Summary

Skill

SAP/ Security/IT:

Eleven years total of IT experience w/ seven years of sap security in SAP R/3, ECC, BW/BI, XI, Enterprise Portal, EHS,TPM CRM, APO,SRM, SCM, MDM, MM, FI/CO, PP, PM, SD and HR/HCM(position based and structural authorization security) defining, developing, assigning, and testing authorization roles. Functional expertise in FI/CO and MM. Experience in security vulnerabilities detection & remediation, and managing application security review process. Manufacturing, pharmaceutical, call center, healthcare, aerospace and defense industry experience. Lead experience in redesigning overall security architecture. Four years in developing, securing and maintaining security in SAP on a Netweaver platform. Three full life cycle implementations using SAP best practices and ASAP methodology. Two projects assisting in an upgrade from 4.6c to ECC 6.0.

SOD/Audit:

Seven years of experience in SOD Reporting. Responsible for building new roles ensuring SOX, COBIT, FDA and HIPPA compliance and making sure there are no SOD conflicts. Experience configuring AIS to run appropriate audit logs. Four years working with auditors for provisioning of systems. Experience in installing, configuring, maintaining and utilizing GRC (Virsa) suite for SOX, COBIT, FDA and HIPPA compliance and security purposes.

Project Experience

SAP Security and Basis Consultant Confidential,United Kingdom January 2010 – April 2012

Created userids and managing authority for users in non-Production and production clients.
Oversaw defining, developing and testing authorization roles in ECC 5.0 and 6.0.
Ran daily reports in GRC for SOD conflicts
Worked with internal and external auditors on governance and compliance issues.
Resolved user access issues via Alteris ticketing system
Used ST01 to trace authorization issues.
Redesigned security roles in ECC 5.0 systems.
Set up users in portal using UME.
Imported transports throughout the landscape using STMS
Responsible for configuration of GRC suite 5.3 SPM and RAR throughout ECC 6.0 and 5.0 landscape.
Improved security policies and procedures for user and role administration, creation and modification.
Improved security procedures for terminated users and inactive users.
Responsible for user administration in BW 3.5 and BI 7.0.
Updated values for authorization objects via SU24..

SAP Security Consultant Confidential,Dayton, OH September 2008 – December 2009

Responsible for configuration of GRC suite 5.2(FF, AE, CC, RE) throughout ECC 6.0 landscape.
Created userids and managing authority for users in non-Production clients.
Oversaw defining, developing and testing authorization roles in SAP R/3, ECC, SCM, HCM,, SD, FI, and CO. Used day-to-day transactions SU01, SU24, SUIM, SE16, and PFCG.
Implemented structural authorizations in HR module along with position based security.
Established structural authorizational profiles using transaction OOSP. Entered org. objects in profile. Linked pd profiles to a position using transaction PO13.
Generated user profile with program RHPROFL0.
Created and Maintained Custom Auth Objects and Check Indicators using SU21, SU24, SU25.
Troubleshoot Authorization related problems, traced different users(HR Global roles) to detect missing infotypes and sub infotypes.
Used ST01 to trace authorization issues.
Troubleshoot Authorization related problems, traced different users(HR
Global roles) to detect missing infotypes and sub infotypes.
Created new authorizations related to the expanded deployment of Project Enterprise for Client locations.
Transport roles and authorizations from DEV, QA, to PROD through TMS
Responsible for user access privileges in PROD and non-PROD clients.
Implement SSO using LDAP for authentication
Used Peregrine ticketing system to track and log all escalated SAP Security issues.
Maintained security documentation for changes in security
Answered users phone calls, emails, and instant messages to trouble shoot authorization issues.
Deleted inactive users in Production and non-Production clients.
Performed analysis and investigation of authority checks for appropriate assignment
Administering authority and users in Client\'s existing technology: SAP R/3 release 4.6C, APO, and Netweaver BI 7.0, Netweaver Enterprise Portal 7.0
Assist with role development in ECC6.0 environment.
Analyzed and communicate security/authorizations issues, including problems with security design, and functional and technical software issues.

• IT Environment: SAP ECC 6.0, 4.6c, APO, BI,FI, COSCM, Netweaver 2004s, EP 7.0, HCM

SAP Security Lead Consultant Confidential,Louisville, KY November 2007 – June 2008

Responsible for defining, developing and testing authorization roles in SAP R/3, PP, PM, MDM, MM, SD, FI, SCM, TPM, CO, XI, PLM, BI, SRM and CRM.
Developed and documented security procedures for user and role provisioning.
Used HEAT ticketing system to track and log all escalated SAP Security issues.
Managed transports through DEV, QA, and PROD with TMS.
Implemented and followed production security administration procedures and documents workflow procedures for user access in production and non production environments.
Created and deleted users ids in CUA environment using SOLMAN.
Used transactions SCUL, SCUA, and SCUM for CUA
Used day-to-day transactions SU01, SU24, SECATT, SUIM, SE16 and PFCG.
Assisted with internal and external audit controls and with upgrade from 4.6c and 4.7 to ECC 6.0.
Helped with UAT upgrade to ECC 6.0. Worked with business process owners to come up with UAT process and procedures.
Provided documentation for end user and BP training on process and workflow.

• IT Environment: SAP R/3, PP, SD, SM, FI, MM, CO, PLM, BI, SRM, XI, CRM, SU01, SU24, SUIM, SE16, PFCG, ECC, Netweaver 2004s
• 
  
  SAP Security Consultant
• Confidential,Tucson, AZ
  June 2007 – September 2007
  Oversaw defining, developing and testing authorization roles in SAP R/3, PP, HR(HCM), SD, FI, CO, EP 6.0, and BI, SEM, SRM, MDM, APO and CRM.
  Used day-to-day transactions SU01, SU24, SUIM, SE16, SECATT and PFCG.
  Assisted with internal and external audit controls.
  Created and modified SOX compliant roles per PWC audit guidelines using PFCG.
  Troubleshoot Authorization related problems, traced different users(HR Global roles) to detect missing infotypes and sub infotypes.
  Used HR structural and position based security in needed situations.
  Utilized Solution Manager to run daily monitoring reports.
  Created and modified user accounts across SAP landscape.
  Worked with LDAP to search for users and their user IDs.
  Managed weekly and monthly termination process.
• IT Environment: Netweaver, LDAP, SAP R/3, PP, SD, FI, CO, BI, EP 6.0, SEM, SRM, HR, CRM, SU01, SU24, SUIM, SE16, PFCG, APO, SOX, ECC, Solution Manager,
  
• SAP Security Lead Consultant

Confidential,Bartlesville, OK June 2006 – May 2007

Oversaw SAP application security implementation, support and security monitoring of SAP systems.
Developed and maintained security roles and authorizations for all SAP environments.
Installed and configured Virsa Suite.
Worked with business process owners and management to get processes for configuration of Virsa.
Maintained Virsa SAP GRC security tools such as compliance calibrator, access enforcer, fire fighter and central user administration.
Dealt with functional teams to define and design security roles.
Experienced with central user administration, LDAP, single sign-on and Enterprise portal.
Implemented and followed production security administration procedures.
Monitored SAP application access and security violations. Supported internal and external audits.
Served as primary contact for security related questions and issues. Identified control weaknesses and recommended improvements.
Assisted segregation of duty (SOD) analysis. Provided on-call support on a rotation basis.
Created job or functional positions for end users following strict SOX compliance.
Oversaw defining, developing and testing authorization roles in SAP R/3, PP, HR,CRM, SD, FI, and CO. Used day-to-day transactions SU01, SU24, SUIM, SE16, and PFCG. Implemented structural authorizations in HR module along with position based security.
Established structural authorizational profiles using transaction OOSP. Entered org. objects in profile. Linked pd profiles to a position using transaction PO13.
Generated user profile with program RHPROFL0.
Utilized RBE tool as baseline for redesign of roles in R/3.
Built new roles making sure there were not any SOD conflicts and built and maintained SAP user profiles and roles across SAP landscape and provided authorization consulting support to project and business managers.

• IT Environment: SAP GRC, LDAP, Netweaver, Enterprise, SOX, SAP R/3, PP, HR, MDM, CRM SD, FI, CO, SU01, SU24, SUIM, SE16, PFCG, RHPROFLO, Virsa
  
  SAP Security Consultant

Confidential,Pittsburgh, PA December 2005 – April 2006

Worked with organizational alignment representatives to determine which transactions would be needed for users to perform their job.
Created and modified SOX compliant roles per PWC audit guidelines.
Resolved Helpdesk tickets that were assigned to security team using Peregrine.
Experience with CUA. Resolved authorization failures and provided security support for over 20000 users.
Used day-to-day transactions SU01, SU24, SUIM, SE16, and PFCG. Terminated, locked and unlocked users.

• IT Environment: SOX, CUA, SU01, SU24, SUIM, SE16, PFCG, EHS, SRM, HR, APO, SCM, BW
  
  SAP & IS Support Analyst
• Confidential,Raleigh, NC

August 2005 – December 2005

Served as single point of contact to assist clients in resolving all technology related problems, escalating unresolved transactions to next level as needed.
Reset passwords and troubleshot issues in SAP system.
Worked as initial triage of incoming and end-user computer issues and problems. Formally documented all problem tickets per predefined, standardized process.
Researched and analyzed options for problem resolution using troubleshooting database, peers and Internet.

IT Environment: SAP

SAP Consultant

Confidential,Milwaukee, WI

December 2004 – August 2005

Oversaw defining, developing and testing authorization roles in SAP R/3, MM, BW and SRM.
Built and maintained SAP user profiles and roles across SAP landscape and provided authorization consulting support to project and business managers.
Implemented and maintained FI/CO module ensuring confidentiality and accessibility was secure.
Used Virsa for compliance and security purposes.
Solved highly technical and complex problems across SAP landscape as they related to security authorizations.
Protected sensitive business information by ensuring roles were built and assigned appropriately in all SAP systems (R/3, SRM, MM, BW Sandbox, development, QA and production).

IT Environment: SAP R/3, MM, BW, SRM, Virsa, FI/CO

SAP Security Consultant

Confidential,Charleston, SC June 2004 – October 2004

Used PFCG profile generator design and build activity groups and roles.
Designed activity groups by defined functional positions.
Unlocked and locked users from accounts.
Added and deleted transactions from roles.
Supported SAP modules SD, FI, MM, MFG, DM and CO.
Resolved day-to-day user authorization issues assigned from Helpdesk.
Used day-to-day transactions SU01, SU24, SUIM, SE16 and PFCG.
Participated in integration, performance and user acceptance testing.
Followed strict security guidelines and segregation of duties for assigning privileges to users.

IT Environment: PFCG, SAP, SD, FI, MM, MFG, DM, CO, SU01, SU24, SUIM, SE16

SAP Security Administrator

Confidential,Bethesda, MD September 2002 – April 2004

Provided daily security and authorization administration in all SAP modules, including R/3 (SD, MM, FI, CO, WMS, SM), BW, APO, retail and HR.
Used Profile Generator and SAP user administration tools setting up user IDs, assigning and resetting passwords and role maintenance and SAP authorization concept in general.

IT Environment: SAP R/3, Profile Generator

Operating Systems
Microsoft Windows XP, NT 2000, Novell, UNIX, Linux
Software
Visio, Word, Excel, Word Perfect, Project, Works, Outlook, Internet, Active Directory, Electronic Data Interchange, Oracle, Lotus Notes, Citrix, Remedy, Peregrine, HEAT, SAP R/3 (4.0b, 4.5b, 4.6a, 4.6b, 4.6c, 4.7 ECC 5.0, ECC 6.0), Virsa 4.0, 5.0, 5.2, Remote Desktop Connection, SQL, Web/Client based Applications

Languages
C++, ABAP