EXPERIENCE SUMMARY:

• 10+ Years of extensive experience in SAP Security including Implementation, Production support, Post Go - live support, Role remediation, SAP GRC configuration.
• Handled security for various modules: BI, CRM, FI,ECC,SPM, CO, MM, SD, and MDM
• Worked on SECATT, SCAT scripts for mass user and authorizations maintenance.
• Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues.
• Involved in GRC configuration for RAR and SPM. Designed custom Rule sets as per the requirement.
• Identified risks, created Business Processes, Functions and Risks in GRC system, performed risk analysis and mitigation.
• Configuration and support of GRC 10 for EAM, ARA and ARM
• Expertise in SAP GRC access controls 5.3 supports (Risk Analysis and Remediation (RAR) and remediation of SoD violations through detailed analysis, recommendations and Super user Privilege Management (SPM).
• GRC implementation; automation; upgrade experience with GRC RAR, CUP, ERM, SPM and SAP CUA (Central User Administration) integration with SAP GRC 5.3
• Experienced in rating the controls/systems as part of Security Audit Self-Assessment.
• Experience in implementing security in BW including info object level security
• Developed tools related to SAP Security where User Administration and Role Administration has been performed 70% faster than the manual process.
• Granting access in BOBJ, Access provided at folder level
• HANA GRC configuration, BW on HANA implementation
• Maintained different access level for universes to folders in BOBJ
• Created backend roles in BI for Portals and implemented / mapped them in the portal for CRM upgrade project.
• Designed both Info Object level security and cube level security for various functional groups to access reports and data in BW. Administration of BODS.
• Set up chaRM including technical configuration of all necessary SolMan and Remote System components.
• Managed roles and privileges for SAP NetWeaver IDM across the landscape.
• Integrated Identity Manager, UME and corporate LDAP and Basic HR configuration.
• Validated ECC/BI critical Objects and transaction pre Go-Live
• Extensive expertise in the areas of audit, SAP IDM, SOX, BW/BI Security, Portal Security, ECC/R/3 Security, CRM Security, and upgrade projects.
• Developed Job role matrix for access request/provisioning through IDM
• Very good knowledge in Microsoft Excel, Macros, Word, Access and PowerPoint.
• Extensive experience on SAP license audit, SLAW and USMM usage.

TECHNICAL SKILLS:

• Domain/Function
• SAP Experience: SAP security implementation
• SAP security post go-live support
• SAP security production support
• SAP GRC access controls production support
• Proficient with Microsoft Office (Outlook, Word, Excel, PowerPoint, Visio, and Project)

TECHNOLOGY:

ERP Packages: SAP R/3- 4.7EE, ECC 5.0 and ECC 6.0, SCM 5.0, MDM, BI 7.0, HR, CRM and BW3.5, SAP Solution Manager (7.0,7.1)

Security Tools: SAP GRC / Virsa (4.0, 5.3, 10.0) (Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter, Access Control and Process Control), SAP User Management Engine)

PROFESSIONAL EXPERIENCE:

Confidential, Issaquah, WA

SAP Security Analyst/GRC Analyst

Technology ECC 7.0, BI, BW, BOBJ, BODS, GRC10.1, CRM, HCM, Payer Direct, Solution manager, HANA application database, Portal, ITIM (identity management tool).

Responsibilities:

• Designed security for ECC/BW/Bobj for FI/MM/SD and HR reports.
• Conduct meetings and working session workshops to discuss and implement the approved design
• Implemented Automation tools for User administration, Role administration, Monitoring and other business requirements
• Worked on project planning, proposals, resource planning for multiple SAP security, GRC projects
• Work with the technical development teams to create custom function modules to enhance standard functionality to fit the complex cross process-id usage requirement
• Designed security roles with custom tcodes/auth objects, table restrictions, etc.
• Worked on end to end solution for GRC (ARA, EAM, ARQ)
• Worked on SOP for User auto provisioning from GRC 10 to plugin systems when a request is submitted via ITIM/IAM
• Designed and developed policy and procedures for GRC EAM, ARA and ARM
• Designed and developed GRC UAR (User Access Review) solution to review the user access every quarter
• Worked as Liaison between Business and Internal/external Auditors.
• Developed a roadmap in implementing new technologies and tools like Hana, IDM/GRC integration, PING federation for SSO
• Implemented Automation tools for User administration, Role administration, Monitoring and other business requirements
• Implemented Security solutions to be compliant with SOX and PCI standards.
• Designed and developed custom roles in HANA Database for Data Modelers, Developers, Administrators, Power Users and End Users.
• Identified risks, created Business Processes, Functions and Risks in GRC system, performed risk analysis and mitigation.
• Defined SLAs for response and resolution of SAP security issues
• Documentation of security role design and GRC configuration for production support team
• Performed extensive role redesign for ChaRM security roles
• Analyzed the risk violations and taken precautionary actions to redesign SAP security
• Used SQL scripting for writing stored procedures in HANA.
• Developed security for SLT HANA replication.
• Well versed in use of HANA Lifecycle Manager for transporting objects.

Confidential, Chicago, IL

Technology: SAP ECC, BW, GRC, APO

Sr. SAP HANA Security Consultant

Responsibilities:

• Ball and Ardagh acquired Confidential, Worked on Security blueprint for role re-design
• Involved in developing play book for go-live and extensively supported hyper care for post go-live.
• Documented role design changes, User access changes, Custom development changes & approvals for audit purpose
• Managed SAP HANA Content for SAP Customer Activity Repository (CAR). Created roles for virtual data models, Query Views.
• Created CAR repository roles to provide access for Net sales, Inventory, category manager.
• Involved in integration of SAP HANA with GRC using HANA Plug-in
• Developed new HANA access requests and approval work flows
• Created Functions, Risks and Rule sets for HANA Database
• Proficient in implementing and technically configuring SAP GRC Access Controls 10.1 components such as Access Risk Analysis(ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business Role Management(BRM)
• Implementation exposure of multi stage multi path workflows, configuring email notification and business rules framework plus rules.
• Created design and training documentation for the application.
• Configuration and analysis for risk analysis reporting.
• Configured Access Risk Analysis module by Creating Connector, setting up Connector type, updating Global Rule sets, Updating Repository Sync (User, Role and Profile).
• Performed User/role level Segregation of Duties (SOD) analysis using GRC ARA, remediated and mitigated SOD conflicts to address security controls for SOX (Sarbanes - Oxley) compliance.,
• Expert in Configuring EAM and configured Fire Fighter id's, Fire Fighter owners and Fire Fighter Controllers
• Performed workshops with Business users to make them understand how to get more benefits from GRC and let them know End to End GRC Functionality and gathered the required data from business users
• Involved with Security Design of HANA Object privileges, Package privilege, Analytic privileges - Attribute views, Analytic views, Calculation views and Roles
• Implemented SAP HANA User Security and Management using HANA Studio
• Extensively used authorization dependency viewer within SAP HANA Studio (Information Models) to troubleshoot authorization errors for object types that typically have complex dependency structures like stored procedures and calculation views.
• Worked on Core SQL-Based Security Roles for Modeling and Monitoring with the SAP HANA database.
• Developed repository roles to provide access to database, basis and developer teams.
• Trouble shooting data preview authorizations using Authorization trace
• Configuring Audit Logs to record grant role, revoke role actions, critical security and sensitive data access

Confidential, Northbrook, IL

Technology: SAP ECC, BW, CRM, GRC 10.0 and Solution Manager

SAP Security Engineer

Responsibilities:

• Worked with Finance, Supply chain management, sales & customer service, Basis, Development, Configuration, Change Control, Training and Testing teams during role design, testing phases.
• Responsible for Analysis, Design, Develop, Test and Implementation of roles in BI, ECC, SRM, CRM, GTS, APO/SPP and CUA applications for the Enterprise Wide implementation project.
• Created custom rules in SAP GRC to perform the risk analysis in roles for various business processes and functions.
• Recommended and created mitigation controls in SAP GRC
• Assign firefighter Id's to support users in order to resolve the issue which requires sensitive access
• Worked with Business Manager and Internal Audit in designing and developing GRC compliant composite and single roles for the company
• Providing support in SOX monitoring reports & Automated Security SOX control monitoring.
• Schedule BG jobs for SoD risk analysis
• Handled License administration activities end to end. Familiar with USMM and SLAW tcodes
• GRC Lead for implementing end to end solution to GRC (ARA, EAM)
• Worked on SOP for User auto provisioning from GRC 10 to plugin systems when a request is submitted via ITIM/IAM
• Designed and developed policy and procedures for GRC EAM, ARA and ARM
• Configured MSMP and BRF+ workflows
• Implemented end to end SAP Security for Solution Manager 7.1(ChaRM)
• Experience in setting up Security Roles for Solution Manager & CHARM
• Solve issues with TMS (Transport Management System), background jobs
• Designed security roles for authorization of Incident Management, Change Management, Root Cause Analysis etc. work centers.
• Worked with Basis team to develop Solution manager roles for Administrators, Configurators, Change Managers, and Support Desk roles.
• Worked on 7.2 upgrade and implemented new functionailities
• Front End and Back End BOBJ integration with ECC system
• Worked in developing security blue print, planning, requirement gathering and Implementation of end to end BOBJ security
• Added user to a group
• Added folder to a group
• Added universe to a group
• Added security role to a group
• Maintained group access levels for Universe, Folders as per the requirement
• Set up security by Info Area, Info-Cube, Info-Object, QUERY and WORKBOOKS.
• Configured roles and authorization objects to secure reporting users.
• Limiting the Query access within the BEX Analyzer.
• Implemented Info Object Security (field-level security) for Reporting Users and also created custom reporting authorization objects.
• Maintaining authorizations for Hierarchies.
• Tracing the SAP-provided objects and custom reporting authorization objects to debug an authorization.
• Tracing the users, SAP objects and custom reporting authorization objects to debug an authorization error, resolving the issue by giving required authorizations
• Trained & knowledge transferred the security personnel for BW, BI Technology.
• Building security for Administrative users using SAP provided scripts, templates.
• Setup users in BODS with repository & troubleshooting the access issues.
• Interacting with functional and technical consultants for problem diagnosis in BI.
• Worked with the t-code for creating custom authorization objects & S RS AUTH for assigning authorization objects for BW query end user roles.
• Created roles using PFCG and Analysis Auth using RSECADMIN.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• Trouble shooting authorization issues using portal execution and traces in backend SAP
• Designing the security based on CRM functional requirements in order to align with the business role design and organization’s position hierarchy
• Built test environment and supported unit, integrating and user acceptance testing and managing defects

Confidential, Louisville, KY

Technology: SAP ECC, BW, Virsa 4.0 and IDM Quest

Sr. SAP Security Consultant

Responsibilities:

• Automated creation and population of new Roles and users for a Rollout
• Worked closely with IDM team and performed role reconciliation to synchronize SAP with IDM system
• Creation and testing of customized transaction codes (Z codes) by working closely with all functional teams.
• Trouble shoot authorization errors using trace analysis.
• Role remediation based on the SOD analysis and Risk analysis.
• Modified Rule set by analyzing the Risks and false positives.
• Performed Usage analysis in VIRSA for critical transaction codes.
• Involved in massive role re-design from the identified risks with Business process.

Confidential, Alpharetta, GA

Technology: SAP ECC, BW, GRC and ICS/Audit support

Executor & Security Lead

Responsibilities:

• Lead for four member’s team of ICS/Audit activities.
• Single point of contact for ICS/Audit activities.
• Responsible for Health Care ICS/Audit execution includes Weekly/monthly/quarterly and Annual controls.
• Review B&C type users & Emergency User
• Check deactivated users
• Password & Security Parameters verification
• Review users details and process according to requirements
• Review Initial and Reset Passwords
• Periodic Review of User Access Rights, Terminations and Transfers
• Review physically deleted users and process according to requirements
• Review users having standard SAP roles / profiles and process according to requirements users with authorization to (un)lock / reset passwords for critical user groups and process according to requirements
• Perform owner's review of limited allowed critical IT access and process according to requirements
• Review IT related SoD combinations and process according to requirements
• Review business related SoD combinations assigned to IT users and process according to requirements
• Review table logging
• Quality review of roles
• Created System Administrator, Security, and developer roles in BI 7.0
• BI reporting issues including setup and landscape connectivity
• Review users with non-allowed critical IT access and process according to requirements
• User administration & Role administration
• SM7 request/incident/task processing
• Through knowledge of SOX compliance and best practices in SOD remediation. Streamlined the User Access Request process by clearly defining the appropriate access for each functional team
• Extensively worked with Sarbanes-Oxley Compliance Strategy management related to SAP business processes
• Schedule BG jobs for SoD risk analysis
• Run SoD reports for users based on GRC ARM requests
• Apply mitigation controls for users with SoD conflicts
• Design & manage MSMP ARM work flows
• Processing of GRC 10 Access Requests
• Assigning FFID’s to users in GRC 10 and extracting log reports in Emergency Access Management module
• Post provisioning of idM requests.

Confidential, Deerfield, IL

Technology: SAP ECC 6.0 Security Implementation, GRC SPM and RAR

Sr. SAP GRC Consultant

Responsibilities:

• Understanding the existing organizational ERP security policies and procedures.
• Configured and Implemented GRC Access Control Suite
• Implemented GRC’s Role Expert and performed a security redesign based on the CC facilitated Internal Controls Framework.
• Function mapping for the custom risks.
• Enabled regulated Super user access control via GRC’s Firefighter.
• Reviewed and monitored Firefighter activities.
• Analysis of Custom risks and standard functions.
• Analysis of the appropriateness of the Transactions (functions) within the custom risks.
• Utilized trace (ST01) results to identify the expected authorization values and incorporated them into the security roles after the upgrade.
• Created users and roles in MDM repositories and restricted based on Functions and tables.
• Performed security checklist after the client copy.
• GRC SPM and RAR unit testing
• Performed a mapping of the portal roles with the backend system.
• Designed the SAP security architecture for the Finance transformation project and discussed with various functional teams to design the security for overall SAP.
• Handled security for Business Objects (BO).
• Worked with Dynamic actions and info type’s tables.
• Worked on Authorization Objects P ORGIN, P ABAP, P PERNR, P ORGXX etc.
• Maintained authorization profiles using OOSP.
• Experience on NWBC and fixing Security related issues.
• Setup and maintained Organizational Structure including Organizational Units, Jobs, Positions, Cost Center assignments etc.
• Assigned tasks to positions and integrated all these into the enterprise organizational plan.
• Assigned the various organization units and positions to cost centers.
• Assigning roles to BP and maintaining PFCG role with relevant authorizations.