functional heads
- Tracing missed files and authorizations for user's access problems and inserted missing authorizations manually
Company : Confidential Client : Confidential, MO Title : SAP Security User Administrator Duration : Jan 2002 through Oct 2002
- SAP 4.5 - Security Users Administration
- Transported profiles between clients within R/3 system
- Created users, role/activity groups and assigned required privileges for the database access.
- Used Profile Generator for creation, modifying role/activity groups, composite role/activity groups, global role/activity groups, derived role/activity groups.
- Manual generation and modification of profiles.
- Generated authorizations using Profile Generator and assigned to authorization profiles and assigned to activity groups. Activity groups are assigned to user master.
- Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.
- Effectively analyzed trace files and tracked missed authorizations for user's access problems and inserted missing authorizations manually.
- Transported the generated role/activity groups and profiles using SAP Transport Management System.
- Created users and maintained user master and established security policies and procedures.
- Cleaning up of role/activity groups and profiles not being used.
- Knowledge transfer to team members, provided ongoing security related support for all security milestones during different phases
- Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
- Educated client personnel in R/3 Security and general Basis knowledge.
Technical Qualifications
- SAP R/3 (4.5 B, 4.6B, 4.6C, 4.7 Enterprise, ECC 5.0)
- SAP BW/v3.0 and 3.5, CUA
- VRAT (Virsa Tool), SAFE (PWC Tool)
- MS-Excel, PowerPoint, MS-Visio, MS-Project
- MS-DOS, Windows (2K, 95/98,NT, XP) Unix, Linux
- ORACLE 8i, 9i, Microsoft SQL Serve
Education Masters in Computer Network Administration