SUMMARY:

• More than 15 years of SAP Experience and Worked as a SAP Security Architect to design the systems security in complex SAP Systems including legacy Systems.
• Experienced in 8 Full life cycle SAP implementations including Role Redesign/ Upgrades to ECC 6.0 (FI,SD, MM, HR) and BI 7.0, HCM, EHP4, BOBJ 4.0, BPC 4.0,SAP GRC 10.0, SAP Net weaver Identity Management(IdM) 7.2, CRM 7.0 - IC WebClient UI
• IDM 8.0: Implemented end to end IDM 8.0 SP4 for SAP Systems including ECC, HANA, Success Factor BI, SRM, and CRM and connected to GRC system to evaluate Risk Analysis before provisioning steps update in Identity Store.
• GRC 10.1: Performed user audits for customer systems and reviewed role and profile using the GRC to identify and militate against potential security risks. Expert in Configuring, Troubleshooting of Various Components of GRC 10.0( ARA(Access Risk Analysis), EAM ( Emergency Access Management), ARM (Access Request Management ), BRM( Business Role Management )
• Role Redesign Project: Worked in Complex landscapes to Analyze existing Roles/Authorizations and implemented End to end Role redesign project by working closely with the Functional team/Business process owners to gather the requirements, Designed the new Blueprint, Configured the Roles/Security and Supported the project after go live. Worked with Auditors to make sure no SOX Issues arise in the roles and designed the job specific roles to business users.
• HCM Security: Implemented Content based Security and secured the Forms without providing info types access. Extensive experience in ESS / MSS, Indirect Role Assignment, Org and Position management, HR Security profiles for Time Admin, Payroll admin, Expense profiles, Structural Authorization & Position based security, Payroll, Context-Solution, PD / Structural Profile, User Administration, HR tables and Info types, in team and independent environments
• CRM 7.0: Designed Business Roles by working closely with Functional Team and Created respective PFCG roles to provide access to logical links of work centers in Business Roles, Assigned Business roles to the Business Users in the Organization Structure, Created Business Partner and associated them with user (employee)
• Portal EP 7.0: Assigned Portal roles corresponding to backend roles to user view and use in the portal, Created portal roles using portal content which allow access to IView’s in Portal and Mapped the backend roles of ECC 6.0 for ESS/ MSS Functionality, BI 7.0 roles to Portal groups and assigned portal groups to users using User Management Engine
• BOBJ 4.0 Created various Access Levels, Groups, personal folders for various Department and Assigned users into appropriate Group. Restricted various Applications (BI Launchpad, BI Workspaces, Web Intelligence, Crystal Reports & Universe )
• BI (Business Intelligence) 7.0: Created analysis authorization objects for authorization relevant characteristics and Key figures and Secured the Reports at granular level by using (Navigation Attribute Info Provider)
• Experienced in installing, implementing and documenting audit defensible security processes and infrastructure to comply with the Sarbanes-Oxley Act. These activities have included: installing, configuring and maintaining the GRC 5.3 (Segregation-of-Duties, or SOD) and providing methodology to analyze security roles for adequate segregation-of-duties with respect to transactions
• SSO: Configured Single sign on for integrating portal with Satellite systems such as ECC, BI and BOBJ.
• Expertise in Role-based Security (design and maintenance), Solution Manager, BI Security, Portal Security / User management, CTS, Single Sign On
• Analytical and creative problem solving capabilities in all SAP environments
• Implemented SAP Net weaver Identity Management 8.0/ 7.2(IdM) across a diverse IT landscape including all SAP systems
• Expert in securing system and data through customization of role maintenance, tables, authorization groups, transaction codes and programs
• Expert in master / derive and composite role implementation
• Experience in SAP Security upgrade, eCATT, LSMW, CUA and RFC
• Expert in resolving R/3,BI, CRM, HR and portal security issues and trouble shooting

TECHNICAL SKILLS:

SAP COMPONENTS AND RELEASES: SAP R/3 (4.6B, 4.6C, 4.7EE, ECC 5.0 ECC 6.0 EHP 8 (Oil & Gas, IS-U, PSCD, Loans, Billing Dunning ) Web AS 6.20,6.40.7.0), APO3.5, SRM 5.0/7.0, BOBJ 4.0,CRM 4.0,5.0,7.0, SCM 7.0, SRM 7.0, SOLUTION MANAGER 3.2- 4.0

NETWEAVER COMPONENTS: ENTERPRISE PORTAL 5.0 -6.0.7.0 BI 7.0,XI, PI

ADDON S: GRC 10.1/ 10.0 /5.3, IDM 7.2

Platforms: Unix- Aix, Windows NT, Windows 2000, Windows XP and Windows 2003 Enterprise Edition configured Active X windows, worked with NTFS file system

PROFESSIONAL EXPERIENCE:

Confidential, NJ

Lead SAP IDM/ GRC/ Security Consultant

Responsibilities:

• Configured the self-service for all the SAP Systems and non-SAP Systems
• Integrated Identity Management with SAP Systems including HANA Systems, SAP JAVA Systems
• Integrated IDM with SAP HCM System, SAP Backend Systems (ECC, BI, SRM, CRM), non-production SAP Systems including Legacy Systems
• Installed and Configured SAP Identity Center, SAP IDM Runtime Engine, SAP IDM Developer studio, SAO IDM UI, SAP IDM ADMIN UI,
• Imported Standard packages/ Connectors provided by SAP related to ABAP, JAVA, LDAP, AD, HCM, Success Factor and legacy systems
• Created Repositories Types in SAP IDM Developer Studio, Created Respective Repositories using SAP IDM ADMIN UI then imported identities ( Initial Load ) from SAP IDM UI from various systems to SAP Identity Center and managed the users from one central place .
• Created Various jobs ( Pass, Scripts, Constants, Variants ) as needed and setup the jobs in the background to make sure day to day new Roles/Privileges Transfer from various systems to Identity Store
• Created Dynamic Groups as needed and associated them with appropriate privileges
• Created Blueprinting for SAP IDM Implementation with integration of SAP GRC, SAP SATELITE SYSTEMS including legacy, Time lines, Project plan and worked with Business owners to get the core Existing Functionality of the Business to include along with new Functionality and get the Sign of the Blue printing and CR Requests after go live.
• Worked with Eclipse Plug-In to make sure perform all administrative Tasks including work flow related to User provisioning and de provisioning ( SAP HR System will trigger any changes to Identity Centre Database by using VDS and request will go into workflow, will pass through GRC for RAR and user provisioning will take place in Target Systems)
• Configured Eclipse plug in, RU (Run time Environment), User interface and Virtual Directory Server.
• Business roles are defined as per privileges and assigned the Business roles (Combination of Technical roles) to as per their positions in the Client Org Management.
• Performed End to End Testing by working closely with the Business/Functional team to create various Test Scripts as per Business process for various types of New/Change /Terminate/Expire requests and conducted end to end testing in HP ALM 11.5
• Coordinated with SAP Security Team Members / GRC Members to make sure Business Roles are build proper as per IDM Requirements and designed the End to End Business process diagrams for various types of requests including HR Triggers / Integration with Active Directory / LDAP and Configured Single Sign on to make sure Users can able to enter to various systems without entering passwords.
• Configured Self Service Tool in IDM for End users so that they can reset their own passwords as needed / Unlock Accounts provided security answers / Initiate Change adhoc requests to their own accounts as needed
• Integrated SAP IDM with SAP GRC to make sure Risk Analysis performed before provisioning takes places in Identity Store.
• Performed Role reconciliation project in ECC/ BI/ SRM/ CRM Systems to make sure roles are aligned as per Business roles in SAP IDM
• Coordinated with various teams such as SAP Basis / Functional / ABAPERS/ Active Directory/ Helpdesk / SharePoint / HR Business process owners / key stake holders and helped the Business to understand the various types of issues and provided appropriate Business Solutions to them by working closely with the Key stake holders of the project.
• Activated O Data Services & ICF Services which requires to Setup Fiori Launchpad & SAP Fiori Launchpad Designer.
• O Data Services enabled in Gateway to map required Technical O Data services and corresponding backend services.
• Used /N/IWFND/MAINT SERV T- Code to Create Custom Services by coping standard services and called the required services in browser so that service can be activated and respective Service generated tin USOBHASH Table.
• Created users by using HANA Studio and Created Analytic privileges to view restricted data within the reports.
• Security Design in a Global implementation of SAP Business Suite on HANA from project preparation phase through go-live in multiple geographies comprising of Order to Cash, Finance and SCM modules
• Created Analytic privileges, Users using HANA Studio, Created Various roles for Business folks, Sustainment team members using
• Worked with basis folks to Configure HANA for Single Sign on to login through BOBJ System
• Worked with HANA Functional team and business members to get the requirements related to privileges and incorporated the privileges using HANA in BPC Created various Teams and added respective Tasks, Task profiles and Member Access profiles
• BPC: Created various Task profiles, Data access profiles as per business requirement and supported the BPC End users
• Created analysis authorization objects for authorization relevant characteristics and Key figures related to Sales chain & Finance reports related to District Managers, Directors and VP
• Restricted queries by using various auth objects of BI 7.2
• Created BI 7.0 Roles for Various Department and sync the roles/users with BOBJ 4.2
• Restricted Access to users by Creating Access Levels, Groups, personal folders for various Department in BOBJ 4.0 and Assigned users into Group.
• Configured users to login BOBJ 4.2 through SSO and run the reports in BOBJ 4.2 and replicate the data as per Roles in BI 7.0
• Created Portal roles and added respective groups/Roles to users in the EP 7.4
• Assigned Portal roles corresponding to backend roles to user view and use in the portal
• Created portal roles using portal content which allow access to IView’s in Portal
• Map the backend roles of ECC 6.0, BI 7.2 roles to Portal groups and assigned portal groups to users using User Management Engine.
• Upgraded the HR System from EHP 4.0 to EHP8.0 including migrated the database form Oracle to HANA.
• Performed the Upgrade Steps ( SU25 including) - Automatic Comparison with SU22 Data, performed roles check which got impacted after upgrade, Display Changed Transactions which populate new functionality after upgrade .
• Identified the impacted Roles / Custom T-codes and worked with the Functional/Business team to make sure existing functionality works as is and include new functionality as identified by business.
• Worked on Enterprise portal to make sure upload the Role to Portal, Assign the appropriate Groups to users and mapped the respective backend roles so that users can perform their duties as per needed .
• Supported the 95,000 Business Users for ESS/ MSS Functionality and added the new functionality as needed after approving by business.
• Created Transport requests for Business roles and worked with Change management team/Business to move roles across the landscape and Created Test IDs in Enterprise portal as well as respective satellite systems for various types of testing such ( Functional Testing, User Acceptance Testing, Smoke Testing, Volume Testing and supported the Training environment for Business users before going live and or new employees to learn the existing functionality
• Created UI 5.0 Roles by using LPD CUST and customized the landing page ESS, MSS and payroll Roles and used them in personalization parameters to make sure end users get appropriate CHIPS / LANES after they login into SAP System through portal.
• Created Test Accounts for Testers in Backend ECC and assigned appropriate Portal Groups in EP to make sure they can login through SAP UI5.0
• Worked closely with Functional team to Configure the UI 5.0 Roles using LPD CUST and added customization roles in the personalization of PFCG Roles to make sure end users get proper CHIPS ( Collaborative Human Interface parts ) and Lanes in the run time
• Performed the impact Analysis to existing environment before implementing ESS/ MSS Project
• Created PD Profiles according to business requirements and assigned to users
• Developed reports for user access to sensitive info types for OM, PA, Compensation and Benefit roles
• Implemented GRC 10.1 Access Control ( ARA, ARM, EAM and BRM)
• Configured Access Risk Analysis module by Creating Connector, setting up Connector type, updating Global Rule sets, Updating Repository Sync (User, Role and Profile).
• Created Mitigation Controls as per required by Business process and evaluated strategy to remediate and if in case remediate not possible worked closely with Business folks to Develop Mitigation Controls .
• Configured MSMP ( Multi Stage Multi path workflows ) as per Business requirements
• Configured BRF+ Rules as per Business requirements
• Performed workshops with Business users to make them understand how to get more benefits from GRC and let them know End to End GRC Functionality and gathered the required data from business users
• Created Custom Rule sets by coping Standard GRC Rule sets and adjusted Custom rule sets as per Business needs and Generated Rule sets
• Worked on ARA Configuration, Creating Connectors, Activating BC Sets, Identifying Risk/ Mitigation owners and monitors and incorporated them into ARA
• Expert in Configuring EAM and configured Fire Fighter id's, Fire Fighter owners and Fire Fighter Controllers .

Confidential, ON

Lead SAP GRC / SECURITY / HCM Consultant

Responsibilities:

• Implemented GRC 10.0 Access Control ( ARA, ARM, EAM and BRM)
• Configured Access Risk Analysis module by Creating Connector, setting up Connector type, updating Global Rule sets, Updating Repository Sync (User, Role and Profile).
• Created Mitigation Controls as per required by Business process and evaluated strategy to remediate and if in case remediate not possible worked closely with Business folks to Develop Mitigation Controls .
• Configured MSMP ( Multi Stage Multi path workflows ) as per Business requirements
• Configured BRF+ Rules as per Business requirements
• Performed workshops with Business users to make them understand how to get more benefits from GRC and let them know End to End GRC Functionality and gathered the required data from business users
• Created Custom Rule sets by coping Standard GRC Rule sets and adjusted Custom rule sets as per Business needs and Generated Rule sets
• Worked on ARA Configuration, Creating Connectors, Activating BC Sets, Identifying Risk/ Mitigation owners and monitors and incorporated them into ARA
• Expert in Configuring EAM and configured Fire Fighter id's, Fire Fighter owners and Fire Fighter Controllers .
• Provided Emergency Access to Business users /Sustainment team on demand basis after getting appropriate approvals from management.
• Provided Business users ( BPO Owners, Auditors, Risk owners and end users ) so that they can take appropriate action if they get any automated notifications from GRC or if any users request GRC Access or emergency Access
• Performed the support of the project and worked closely with Client SAP Security resource to provide them required knowledge Transfer and Provided KT Documents
• Expert in Creating Users like Requesters, coordinators, Role Approvers and Final approvers related to workflow of ARM for user provisioning in SAP Backend Systems
• Created Roles for ESS, MSS, Divisional Admin, Payroll Admin and workflow admins
• Configured Content Based Security and restricted the Forms without providing access to info types
• Created Dynamic PD Profiles by using Custom Functional module and Custom Evaluation paths to identify and provide appropriate access to Managers whose employees falls not only their own org unit but even in different org units .
• Performed the impact Analysis to existing environment before implementing ESS/ MSS Project
• Created Test Accounts for Testers in Backend ECC and assigned appropriate Portal Groups in EP to make sure they can login through SAP UI5.0
• Worked closely with Functional team to Configure the UI 5.0 Roles using LPD CUST and added customization roles in the personalization of PFCG Roles to make sure end users get proper CHIPS ( Collaborative Human Interface parts ) and Lanes in the run time
• Designed ECC- HCM roles for OM, PA, Compensation, Benefits, ESS and MSS for Global Access
• Created backend roles for HR Employer self-service ESS and Manager self-service MSS
• Created PD Profiles according to business requirements and assigned to users
• Developed reports for user access to sensitive info types for OM, PA, Compensation and Benefit roles
• Created PD Profiles According to business requirements and assigned to users
• Worked with HR Functional specialists to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts
• Created UI 5.0 Roles by using LPD CUST and customized the landing page ESS, MSS and payroll Roles and used them in personalization parameters to make sure end users get appropriate CHIPS / LANES after they login into SAP System through portal.
• Automated Substitution process by creating appropriate Substitution Roles and Dynamic PD Profile for substitution to make sure managers can able to delegate their work to their peer or subordinate employees
• Masked the sensitivity data such as Employee bank details, Social security number, Date of Birth and Gender by creating appropriate Roles and used the Custom Auth objects/ User exists.
• Created Business Roles in SAP CRM by working closely with Business/Functional Team
• Created Business partner in SAP CRM and associated with Employee role to users
• Assigned Business roles in SAP CRM Org chart to inherit proper work centers/logical links
• Created Analytic privileges, Users using HANA Studio
• Created Various roles for Business folks, Sustainment team members using HANA Studio
• Worked with basis folks to Configure HANA for Single Sign on to login through BOBJ System
• Worked with HANA Functional team and business members to get the requirements related to privileges and incorporated the privileges using HANA Studio.
• Created Roles to restrict data by using RSECADMIN
• Created Access levels in BOBJ as per Business needs and assigned to users
• Created Analysis Auth objects and incorporated within the role to view restricted data
• Created Analysis Auth objects in BI 7.0 and restricted Queries by Info object level
• Created users in portal EP 7.0 and assigned Respective groups to them to login through portal and access various reports from ECC 6.0, BI 7.0 and CRM 7.0
• Created Access levels in BOBJ and assigned to groups as per required by Business requirement.
• Created user groups, assigned privileges and assign to users.
• Analyze existing Roles/Authorizations and redesign the roles by working closely with the Functional team/Business process owners to gather the requirements, Configured the Roles/Security and Supported the project after go live. Worked with Auditors to make sure no SOX Issues arise in the roles and designed the job specific roles to business users.
• Redesigned (Finance) roles such as Account Management, AR Clerk, AR Supervisor, Financial Analyst, Finance Clerk, Finance Supervisor & Master Data Maintenance
• Redesigned ( MM, SD) the Roles related to Vendor Master Data Coordinator, MM AP Analyst, MM Buyer, Contract Admin, Measurement Reports Analyst, Procurement Clerk, Stores Supervisor
• Redesigned the Roles
• Worked closely with the Business users to resolve Authorization issues

Confidential, Fort Mcmurray, AB

Lead SAP IDM / SECURITY /GRC/ HANA - Consultant

• Integrated Identity Management with SAP GRC Access Controls and embedded the risk Analysis and mitigation into each user access request.
• Configured the password self-service for all the SAP Systems and legacy systems
• Integrated IDM with SAP HCM System, SAP Backend Systems ( ECC, BI, SRM, CRM), non-production SAP Systems and Legacy systems
• Configured the work flow related to User provisioning and de provisioning ( SAP HCM System will trigger any changes to Identity Centre Database by using VDS and request will go into workflow, will pass through GRC for RAR and user provisioning will take place in Target Systems)
• Configured MMC (Microsoft Management Console), RU (Run time Environment), User interface and Virtual Directory Server.
• Business roles are defined as per privileges and assigned the Business roles (Combination of Technical roles) to as per their positions in the Client Org Management.
• Configured BC Sets, Global Parameters, Created Connector and associated with Connector type, Generated Rule Sets as per Business process for ARA
• Configured Mitigation Controls, Mitigation Monitors, sync the jobs related to Auth, users and profiles from Backend systems to GRC and Configured end to end Risk Analysis for Business users in ARA.
• Created Custom Rule sets after discussing with Key Stake holders as per there business process.
• Configured Risk Analysis and Remediation by working closely with business folks after identifying Role owners, Mitigation Controls Monitors and Mitigation Control owners for ARA
• Configured Emergency Access Management ( EAM) for Sustainment team by working closely with business folks to identify Role Owners, Fire Fighter ID Controllers, owners and monitors and provided automated process for Sustainment team to get broader access in Emergency situation and sends reports automatically to process owners to review for audit purpose
• Configured Emergency Access Management by working closely with Business users and Functional team. Created Fire Fighter user id’s after identifying Fire fighter owners and Fire Fighter Controllers
• Configured Access Request Management (ARM) for automated user provisioning and Configured MSMP Workflows and BRF+.
• Designed the Security Structure for SAP BI 7.0
• Implemented HANA Security by working with HANA Studio by Creating users, Privileges, Roles within HANA.
• By using HANA Studio Assigned the Roles to users, Groups to perform user’s activities within HANA Studio and restricted SAP HANA Applications by giving certain privileges to users within HANA Database.
• Created analysis authorization objects using for authorization relevant characteristics and Key figures
• Designed and created portal roles in the EP6.0 and EP 7.0
• Worked on CMC ( Central Management Console ) in BPC 4.0 by Creating Access levels, Groups, assigned users into proper Group and Transferred users from BI 7.0 System into BOBJ 4.0
• Worked Closely with BOBJ Functional team and configured Components such as Web Intelligence, Dashboards and provided Business users proper access to such components to run the adhoc reports
• Created users in Portal, Assigned to proper Portal Groups and Roles to them in EP 7.0
• Worked with Functional team to gather requirements for ESS (Employee Self Service) such as Entering Time, requesting leave, view pay slips and Vacation quota.
• Created PD Profiles for various positions based on Functional module and also created profiles for Time and Expense Admins.
• Implemented Time entry for the organization CATS ( Cross Application Time T-code)
• Worked with Functional team to Gather Requirements for MSS( Manager Self Service ) for approving Time, leave requests, Accessing Reports and approving purchase orders through Enterprise portal and Designed the roles as per Business needs .
• Developed reports for user access to sensitive info types for OM, PA, Compensation and Benefit roles
• Created Roles for Employee Self Service and Master Self Service
• Worked with HR Functional specialists to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts
• Created PD Profiles to restrict the sensitive data within the org structure
• Assigned the Roles to position so that users can inherit the authorizations when they log into SAP System.
• Worked closely with the Business users /Functional team to resolve Authorization issues by Analyzing SU53 Dump and Activating Trace through ST01
• Created New/Change Users as per demand and assigned appropriate business roles to them in various landscapes
• Reviewed Existing Users access by running GRC ARA Reports and worked with Auditing team to resolve SOD issues
• Configured Audit logs by using SM18, SM19 T-codes and provided Reports periodically using SM20 T-code to Auditing Team
• Analyzed the Existing Roles and users and their respective access
• Analyzed the usage report of T-codes by users
• Designed the Security Roles as per job Roles Specific to their job duties
• Redesigned the Finance, MM and SD Roles by working closely with Business to gather the requirements, Designed the Blueprint, Signoff from the Role owners and Developed the roles
• Worked closely with the Functional/Business team to Test the roles before moving across form one landscape to another landscape.
• Created and defined the deliverables for the Blue print phase
• Communicated technical and non-technical issues to the client supervisors
• Created roles for SAP modules FICO,MM,QM,PM and HCM
• Resolved the Authorization issues by activating the Trace and SU53 Dumps Analyze
• Resolved the OSS tickets for different customers with different components

Confidential, Oakville, ON

SAP HR SECURITY / GRC - Architect

• Designed ECC- HCM roles for OM, PA, Compensation, Benefits, ESS and MSS for Global Access
• Created backend roles for HR Employer self-service ESS and Manager self-service MSS
• Created PD Profiles according to business requirements and assigned to users
• Developed reports for user access to sensitive info types for OM, PA, Compensation and Benefit roles
• Worked as a BI-HR expert to redesign the global access
• Created PD Profiles According to business requirements and assigned to users
• Worked with HR Functional specialists to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts
• Developed LSMW scripts to assign the structural profiles to Positions
• Worked with the ABAP team to create the custom function module for structural authorization
• Gathered the security requirements for structural profiles and PFCG roles as per the business roles
• Created analysis authorization objects for authorization relevant characteristics and Key figures related to Sales chain & Finance reports related to District Managers, Directors and VP
• Restricted queries by using various auth objects of BI 7.0
• Created users by using HANA Studio and Created Analytic privileges to view restricted data within the reports.
• Created BI 7.0 Roles for Various Department and sync the roles/users with BOBJ 4.0
• Restricted Access to users by Creating Access Levels, Groups, personal folders for various Department in BOBJ 4.0 and Assigned users into Group.
• Configured users to login BOBJ 4.0 through SSO and run the reports in BOBJ 4.0 and replicate the data as per Roles in BI 7.0
• Creating Portal roles for BI Portal (EP 7.0) to Publish Queries
• Assigned Portal roles corresponding to backend roles to user view and use in the portal
• Created portal roles using portal content which allow access to IView’s in Portal
• Map the backend roles of ECC 6.0, BI 7.0 roles to Portal groups and assigned portal groups to users using User Management Engine.
• Created backend roles in BI for BOE crystal reports to access data from SAP BI
• Created roles for BI Data ware house objects and BI Reporting layer objects
• Configured GRC 5.3 RAR,CUP,SUPM, ERM:
• Configured system connectors between CUP and SAP systems / non SAP CUP request creation, modification and deletion
• Uploaded roles into CUP
• Applied roles and role approvers in CUP
• Added business processes and functional area for business processes
• Worked on RAR ( Risk Analysis and Remediation):
• Uploaded rule sets, Configured Business process, Risks, Mitigation Controls in Risk Analysis and Remediation
• Expert in Configuring CUP, RAR and SUPM
• Expert in Creating Users like Requesters, coordinators, Role Approvers and Final approvers related to workflow of CUP for user provisioning in SAP Backend Systems
• Worked closely with Team members to implement GRC 5.3 Support packs 13.
• Downloaded and uploaded rule set Matrix in RAR.
• Created Mitigating Control Monitors and Applied Mitigating Controls to them.
• Created PFCG roles for the Business Roles in CRM 7.0 IC WebClient UI and assigned them in Org Structure to various positions.
• Worked closely with the CRM BSA in creating the Business Roles, Org Structure & Positions.
• Traced and Resolved Authorization issues for BSP Applications in Web Client UI
• Created PFCG roles to provide access to logical links of work centers in Business Roles
• Assigned Business partners to various positions within the Organization Structure
• Creating Business Partner and associating them with user (employee)
• Worked extensively with the PFCG tool to create roles for FI (AP,AR), HR, OM, APO, ESS and interfaces
• Worked with business leads in order to develop requirement role matrices
• Created Roles in Solution Manager for designing various different projects.

Confidential, AB

SAP HR SECURITY/GRC - Architect

• Worked on implementation of structural authorizations and structural authorization profiles.
• Maintenance of HR organizational structure to administer and control user access, including time-delimited access (e.g. temporary assignments to positions)
• Setting of HR security authorization objects for structural authorizations based on Info Type and allowed functions / activities
• Created PD Profiles According to business requirements and Assigned to users
• Created/ Updated Business BI Roles by Publish Queries into the Role Menu and map BI Business Roles into Portal Groups.
• Assigned Portal groups (EP 7.0) and corresponding backend roles (BI 7.0), to users to view reports through portal.
• Created backend roles in BI for BOE crystal reports to access data from SAP BI
• Created roles for BI Data ware house objects and BI Reporting layer objects
• Implemented BI security by Creating Analysis Authorization objects and secured them in Roles.
• Activated required Info objects and made authorization relevant in order to Create Analysis Auth Objects.
• Worked closely with functional team, designed the roles related to Loans, Billing, Dunning and Accounts Receivables.
• Created/ Updated Roles related to IS-U (Loans, Billing, Dunning )
• Worked Closely with CRM 7.0 Functional team and Configured Business Roles ( Adjust Work centers, Adjust Work Center Group Links)
• Run the reports to generate “.txt “file for Business Roles and imported in PFCG Roles.
• Adjusted PFCG Role Authorizations for Corresponding Business Roles.
• Created PFCG roles for the Business Roles in CRM 7.0 IC WebClient UI
• Created Organizational Structure and Positions according to business requirements.
• Creating Business Partner and associating them with user (employee Role )
• Assigned Business roles to the Business Users in the Organization Structure
• Assigned Corresponding Business partners to positions in Org Structure to inherit the required Authorizations

Confidential, Winnipeg, MB

SAP Security/ GRC analyst

• Implemented Security for Province of Manitoba by Designing, Blue printing and built proper roles ( to Citizens, Tax payers, Contract Accounts receivables and payable business users as per province requirements ), Business users
• Integrated PSCD (Public Systems Claims Disbursement) System with ECC Components such as Funds Management, Controlling and Sales & Distribution.
• Created PFCG roles for the Business Roles in CRM 7.0 IC WebClient UI
• Worked closely with the CRM Customizing team in creating the Business Roles and Org Structure
• Traced and Resolved Authorization issues for BSP Applications in Web Client UI
• Created PFCG roles to provide access to logical links of work centers in Business Roles
• Assigned Business roles to the Business Users in the Organization Structure
• Creating Business Partner and associating them with user (employee)
• Maintained user parameter for CRM users in SU01 to access BSP in IC WebClient UI
• Created analysis authorization objects for authorization relevant characteristics and Key figures
• Creating Portal roles for BI Portal (EP 7.0) to Publish Queries
• Assigned Portal roles corresponding to backend roles to user view and use in the portal
• Created portal roles using portal content which allow access to IView’s in Portal
• Map the backend roles of ECC 6.0, BI 7.0 roles to Portal groups and assigned portal groups to users using User Management Engine.
• Created backend roles in BI for BOE crystal reports to access data from SAP BI
• Created roles for BI Data ware house objects and BI Reporting layer objects
• Implemented BI security at Infoarea, Info cube, Info Object, DSO’s, MultiProvider levels
• Maintained authorizations for Business Objects Enterprise (BOBJ) Top level, Folder level and object level
• Worked on GRC 5.3 CUP: Configure system connectors between CUP and SAP systems / non SAP CUP request creation, modification and deletion
• Uploaded roles into CUP
• Applied roles and role approvers in CUP
• Added business processes and functional area for business processes
• Worked on RAR ( Risk Analysis and Remediation):
• Expert in Configuring CUP, RAR and SUPM
• Expert in Creating Users like Requesters, coordinators, Role Approvers and Final approvers related to workflow of CUP for user provisioning in SAP Backend Systems
• Worked closely with Team members to implement GRC 5.3 Support packs 13.
• Downloaded and uploaded rule set Matrix
• Created Mitigating Control Monitors and Applied Mitigating Controls to them.
• Worked Closely with Business and Functional team to gather Business requirements related to Organizational Management, Positions and implementation of structural authorizations and structural authorization profiles.
• Created PD Profiles as per business requirements and assigned to users.
• Created Org structure, Positions, jobs and assigned various users to there corresponding positions .
• Assigned Roles to Org Unit/ Positions as per business requirements and users got inherited there access through positions/ Org Unit.
• Maintenance of HR organizational structure to administer and control user access, including time-delimited access (e.g. temporary assignments to positions)
• Created roles for Employers to maintain their personal data using ESS
• Restricted the Employer Self Service roles to their area of responsibility
• Working with Team members to deploy Access of ESS to End Users (Departmental Users).
• Implemented, Configured and maintained CUA (Central User Administration) for all Systems.
• Maintained the RFC destinations for the CUA environment and controlled the authorization for communication user’s
• Worked on Single-Sign-On (SSO).
• Worked extensively with the PFCG tool to create roles for FI,HR, OM, PA, ECM, LSO, ESS and interfaces
• Worked with business leads in order to develop requirement role matrices
• Worked with process experts and head of departments for SOD conflicts and assigned appropriate roles to the users
• Traced the transactions for required authorizations and adjusted the SU24 for those t-codes
• Analyzed the impact of SU24 changes to proactively avoid issues
• Blueprinted and created the enterprise the performance management and compensation management roles
• Created test scripts for Unit, integration and UAT testing
• An active part of the CCMS Monitoring and development team. Helped the team to resolve authorization issues for SMSY functionality

Confidential, Calgary, AB

SAP Security Architect/Analyst

• Developed reports for user access to sensitive info types for OM, PA, Compensation and Benefit roles
• Worked as a BI-HR expert to redesign the global access
• Created PD Profiles According to business requirements and assigned to users
• Worked with HR Functional specialists to help them understand what SAP authorization objects are causing the conflicts and what all options exist for mitigating the conflicts
• Configured Risk Analysis and Remediation in GRC 5.3 to update new risks for the rule set
• Configured SUPM (Super user Privilege Management) and provided emergency access through firefighter user id’s for Sustainment team.
• Configured workflows in CUP (Compliance User provisioning) and automated User Provisioning related to different types of User requests (New Requests, Change Request, Delete Request, Lock and Unlock).
• Recommend policy changes as per the Best Practices and Sox Compliance
• Ensured no SOD’s existed at the role- and user- level
• Implemented enhancement to secure FF ID’s
• Designed the Security Structure for SAP BI 7.0
• Created analysis authorization objects using for authorization relevant characteristics and Key figures
• Designed and created portal roles in the EP6.0 and EP 7.0
• Created PFCG roles for the Business Roles in CRM 7.0 IC WebClient UI
• Worked closely with the CRM Customizing team in creating the Business Roles
• Traced and Resolved Authorization issues for BSP Applications in IC WebClient UI
• Coordinated with the offshore teams and monitored the progress of the project
• Managed and coordinated daily tasks with the global offshore Teams
• Created and defined the deliverables for the Blue print phase
• Communicated technical and non-technical issues to the client supervisors
• Reviewed the custom code and closed the security GAP’s by comparing with the Tech specs
• Experience in setting up users with AOD (Access on Demand) access.
• Responsible to prepare the deliverables for the role redesign project
• Develop and document policies to fill the GAP’s in the security architecture
• Created roles for SAP modules FICO,MM,QM,PM and HCM
• Resolved the OSS tickets for different customers with different components

Confidential, Norcross, GA

Lead SAP Security Analyst

Responsibilities:

• Created single, derived and composite roles using the PFCG Profile Generator
• Created position based roles for Position Based Access project
• Upgraded Security from 4.7 EE to ECC6.0
• Upgraded Security from BW3.0 to BI 7.0
• Worked on BI Environment which included BOBJ- Strategy Management, BPC and MDM
• Redesigned the SAP security model to identify and eliminate any Sox issues to ensure compliance
• Created PFCG roles for the Business Roles in CRM 7.0 Web UI
• Worked closely with the CRM Customizing team in creating the Business Roles
• Traced and Resolved Authorization issues for BSP Applications in Web Client UI
• Created PFCG roles to provide access to logical links of work centers in Business Roles
• Assigned Business roles to the Business Users in the Organization Structure
• Worked with the Portal Team in Setting up internal and external portal security
• Synced the PFCG roles with the Business roles as and when modifications were made
• Assigned default Frame work authorization needed for BSP’s
• Maintained Authorization Objects for BSP Applications in the Backend systems
• Created new PFCG roles using the SAP Delivered Reports for Corresponding Business Roles
• Maintained user parameter for CRM users in SU01 to access BSP in Web UI
• Identified and closed the GAP’s in the security process
• Developed and implemented SAP HR role based authorization concepts
• Implementation of position based authorization concept for HR Conception, development and implementation of structural authorization profiles with context-sensitive security for HR Master Data; c reating Users, Roles, Groups, work sets, I views for the EP 7.0 System
• Worked on implementation of structural authorizations and structural authorization profiles.
• Maintenance of HR organizational structure to administer and control user access, including time-delimited access (e.g. temporary assignments to positions)
• Setting of HR security authorization objects for structural authorizations based on Info Type and allowed functions / activities
• Created security reports
• Created authorization groups for tables
• Created roles for BI 7.0 as per the Data classification
• Created Container folder roles to save and access Queries from BEx Analyzer and BEX Designer
• Created backend roles in BI for BOE crystal reports to access data from SAP BI
• Created backend roles for HR Employer self-service ESS and Manager self-service MSS
• Restricted HR roles as per the personnel area’s using the Structural Authorizations profiles
• Created roles for SRM 5.0 Supplier self-service and Buyer self service
• Created users using the mass processing SU10
• Created CATT scripts for Password resets and role maintenance
• Created LSMW for mass processing of data
• Created roles for PI (NW 2004S)
• Maintained users and authorizations for MDM 7.0
• Created test scripts for positive and negative testing, integration testing and UAT

Confidential, SAN Antonio, TX

SAP Security Analyst

Responsibilities:

• Created single, derived and composite roles as per the business requirements
• Created Analysis Authorizations for BI mass maintenance of users
• User licensing SAP ECC, BW, Solution Manager, XI.
• Identified and corrected the ENDUSER licensing according to the SAP agreement
• Created scripts for mass changes using SECATT
• Resolved authorization issues related to Queries at Infoarea, Infocube and ODS level
• Created OSS ID’s for SAP Project team members
• Created Structural profiles
• Worked on the delta authorizations for administrative users and reporting users
• Worked on Position based security as per the Organization structure
• Worked on the structural authorizations for workflow
• Configured GRC 5.1 (Virsa) Compliance calibrator and fire fighter
• Worked closely with the business users to identify and mitigate the risks associated with a group of Transactions or objects and a User/Role.