OBJECTIVE

To achieve a challenging opportunity in SAP ECC Security Domain with an emphasis on optimized Role Generation and Access Control Mechanisms. Also to perform outstandingly and provide high end optimized solutions to clients through extensive knowledge of continually provided value-added services through thoughtful experience, excellent logical aptitude and communication skills.

• Over 7+ years SAP experience in SAP R/3-ECC Application Security as SAP R/3-ECC Security Analyst and Administrator and 2+ years as SAP ECC/R/3 Security Lead.
• Experience of 2 Full Life Cycle Implementations of SAP (Applied Materials and SCE).
• Expertise in SAP Application security design, development and administration of R/3/ECC environment for the following modules FI-CO, SD, MM, PP, CRM, SRM, SCM, SEM, MDM, HR/HCM, BCS/BPS and SAP BW\\BI.
• Expertise in designing security for SAP R/3 releases 3.1G, 4.0B, 4.5B, 4.6C, 4.7, ECC 5.0 and ECC 6.0.
• Expertise in collecting business requirements for Security, converting them to Business Documents and designing and building the security accordingly.
• Worked on designing the Security requirements for SAP Business Objects.
• Received special contribution award from Applied Materials Business Transformation Management Team.
• Expertise in close integration of BI reports/ T-Codes on Portal and troubleshooting the issues if any.
• Expertise in designing and implementing SAP BI Security (new and migration).
• Experience in designing and implementing SAP HR Security using position based Security.
• Expertise in conducting workshops with business, understand the business requirements and provide the solutions as per SAP Best practices.
• Security Upgrade/Migration experience from 4.0x or 4.5x to 4.6A/B, ECC 5.0.
• Experience in Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorizations for various landscapes using Profile Generator (PFCG) and Analysis Authorizations (RSECADMIN).
• Remediation of Segregation of Duties (SOD) within SAP implementation for SOX (Sarbanes Oxley) Compliance using VIRSA(GRC) Systems VRAT 4.0, 5.1 and 5.2 tools (Compliance Calibrator, Access Enforcer, Fire Fighter and Role Expert).
• Experience designing various kinds of roles (Reference Roles, Single Roles, Derived Roles, Composite Roles and Enabler/Value Roles,) using Profile generator (PFCG).
• Experience setting up users and security on Enterprise Portal and creating users/user groups through UME for SAP Netweaver.
• Experience in setting up and maintenance of Central User Administration (CUA)
• Excellent skills in preventing, mitigating and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy.
• Expertise in working on change management tools like Remedy, Lotus, Mercury etc for troubleshooting.
• Knowledge in creation of Multiple R/3 User IDs using CATT/eCATT Scripts.
• Experience in user administration 24x7 on call production support, quick turnaround for end user requests, and helpdesk support for user administration.
• Self starting, highly dependable, results oriented SAP Security Functional Analyst with hands on R3 implementation, system enhancements and production support responsibilities.
• Excellent Oral/Written Communication skills demonstrated in giving presentations to mass business users and involved in training them as well.

• Confidential,OH (SAP Security Lead) July 2009 - Current
• Confidential,OH (SAP BI Security Lead) Apr 2009 – Jun 2009
• Confidential,CA (SAP ECC Security Lead and BI/GRC Security Analyst) Aug 2007 – Mar 2009
• Confidential,CA (SAP ECC Security Analyst) Jan 2007 – Aug 2007
• Confidential,CA (SAP ECC Security Analyst) Oct 2006 – Jan 2007
• Confidential,CA (SAP R/3 Security Administrator) Feb 2005 – Sep 2006
• Confidential,India (Software Engineer) Aug 2002 – Feb 2005

SAP VERSIONS: SAP R/3 3.1G, 4.0B, 4.5B, 4.6C, 4.7, ECC 5.0/6.0.
SAP SKILLS: SAP BW 3.1, 3.5 and BI/BW 7.0, CRM 5.0; 7.0; 2007, SRM 5.0, SCM 5.0, EP 6.0, MDM, BCS/BPS, EDW and Netweaver 2004s
SAP TOOLS: VIRSA (GRC) – VRAT 4.0, 5.1, 5.2 (Compliance Calibrator, Access Enforcer, Business Object, Fire Fighter and Role Expert), PFCG, CUA 6.4,Approva
SAP EP 7.0 SKILLS: Administration: iViews / Roles / Worksets / Pages, EP 7.0, UME, System Definitions, Folders, User, Groups, Transport Packages.
Security: Single Sign on (SSO) using logon tickets. User Mapping, LDAP Directory with UME, SAML.
CHANGE MANAGEMENT TOOLS: REMEDY Action Request System, Mercury KINTANA, Mercury Test Director 8.0, Quality Center 9.0/9.2
DATA BASE: MSSQL, SQL Server 2000, ARES, Oracle 8i/9i.
MS OFFICE TOOLS: MS Office Suite (Word, Excel, Access, Power Point), Office 12, Visio and MPP.
LANGUAGES: UNIX, C, C++, JAVA.
TESTING TOOLS: WinRunner, Bugzilla, Test Director 7.0, and Quality Center 9.2
GUI TOOLS: Visual Basic 5.0/6.0 and Java Swings.
WEB TECHNOLOGIES: HTML, ASP, XML, UML.
MAIL CLIENTS: IBM Lotus notes 6.1, MS Outlook Express.
OS: Windows 9x/NT/2000/Me/XP/VISTA, UNIX, MAC (Leopard, Tiger, Panther)

• Bachelor of Engineering
• Extensive training in SAP Security, SAP SD, BW/BI, and ABAP.
• Training in Java, Oracle, UNIX, C and VB.

Columbus, OH

Environment:
SAP ECC 6.0 (SD, MM, PP, FI-CO, Retail), Netweaver 2004s (BW/BI 7.0, EP 7.0, MDM 5.5, EDM), IDM, MS Access, Excel, Win XP SP2.

Description:
The scope of the project is the brand new implementation of SAP. Security requirements were collected from the business for SD, MM, PP, FI-CO and Retail and then the security was designed and built accordingly. After the design, build the testing phases is going on now. Apart from this, the manual SoD analysis was done for all the roles and after discussion with business and Internal Audit, the mitigation controls were put up in place. The Single/Derived Role strategy was used for implementing Security in SAP and Identity Management was used to do user provisioning.

Responsibilities:

• Collected Business requirements from different functional business owners for both ECC and BI.
• Organized and conducted workshops to collect these requirements for both the Master and the Derived role phases.
• Manual SoD was performed on the roles for SD, MM, PP, Retail and FI-CO.
• Worked on IDM for user provisioning and assigning the roles to Job Codes.
• Initiated discussion with Internal audit to put controls on place where the Business needed to assign critical T-Code combinations to one person.
• Intensively used MS Access for the slicing and dicing of the data.
• Involved in the identification of Key controls, Risks and SOD issues.
• Created matrices as per the industry best practices to collect the role data and organize the requirements.
• Involved in defining the strategies for role request, ownerships and report access in portal.
• Made the BI Security Roles as granular and optimum so that the InfoObjects can be utilized as much as possible without creating too many Analysis Authorizations.
• Optimized the Roles and Analysis Authorization for maintenance purposes.
• Used the roles as the medium to assign the analysis authorization objects rather than direct assignment.
• Created roles using PFCG and Analysis Auth using RSECADMIN.
• Assisted with review of SAP menu and role changes and impact on security/authorizations including strategy for attaching area menus to SAP standard versus User area menus.
• Documented the Role Matrix procedure for different modules and business processes, new user request from and security profile maintenance procedure.

Toledo, OH

Environment:
SAP ECC 6.0, Netweaver 2004s (BW 3.1, BW/BI 7.0, EP 7.0, PI 7.0, MDM 5.5, EDM), Business Objects (BOBJ), CRM 2007, SRM 5.0, SEM BCS/BPS, Approva, Win XP SP2.
Description:
The scope of the project is the brand new implementation of SAP BI/BW and upgrade from 4.7C to ECC 6.0 for over 2000 user base. Security requirements were collected from the business including complicated reports requirements and then the security was designed and built accordingly. After the design, build and testing phases, the project went live very smoothly. Apart from this reviewed the existing Security Design for the initial live phases and provided the feedback for making the changes as per the industry best practices. The Derived/Composite Role strategy was used for implementing Security in SAP.

Responsibilities:

• Collected Business requirements from different functional business owners for both ECC and BI.
• Organized and conducted workshops to collect these requirements for both the Master and the Derived/Composite role phases.
• Created matrices as per the industry best practices to collect the role data and organize the requirements.
• Understood the entire BI data model and aligned the security with the right balance of the BI implementation goals and the complicated business requirements.
• Designed the security for reports which were viewed in Business Object (BOBJ).
• Involved in defining the strategies for role request, ownerships, report access in portal and business objects.
• Designed the security around the InfoArea level rather than drilling down too much at the report or the InfoCube level.
• Made the BI Security Roles as granular and optimum so that the InfoObjects can be utilized as much as possible without creating too many Analysis Authorizations.
• Optimized the Roles and Analysis Authorization for maintenance purposes.
• Used the roles as the medium to assign the analysis authorization objects rather than direct assignment.
• Created roles using PFCG and Analysis Auth using RSECADMIN.
• Designed Security for SEM BCS/BPS and aligned the same requirements in BCS BI Reports as well.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• Resolved BI Authorization issues using RSECADMIN logs and worked with BI developers to modify the reports as per the business requirements and including the authorization variables in the reports.
• Created security for characteristics, navigational attributes, hierarchies and key figures.
• Performed content management on the process portal roles by establishing delta links of the BI portal roles with the relevant/mapped process portal roles.
• Assisted with review of SAP menu and role changes and impact on security/authorizations including strategy for attaching area menus to SAP standard versus User area menus.
• Documented the Role Matrix procedure for different modules and business processes, new user request from and security profile maintenance procedure.
• Involved in the identification of Key controls, Risks and SOD issues using Approva.

Santa Clara, CA

Environment:
SAP ECC 6.0, Netweaver 2004s (BI 7.0, EP 7.0, PI 7.0, MDM 5.5), CRM 2007, SRM 5.0, SCM 5.0, SEM BCS/BPS, GTS 7.2 , SAP-GRC Compliance Calibrator 5.2, Fire Fighter and Access Enforcer, Remedy and Win XP SP2.

Description:
The scope of the project was the brand new implementation of SAP BI and upgrade for ECC from 4.7C for over 15000 user base. Security requirements were collected from the business including complicated reports requirements and then the security was designed and built accordingly. After the design, build and testing phases, the project went live very smoothly. Apart from leading the ECC design effort, was involved continuously in defining security strategy for the BI. The Derived/Composite Role strategy was used for implementing Security in SAP. Along with this, was also involved in the GRC implementation and designing CRM Security.

Responsibilities:

• Collected Business requirements from different functional business owners for both ECC.
• Organized and conducted workshops to collect these requirements for both the Master and the Derived/Composite role phases.
• Created matrices as per the industry best practices to collect the role data and organize the requirements.
• Designed security and authorizations for SAP ECC 6.0, MDM 5.5, CRM 2007, SRM 5.0, SCM 5.0, SEM BCS/BPS, GTS 7.2 and BI systems.
• Performed role upload from CUA (global composites) and BI systems and thus created portal roles.
• Performed content management on the process portal roles by establishing delta links of the BI portal roles with the relevant/mapped process portal roles.
• Assisted with review of SAP menu and role changes and impact on security/authorizations including strategy for attaching area menus to SAP standard versus User area menus.
• Documented the Role Matrix procedure for different modules and business processes, new user request from and security profile maintenance procedure.
• Involved in the identification of Key controls, Risks and SOD issues.
• Designed functional team specific Firefighter (FF) Roles and worked with controls team to get the approval.
• Worked on creation of FF id in GRC Firefighter and assigning them the FF roles approved by the Internal Audit and Controls Team.
• Ran SOD analysis in Compliance Calibrator on user requests and reported the SOD conflicts in the role request forms in Access Enforcer. This process was manual at Applied Materials due to limitation on global composite role strategy used.
• Used eCATT scripts to create mass users, mass role assignments and mass menu reads.
• Conducted POC (Proof of Concept) to explore capabilities and portability of NWIM (Netweaver Identity Manager) opposed to SAP CUA (Central User Administration).
• Conducted POC (Proof of Concept) integrating LDAP with NWIM for Automated User Provisioning.
• Understood the entire BI data model and aligned the security with the right balance of the BI implementation goals and the complicated business requirements.
• Designed the security around the InfoArea level rather than drilling down too much at the report or the InfoCube level (with some exceptions of functional areas like Finance and Pricing).
• Optimized the Roles and Analysis Authorization for maintenance purposes.
• Used the roles as the medium to assign the analysis authorization objects rather than direct assignment.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• Resolved BI Authorization issues using RSECADMIN logs and worked with BI developers to modify the reports as per the business requirements and including the authorization variables in the reports.
• Created security for characteristics, navigational attributes, hierarchies and key figures.
• Created PFCG roles, inherited menus from the objects of the relevant business role and generated profiles in CRM
• Configured business roles by associating the relevant PFCG role in CRM.
• Assigned business roles to the user in the org structure, thus creating a Business partner (BP) and relevant PFCG role with-in the user master record in CRM.
• Coordinated design of functional specs for custom reporting requirements per CRM and BI integration.
• Troubleshoot user roles, security authorization objects and authorizations to resolve security conflicts using transactions SUIM, SU53, RSECADMIN Error Logs and ST01 and provided the development and production support.
• Perform reconciliation of user master record and roles using PFUD and SUPC.
• Involved in scheduling the background jobs.
• Download User/Role tables (USR02, AGR* etc) using SE16 into Excel and sort (Slice/dice) data as needed.
• Ensure that security authorization procedures are adhered to and that users do not receive authorizations that are outside of company guidelines/business requirements.

Achievements:
Received special achievement award from the Applied Materials PMO for outstanding contribution in making the go live success.

Confidential,

Irwindale, CA

Environment:
SAP ECC 6.0, Netweaver 2004s, BI 7.0, CRM 5.0, SRM 5.0, SCM 5.0, EP 7.0, XI, SD, MM, FI\\CO, HCM, SAP-GRC Compliance Calibrator 5.2 and Remedy and Win XP SP2.

Description:
The scope of the project was the brand new implementation of SAP ERP for over 10,000 user base. The Security Team was responsible for ensuring Role and Position based security for SD, MM, FI-CO, CRM, SRM, SCM, HCM and BI modules. Also remediation of Segregation of Duties using Compliance Calibrator. The day to day activities involved not only the role changes, but also the regular development environment support.

Responsibilities:

• Responsible for day to day technical support and resolution of security issues, trouble shooting BI, R/3 and Portal security problems.
• Assisted with review of SAP menu and role changes and impact on security/authorizations including strategy for attaching area menus to SAP standard versus User area menus.
• Created and modified Single roles, Composite roles and Derived roles using automatic profile generator (PFCG) to meet business requirements by making sure users do not get more authorizations than needed or assign missing authorizations to perform their tasks.
• Created BI roles using PFCG and analysis Auth using RSECADMIN.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACTVT, 0TCAIPROV, 0TCAVALID.
• Resolved BI Authorization issues using RSECADMIN logs and worked with BI developers to modify the reports as per the business requirements and including the authorization variables in the reports.
• Created a personnel master record and assigned it to the organizational plan using PA40 and also info type using PA30.
• Worked on Position based security & Authorizations through PA20, PO13, PA30.
• Created Structural authorization profiles (OOSP), authorization maintenance and described the details of the profile & assign users to authorizations by OOSB.
• Assigned Structural authorization profiles to user ID’s using RHPROFL0 to automatically assign appropriate structural authorization profile to each user ID.
• Worked with P_ORGIN & P_PERNR Objects for different Infotypes, Subtypes.
• Creating and modifying the roles as per the SOD and SOX matrix prepared by the Audit team.
• Provided daily security and authorizations management of SAP R/3 SD, MM, FI-CO and BW\\BI systems.
• Documented the Role Matrix procedure for different modules and business processes , new user request from and security profile maintenance procedure
• Involved in the identification of Key controls, Risks and SOD issues using Compliance Calibrator.
• Performed user administration activities for R/3 and portal such as setting up user login Ids and assigning and resetting passwords, locking and unlocking users.
• Troubleshoot user roles, security authorization objects and authorizations to resolve security conflicts using transactions SUIM, SU53 and ST01.
• Assigned roles to positions rather than users using position based security.
• Perform reconciliation of user master record and roles using PFUD and SUPC.
• In BW security created roles and authorization based on the Info Cube and Info Area level.
• Involved with technical team in setting up SAP system for auto log-out, password length and expiration and specifying impermissible passwords.
• Created Custom Authorization Object suing SU21.
• Used SU24 and maintained check indicators for Transaction codes.
• Used eCATT scripts to create mass users, mass role assignments and mass menu reads.
• Download User/Role tables (USR02, AGR* etc) using SE16 into Excel and sort (Slice/dice) data as needed.
• Ensure that security authorization procedures are adhered to and that users do not receive authorizations that are outside of company guidelines.

Achievements:
Received management recognition for excellent production/development support and outstanding contribution in the project testing efforts.

Confidential,

San Jose, CA

Environment:
SAP ECC 6.0, R/3 Enterprise Edition 4.7, BI 7.0, SD, MM, FI\\CO, CRM, SRM, Enterprise Portal and Win XP SP2.

Description:
The scope of the project is to implement SAP Security for SAP R/3 for SD, MM, FI-CO, CRM, SRM, BW 3.1, 7.0 modules. Responsible for implementing the BI 7.0 Security. Remediation of Segregation of Duties using Virsa/GRC Tools. Also helped in the smooth Go-Live by contributing in Pre and Post Go-Live support activities.

Responsibilities:

• Participated in designing, writing and implementing security related standard procedures for the user administration, roles and profile generation.
• Created and modified Single roles, Composite roles and Derived roles using automatic profile generator (PFCG) to meet business requirements by making sure users do not get more authorizations than needed or assign missing authorizations to perform their tasks.
• Documenting the role – transaction matrix, after interacting with Business Process Experts.
• Provided daily security and authorizations management of SAP SD, MM, FI-CO and BW\\BI systems.
• Create new users (Dialog, Batch etc) and maintain user master record using SU01.
• Performed user administration activities such as setting up user login Ids and assigning and resetting passwords, locking and unlocking users.
• Creation, Modification and Assignment of Roles/Profiles to users using PFCG after running reports on Compliance Calibrator.
• Ensured segregation of duties (SOD) exits in the SAP systems using the VIRSA systems VRAT tools (Compliance Calibrator and Fire Fighter).
• Developing SOD matrix with cooperation of functional people.
• Identifying Security’s Key Role in Maintaining Sarbanes-Oxley Compliance (SOX).
• Analyze Root Cause of Authorization Problems and fix the missing authorizations.
• Troubleshoot user roles, security authorization objects and authorizations to resolve security conflicts using transactions SUIM, SU53 and ST01.
• Help test roles and authorizations in QA environment.
• Involved in Enterprise Portal Security and creating users through UME for SAP Netweaver.
• Experience in setting up Central User Administration (CUA) and maintenance.
• Providing production support security by handling call tickets and change request forms in Remedy system
• Perform reconciliation of user master record and roles using PFUD and SUPC.
• In BI security created roles and analysis authorization based on the Info Cube and Info Area level.
• Involved with technical team in setting up SAP system for auto log-out, password length and expiration and specifying impermissible passwords.
• Used SU24 and maintained check indicators for Transaction codes.
• Download User/Role tables (USR02, AGR* etc) using SE16 into Excel and sort (Slice/dice) data as needed.
• Ensure that security authorization procedures are adhered to and that users do not receive authorizations that are outside of company guidelines.