Sap Security Consultant Resume
Summary:
I am talented Security consultant with 13 years in the IT Industry and 9 years of SAP Security implementation, conversion/upgrade, and security audit expertise. I specialize in the implementation and conversion/upgrade of existing SAP installations to SAP Netweaver 7.0 Scenarios.
I have designed and managed SAP security, using client resources from definition of job roles through to development, testing and migration. I am an experienced consultant who has been involved with numerous Global SAP Security implementations and upgrades where I designed and implemented a security development strategy. I have successfully managed multiple projects simultaneously while delivering excellence. I have performed risk analyses of manufacturing, Health Care and Consumer Goods industries. I have concentrated most recently in BI 7.0 and Portal Broadcast functionality with SSO capability.
Technology Summary:
Proficient in: SAP R/3 3.1i, 4.0B, 4.6c. 4.7 ECC5.0, 6.0 , BW 3.0b BI 3.5, BI 7.0, GRC 5.2 , EP 6.0, EP 7.0, eCATT, LSMW, SAPScript, Virsa/GRC Compliance Calibrator 4.0, 5.2, Netweaver 2004s , Portal Administration CUA,WAS, SSO, UME
Have configured Security for SAP modules: FI, MM, PP, CO, AM, PS, Solution Manager 3.2, HR , CRM 4.0, XI, MDM, SCM/APO 4.1, EBP/SRM 3.0,4.0, BW 3.0b BI 3.5, BI 7.0
Have performed Upgrades – R/3 4.0b-4.6c ECC 5.0-ECC 6.0 BW 3.5-BI 7.0
Experience Summary:
SAP Security Consultant
Confidential 4/2009 to present
- Remote Support for initial Go-live for A&D Customer with ECC, SNC, BI and EP 7.0
- Performed Role/Defect Updates in development during Realization phase
- Validated ECC/BI critical Objects and transaction pre Go-Live
- Assisted developing GRC 5.3 ruleset for above modules with Functional and Controls teams
- GRC 5.3 AE, CC configuration setup and validation
- Configured new GRC 5.3 client installations
- Perform SOD checks for all PRD users with Compliance Calibrator 4.0/5.3 toolset
- Created roles for GRC Firefighter users in Compliance Calibrator for process teams
- Setup Users, Controllers and Owners of GRC Firefighter ID's and provisioned accounts, setup logging and ruleset
- Created Training system users and roles, assisted in data loads and client copies following training refreshes
- Created eCATT scripts for Go-Live user load and role assignment and maintenance.
- Responsible for War Room support, issue remediation post Go-live with critical resolution times
- Documentation of lessons learned and coaching opportunities for successive delivery launches
- Designed retrofit of BI 7.0 roles using Analysis authorizations
- Configured UME access with Delegated Security administration by company
SAP Security Lead Consultant
Confidential 3/2009 to 4/2009
- Created BI 7.0, EP 7.0 Security Model post installation for new BI reporting requirement for Public Sector CM/SLCM customer
- Created System Administrator, Security , and developer roles in BI 7.0 and EP 7.0
- Troubleshot EP 7.0 and BI reporting issues including setup and landscape connectivity , BI integration with EP7.0
- Knowledge transfer to existing staff for BI and EP Security methodology
- Developed testing and case scenarios for future development and future portal integration
- Documented Role design and reporting strategy across Infoproviders and business users with BI 7.0 Analysis Authorizations using RSECADMIN security tool
- Provide production support and development to BI 7.0 module of SAP for the Campus Management/SLCM (CM/SLCM) implementation
- Maintain high level of support by meeting with clients to discuss and determine system issues or areas for improvement
- Develop and implement custom security and enhancements to SAP reporting with no interruption to the business Present recommendations to client management concerning systems upgrades and development opportunities.
- Train users on new systems, upgrades, and enhancements to existing systems
- Research problems, determination of problem origins and corrective actions needed; implementation and testing of solutions; development and testing of new programs; training customers technical team
SAP Security Lead Consultant
Confidential Louisville, KY 3/2008 to 02/2009
- Independent consultant to Fortune 500 Healthcare Company’s SAP security team
- BI Security Lead present from initial planning and design phase through go-live for BI 3.5 to 7.0 Upgrade
- BI 7.0 Upgrade for custom objects securing 1300 profit center nodes restricted via hierarchy
- Migrated 1200 SU02 profiles to BI 7.0 RSECADMIN authorizations with SAP RSEC_MIGRATION tool
- Automated creation and population of new security Roles with BI7.0 RSECADMIN authorizations, assign users by Creating eCATT scripts
- Troubleshooting Authorization issues with RSUDO trace logging functionality
- Designed and created broadcast folders and links in Netweaver 7.0 Portal for reports to 5400 users
- Secured BI Broadcasts by Role assignment, limited by authorizations rollup for 1200 nodes in the profit center hierarchy
- Created XML document and uploaded to 2004s Portal to update Broadcast link permissions for the above
- Co-presenter , developed and delivered the security portion of the above Broadcasting functionality at ASUG 2009 conference, in session titled “Using Netweaver Knowledge Management for efficient and secure information distribution"
- Developed and maintained crosswalk mapping of ABAP authorizations to BI Web templates to rollout new iView structure , utilizing merged worksets under Business navigational tabs
- Created XML Documents that automated Portal role assignment by setting up portal role – ABAP group assignment. This satisfied end user's portal BI Web template presentation needs.
- Researched and Setup Kerberos Authentication upgrade from NTLM to Netweaver 7.0 Portal to accommodate new BI 7.0 SSO functionality
- Maintained NW 2004s Portal Security Zone assignments and PCD authorization settings
- Setup and maintenance of users and personnel records on HR Structural authorizations on ECC 6.0
- Restricted access to data working with infotpes and Authorization objects P_ORGIN, P_PERNR, P_APPL in HR
- Created info type 105 and subtypes 0001, 9010 for the new hires and adding the PD profiles using PO13
- Modified personnel records/structural authorizations , PA20
- Structural Auth assignment maintenance , RHPROFL0
- Lead work group to define security production processes and provided support post go-live
- Assisted with documentation and knowledge transfer to existing staff in above areas
SAP Security Lead Consultant
Confidential Louisville, KY 10/2008 to 1/2009
- Security Lead for BI 7.0 Implementation to secure queries in Integrated Planning, CO/PA, Sales Forecasting
- Create Functional and , Basis, Security Developer, Technical Team roles in BI system
- Create Analysis Authorizations to restrict queries on characteristics and navigational attributes with RSECADMIN
- Testing and resolution of query functionality in 7.0 BEx Analyzer
- Troubleshooting Authorization issues with RSUDO trace logging
- Provide staff training and documentation to the customer’s internal security and development teams.
- Serve as customers’ quality advocate with the external SAP integration partner’s final product
- Provide best practice advice in BI 7.0 Security and BI Query design using 7.0 Query Designer
SAP GRC Lead Consultant
Confidential Louisville, KY 11/2007 to 03/2008
- Performed GRC compliance Calibrator 5.2 Installation and configuration, proof of concept for Existing Virsa 4.0 Customer
- Loaded Global rule set and configured reporting and alerts
- Audited and documented existing SOD conflicts within roles and assigned to users.
- Created and ran eCATT scripts to update security roles with re mediated access.
- Assisted with documentation and knowledge transfer to existing staff in above areas.
- Performed BI 7.0 and ECC 6.0 Authorization updates for profit center Hierarchy consolidation project.
SAP Security Consultant
Confidential Bardstown, KY 10/2007-11/2007
- Independent SAP Security consultant in SAP R/3 4.7, BW 3.5 Global Implementation
- Assisted customers’ transition of Security management from project team to support team
- Validated and granted new user access requests, maintained SOD matrix with Business process Owner’s approval
- Created and tracked requests and approvals for access deltas in customers’ internal repository
- Prepared team for ECC 6.0 Upgrade, Documented roles and Access Matrix using Excel
- Assisted with knowledge transfer to existing staff
Confidential
Sap Security Design Lead to PepsiCo International Brands 02/2007 to 10/2007
- Design Lead in a Global implementation from project preparation phase through 2 go-lives in China, Egypt, The Netherlands, and Mexico
- Delivered Blueprint Security Design from PepsiCo domestic implementation and adapted to international project for FI, MM, PP, CO, AM, PS
- Represented SAP America Presence for Security team in establishing PepsiCo Center of Excellence (COE) with PepsiCo Team lead and integration partner
- Promoted best practice, leveraging domestic implementation documentation and procedures.
- Developed strategy and supported multiple cycle Integration and User Acceptance testing
- Staffed post go-live support with customer’s personnel
Confidential Newtown Square, PA
Senior Consultant to PepsiCo INC 12/2004 to 02/2007
- Independent SAP Security Consultant to SAP America on new Global implementation project at a Fortune 500 Food and Beverage company, 3,000 initial and 65,000 named users.
- SAP Security SME staffed from Project preparation through 7 phased go-lives.
- One of 2 SAP consultants who designed and created Security in BW 3.5, BI 7.0 ECC 5.0, Solution Manager 3.2, CRM 4.0, XI, MDM, SCM/APO 4.1,SRM 4.0, Netweaver 2004s and Supplier Self Service Portals
- Performed Security Upgrade of roles and authorizations ECC 5.0 to ECC 6.0 and , BW 3.5 to BI Netweaver 2004s
- Created Security roles using Profile Generator (PFCG) in an SAP NW 2004s environment
- Designed and Tested and role assignments in NW2004s Portal for WebGUI/ WinGUI comparison
- Automated CUA Security Tasks by creating SAP eCATT scripts and LSMW batch input sessions including: user mass creation, role assignment, Organizational Hierarchy assignment
- Created users and assigned roles manually and in mass through upload in NW2004s Portal
- Setup and Maintained users in CUA with connection to customer’s Sun IDM LDAP through SAP function module RS_LDAPSYNC
- Developed Job role matrix for access request/provisioning through IDM
- Ran Custom batch script regularly to replicate new CUA/IDM users to NW2004s Portal
- Scheduled common Security jobs in SM37 with SCOT email output reporting to PepsiCo SAP Security Team
- Initially created Developer, Configurator, Tools, Basis, Security and functional roles from IMG menu
- Maintained SRM Org Hierarchy through PPOMA_BBP
- Adjusted SU24 Table updates found in unit and system testing and transported throughout the landscape
- Worked with Basis team to develop Solution manager roles for Administrators, Configurators, Change Managers, and Support Desk roles
- Performed initial system security inspection and setup of newly created CUA clients
- Maintained dual development landscape security supporting client’s multiple release strategy
- Created and maintained OSS user accounts to enter the customer system for analysis and correction
- Setup CUA distribution landscape and attached newly built clients to CUA system, assigned Parameters
- Created and Applied security for interfacing applications Tibco, Control-M
- Performed ST01\RSECADMIN Trace for Authorization error analysis
- Created and maintained RFC user accounts to PepsiCo standards
- Created and assigned tables to Custom table authorization groups
- Created Documentation of all procedures for PepsiCo security Team members
SAP AMERICA INC Newtown Square, PA
Consultant to Avaya INC 10/2004 to 12/2004
- Independent SAP Security Consultant at a Fortune 500 communications vendor SAP redesign project to bring SAP Security authorizations within Sarbanes-Oxley compliance.
- Team member in a group of 4 consultants that designed , implemented, and tested solution to internal audit finding of 66,000 SOD conflicts identified by Internal Audit partners
- Performed 3.1h profile and 4.6c role cleanup to mitigate Segregation of Duties conflicts in preparation for external audit and Sarbanes-Oxley for Q4 2004 compliance and SEC reporting requirements
- Created SAP Test User Accounts and modified roles using SAP CATT, performed unit testing and validation
- Staffed post Go-live support with existing SAP Security team
Confidential CA
Consultant to Brown-Forman INC 08/2004 to 10/2004
- Independent SAP Security Consultant on SAP Sarbanes-Oxley redesign project for a major US based distiller and consumer goods manufacturing firm.
- Utilize Virsa Systems’ VRAT and VRMT tools (Currently GRC Compliance Calibrator Suite) to identify, track and eliminate Segregation of Duties (SOD) conflicts within FI, PP, MM, SD, WM, and QM modules.
- Built and maintained user history Microsoft Access database from SAP RBE tool, imported user execution history, proposed role mappings, Virsa VRAT SOD rule set, and SOD Deltas throughout the testing phases.
- Mapped 650 production users’ Tcode execution history, SOD Execution History, and Proposed role assignments, identified SOD’s through Access queries
- Created Microsoft Access Report signoff documents for user SOD mitigation
- Assisted Internal Audit with Key and Compensating Control development
- Created 300 new roles using Virsa Systems’ VRMT tool, analyzed SOD’s and documented secured objects
- Setup and mapping of 650 users in Test bed environment using SAP CATT scripts
Bayforce Technology Solutions Tampa, Florida
Consultant to PricewaterhouseCoopers LLP 02/2004 to 08/2004
- Independent SAP Security Consultant at a global consulting firm’s new SAP 4.7e internal implementation
- New/Refresh Client setup and Security Administration and Authorization assignment in CUA system
- Creation and assignment of Configurator, Developer, end user and security roles
- Created roles for ALE, Background Job, and custom Tcode access.
- SAP Security role and authorization changes in DEV and QA instances using the Profile Generator.
- Transport of roles throughout four SAP instances using SE09, STMS, SCC1.
- Created SAP Roles, and users in standalone training environment for 19,000 named user base covering R/3, BW, CFM, and EBP
- Monitoring CUA logs daily using SCUL, monitoring and reprocessing failed IDOCs.
- Performed routine maintenance and mass creation following system refresh using CATT scripts
- Defect resolution from testing team using Mercury Interactive Test director 8.0
Confidential Oregon
Consultant to Nike, INC Nike World Headquarters 11/2003 to 02/2004
- Independent consultant performing SAP upgrade security in the Supply Chain group for a global 1000 sports fitness company in a global, multi instance environment.
- Create and test 4.7 derived roles for business liaisons in the USA, Canada, Europe, Middle East, Africa and Asia Pacific regions
- Initiate response to development and production support issues generated through Kintana Workbench and Mercury Interactive Test Director requests
- Perform SU24 updates to maintain Tcode associations to Authorization Objects
- Perform Role updates and generation using PFCG
- Mass Transport and deletes of roles and SU24 updates
- Maintain user mappings and virtual Composite Job Role Mappings using PWC Security Administrator For ERP (S.A.F.E.) tool
- Implementing mass changes through CATT and Winrunner scripts
- Daily Transport administration of customization requests through DEV and QA instances using SCC1, SE10, and STMS
- Provide 24x7 support for Unit, Integration, and Regression testers.
Confidential Tennessee
Consultant to Deloitte andTouche 04/2003-09/2003
- Independent consultant on an SAP led enterprise upgrade From 3.1I to 4.7e with 3,000 named users.
- Led requirements gathering sessions with 6 groups of FI business owners.
- Created association of Tcodes to Authorization Objects using SU24.
- Performed role upgrade and authorization cleanup using the Profile Generator, PFCG.
- Assigned/maintained authorization objects in roles in FI, CO, HR, PS, and MM.
- Maintain Access Database records listing Job level Role assignment, history, and updates.
- Worked with Internal Audit Services Group to refine access requirements throughout the upgrade.
- Create 51 Composite Roles and Test ID’s from Realization Phase BPML for Job based testing by QA team.
- Consolidate roles and remove obsolete activities to eliminate Segregation of Duties conflicts.
- Create CATT scripts for automating simple tasks i.e. role assignments, user creates anddeletes.
- Researched authorization error issues using SU53/ST01.
- Setup CUA clients in the security sandbox environment.
- Created Excel matrix of Tcodes to Composite (Job) assignments for business owner groups.
- Resolved testing issues with QA Team using Mercury Interactive Test Director 7.6.
- Create, populate and submit transports for roles across the SAP system landscape.
- Create documentation for ongoing procedures for department employees.
- Work with FI functional team to create a new node level security strategy with 4.7 naming convention.
SAP Security Analyst, IS Security Promoted 2000-4/2003 Confidential Kentucky
- Designed and implemented security mechanisms and procedures for user administration, profile creation, profile maintenance, and management for SAP BW 3.0 environment at a Fortune 500 Healthcare Company.
- Lead for all BW security work from project start on BW 3.0b implementation
- Liaison between Human Resources, Data Warehouse, Information Technology, SAP project teams, Basis administration and auditors
- Work with functional teams to resolve problems during pre-production security testing.
- Upgrade and redesign roles using the Profile Generator, PFCG
- Attended SAP training, including SAP BW365 (SAP 4.6 BW Authorizations), SAP CA940 (SAP 4.6 Authorizations Security Curriculum)
- Create Custom Authorization Objects and assigned to Info cubes using RSSM
- Create reporting roles for Business Warehouse users using PFCG
- Create custom authorization objects to limit data views by profit center, facility, etc.
- Limit access to query data employing User Exits, custom Security Tables, and Structured Authorization Data from SAP HR.
- Assigned authorization objects to profiles in FI, CO, HR, PS, and MM.
- Performed analysis of SU53 as well as setting up and analyzing user traces (RSSM/ST01) to troubleshoot user access problems.
- Defined and implemented security authorizations and roles for end users after working with functional consultants to create the security matrix
- Performed user administration (creating, changing and deleting accounts, assigning roles to users) to create usermaster data.
- Processed transports for roles across the SAP Dev and QA system landscape.
- Worked with functional business contacts to develop SAP activity groups, profiles and authorizations matrix
- Utilize this matrix and a custom CATT script to create 4.6 user master records and role assignments from existing 4.0 users and profiles.
- Developed USR40 table (invalid passwords) for 4.6c system with security team.
- Supported the implementation of SAP R/3 4.6c running Windows 2000 and SQL Server 2000.
- Tested application security rights assigned through profiles and internal directory database on SQL Server 7.0.
- Tested Job role defined user profiles and application access with the Enterprise-wide Windows2000 Migration.
- Supported SAP BW 3.0b environment on an ongoing basis
2002 –HR Structural Authorization Implementation
- Identified Organization Unit relationship requirements and user account assignments
- Documented maintenance, audit and user administration process and procedures
2001 - R/3 4.0 to 4.6 Upgrade
- Worked with development and business users to identify authorization requirements. Designed and created authorization roles and created custom authorization objects/groups
- Mapped existing 4.0 profiles and user assignments to the new corresponding 4.6C role(s)
- Created user account templates and setup the required System/Service/Communication user accounts for Tidal, ALE, Workflow and background processing.
- Scheduled nightly background job for PFUD
Systems Programmer, Database Administration and Capacity Planning 1999-2000
Confidential
- Capacity planning, service level agreements definition and server performance tuning of an environment consisting of 25 SAP R/3 4.0 Windows NT Servers.
- Monitored 50 SAP FI/CO and HR transactions and reported SAP response time to 2 second goal for SLA.
- Implemented the rollout of BMC Best/1 for Distributed Systems V 6.1 - 6.3, and BMC Patrol 6.5 to SAP servers to report performance metrics.
- Implemented Candle eBA software response time monitoring for top 100 SAP transactions in use
Network Administrator II, Information Systems 1998-1999
Confidential
- Relocated Indianapolis facility computer network operations to Louisville, integrating major application components into the Louisville infrastructure.
Network Administrator 1997-1998
Confidential
- Assisted in planning, implementing, and supporting a 125 user Novell Ethernet LAN with ATM WAN connectivity to midrange and client server resources for startup of a 24/7-distribution environment. Configured groups and user account objects and profiles.
Email Administrator, System Support Representative 1996 - 1997
Confidential
- Maintained 1600+ user base for CA E-mail version 4.0, account creation, forms creation and maintenance. Password security through ca-Roscoe and TopSecret.
I have achieved the following Professional Certifications:
- SAP Certified Netweaver Security Consultant 2007
- CISA Certified Information Systems Auditor 2001
- CISSP Certified Information Systems Security Professional 2001
- BMC Certified Professional - BMC Software Patrol Perform/Predict Rating 2000
- MCSE Microsoft Certified Systems Engineer 2000