Over 7 years of strong experience in IT industry of which over 6 years working experience in SAP R/3 and BW SYSTEM SECURITY. I possess a complete understanding of SAP R/3 and BW system integrity in technical as well as functional areas, which allows solving potential problems in specific functional area as well as system area. I have been involved in complete SAP R/3 Projects lifecycle from design phase to post-implementation phase on various projects. Performed SAP Security related task such as Security Audits, SOX (Sarbanes Oxley) Compliance, Developed and Documented Security Policies and Procedures, User maintenance, Activity group/Role maintenance using profile generator, security redesign strategy.

SAP KEY STRENGTHS:

• Experience includes analysis, development, and maintenance of SAP Security in SAP R/3 (4.7), ECC (6.0/5.0), SAP BW(3.0, 3.5),BI 7.0,SCM ,CRM
• Experienced in 3 full cycle security implementation for modules such as FI, HR, CO, SD, MM, PP, QM, PS and PM.
• Experienced extensively in using Automatic Profile Generator (PFCG) in creating and modifying Single Roles, Composite roles and Derived roles
• SAP Security design using structural authorizations (HR-ORG)
• Knowledge in creating positions and jobs in HR
• Worked on HR level security, work center, job, organizational unit, position and user level.
• Experience in Portals- Single Sign On
• Worked as a liaison between HR and PM project teams.
• Experience in analyzing and processing, SOD and SOX issues.
• Performed User Master Reconciliation using (PFUD and SUPC).
• Experienced extensively in User Information System (SUIM)
• Implementation and maintenance of Central User Administration (CUA).
• Experience in Troubleshoot roles using SU53, ST01 and ST03.
• Experience in creating and Authorization Groups for securing Tables & Programs using SE54 and RSCSAUTH.
• Extensive Knowledge in using GRC Tool for handling SOD conflicts
• Extensive Knowledge of User Groups and User Administration.
• Strong knowledge of Security related tables and reports/programs
• Experience in Security Upgrade including upgrade to Enterprise R/3 4.6, 4.7 and ECC 6.0, 5.0 - SU25
• Experience in implementing security in BW (3.0B, 3.1C and 3.5) ,BI 7.0 including info object level security
• Acted as Liaise with Audit department to establish and review critical and sensitive authorizations, implemented improvements to meet audit requirements.
• Generated Audit Information Systems (AIS) logs (SM19,SM20,SM18)
• Strong documentation and training skills and enabling knowledge transfer.
• Extensively worked with the end users to resolve their security related problems by handling Trouble tickets in the production environment
• Excellent analytical and logical programming skills with a good understanding at the conceptual level and possess excellent presentation, interpersonal skills with a strong desire to achieve specified goals.

TECHNICAL SKILLS:

ERP Skills: SAP R/3 4.6A, 4.6B, 4.6C, ECC 5.0, ECC 6.0, GRC, SAP BW 3.0,
3.1C, 3.5, BI 7.0
mySAP (SCM, CRM, Portals)
Database: SQL Server 2000, Sybase, Oracle 9i Enterprise Edition
Programming: C, C++, JAVA, PASCAL, VB
Scripting Languages: Java Script, VB Script
Platforms: UNIX, Windows NT, 2000/Pro, Mainframe
Other Tools: Matlab, Pro/Engineer, Business Objects XI-R2

PROFESSIONAL EXPERIENCE:

Confidential, Melville, NY June'09-Nov'09

SAP Security Consultant

Responsibilities:

• Responsible for defining, developing and testing authorization roles in PM, FI, MM, HR and BI.
• Worked on HP Quality Center to solve defects during Integration Testing.
• Created and modified HR Single roles, Composite roles and Derived roles
• Involved in security design for SAP HR Implementation
• Maintained users in Central User Administration (CUA), monitored user activities, troubleshoot user level problems to access the servers and managed security throughout the SAP landscapes.
• Used SUIM and security related tables such as AGR_TCODES, AGR_USERS, AGR_1251, AGR_1250, AGR_DEFINE to generate Reports
• Troubleshooting security problem by using different scenario such as ST01, SU53 to find security issues.
• Interacted with business users for designing the roles and performed integration and unit testing.
• Creating the reports using BEX Analyzer and customizing the workbooks for individual users
• Use transaction code RSECADMIN to develop info cube and ODS level security based on profit and cost centers. Build user roles based on folders at the query level as client specifications.
• Troubleshoot the authorization problem using RSSMTRACE, RSSU53 and also using RSR_TRACE
• Worked with the functional teams to facilitate design and creation of roles under tight deadlines.
• Worked on Production Support for ECC 6.0, BI 7.0, Portals.
• Provided user access and client authentication for Solution Manager 4.0.
• Extensively worked with ECATT (SECATT) for mass user creations.
• Responsible for providing HR security support.
• Handled day-to-day security problems at various locations provided 24/7.

Confidential, SaintLouis, MO Jul'07- May'09
SAP Security Analyst/Security Liaison

Responsibilities:

• User Administration for more than 10,000 users. Creating new users and maintaining users on day to-day basis.
• Worked with Business experts in placing Mitigations for Conflictingand Critical roles.
• Created and modified HR Single roles, Composite roles and Derived roles
• Configured HR personnel positions. Defined end user roles to be attached to HR position.
• Supported role design for HR module sensitive employee data
• Maintained Virsa SAP GRC 4.0 security tools such as compliance calibrator, fire fighter and role expert
• Conducted GRC assessment and proof of concept including SOD review of Roles, Profiles, Authorizations, and T-Codes and identified conflicting Roles, Authorizations, and in-appropriate T-codes which lead to SOD issues.
• Created Firefighter IDs and roles with Virsa VFAT tool
• Validated SOX compliance by using Virsa Compliance Calibrator and Role Expert
• Performed security administration by setting up new user IDs and changing existing user ID security access.
• Maintained and Modified Authorization Object using SU24 to meet the Business requirements
• Building the Roles using the transaction codes and implementing Roles for the client organizational levels creating derived Roles and authorization profiles for the various plants located at different geographical locations in Development system.
• Created and maintained user accounts by configuring Central User Administration (CUA)
• Handled SOD conflicts in Users and worked on Roles for Sarbanes Oxley Compliance
• Troubleshoot the security related problems using SU53, ST01 and SUIM. Used regularly SE16, SE38.
• User Master Maintenance - Creating Users, Locking/Unlocking mass Users, Deleting users, Renaming users as per Audit guidelines
• Interacted with HR Operations Team in creation of Org Structure, Evaluation paths as part of implementing HR Security (PD Authorizations)
• SAP HR Security Re-Design. Complete security process overhaul, implementation of best practices for security provisioning and design of automated programs for the streamlining of security processes.
• Implemented security for HR module at Personnel Area, Info type levels, Employee Group, Employees Sub Group, Personnel Sub Area level.
• Experience in HR Personnel Administration, concepts and technical aspects of Personnel administration integration between PA and OM.
• Used CATT extensively for the Composite Role menu generation and the creation of mass roles at the time of going live
• Provided production support and resolved Security issues.

Confidential, Englewood, Cliffs, NJ Aug'05-Apr'07

SAP Security Consultant

Responsibilities:

• Developed and implemented complete security redesign plan and documented Security procedures, User guidelines.
• Implementing audit control points for end user roles.
• R/3 system security and Authorization concepts knowledge transfer.
• Worked with business process owners and management to get processes for configuration of Virsa.
• Worked on BW Security for creating Roles for power users.
• Created Custom Reporting Authorization Object using transaction RSSM
• Created roles for restricting access to queries, workbooks, info cubes
• Troubleshoot the authorization problem using RSSMTRACE, RSSU53 and also using RSR_TRACE
• Responsible for compiling and developing a Conflict Matrix by module/application to identify SOD conflicting functions.(GRC)
• Involved in installing, configuring, maintaining and utilizing GRC (VIRSA) Suite for compliance and security purposes.
• Responsible for the SAP Security assessment and Sarbanes-Oxley ITGC compliance audits and SAP Security/GRC implementation
• Configured Risk/Mitigation interaction with Compliance Calibrator
• Troubleshooting R/3 security problems by using different scenarios such as system trace, SU53, SU56 in order to find system security problem.
• Used SUIM and security related tables such as AGR_TCODES, AGR_USERS, AGR_1251, AGR_1250, AGR_DEFINE etc to generate Reports
• Implementation and maintenance of Central User Administration (CUA).
• Worked with process experts & head of departments for SOD conflicts and assigned appropriate roles to the users.
• Designed and developed security profiles in PFCG for SD, MM, and FI.
• Generating different reports for the management using t-code SUIM.
• Troubleshooting security issues in different areas like MM, HR, PP, SD, and FI.
• Monitoring system logs, system dumps, system traces.
• Transporting the new roles to different clients and R/3 systems.
• Day to day technical support and resolution of Security issues.
• Designed several utilities to support SAP R/3 security reporting needs. Reports of user usage profiles and authorizations, comparison reports in different R/3 system.
• Troubleshoot security/authorization related problems using SU53, ST01 and SUIM

Confidential, Warren, NJ Mar'04-Jul'05
SAP Security Consultant

Responsibilities:

Designing and creating security strategies and policies for R/3 (4.7)and BW(3.5) systems

• Working with profile generator (PFCG) in creating single roles, composite roles, derived roles and profiles.
• Regularly used SU53 (problem solving), SE16 (Data Browser), SA38 (Execute programs and reports), SUIM (Run the reports), SU01 (Set up users from CUA client), PFCG (Create and Generate roles and profiles), SECR (Audit Information System), ST01 (Trace), SM19 (Security Audit), SM36 (Job schedule), SU24 (Authorization checks), SM31 and SM30 (Table Maintenance).
• Used Authorization list excel sheet to create new roles (Q & Adb)
• Built new roles making sure there were not any SOD conflicts and built and maintained SAP user profiles and roles across SAP landscape and provided authorization consulting support to project and business managers.
• Assisted BW team in Generic data extraction, loads and query execution (RSA1 & RRMX).
• Heavily involved in transporting single, derived and composite roles for R/3 4.7 go live.
• Provided day to day base business support to over 1000 users in different countries.
• Maintained RF and Coordinator tables for 5 plants.
• Worked very closely with auditors and managers for SOX audit, using AIS
• Very closely worked with functional and ABAP team to develop new security strategies.
• Upgrade:
• Upgrade SU24 from SAP R/3 4.6D to ECC 5.0 using SU25 Step 2b
• Upgrade the roles from SAP R/3 4.6D to ECC 5.0 using SU25 Step 2C
• Analyze and prepared reports on Segregation of Duties (SOD) issues.
• Restricted the access to the SAP Audit role as it had access to maintain and modify roles
• Worked on roles assigned to the Batch ID's and restrict their access
• Studied all the roles and grouped them into three different groups as a part of Audit Licensing Issue
• Worked on Audit tool and used SUIM, SU24, USOBT, in figuring out Critical and Conflicting roles
• Worked on Creating Background Jobs using SM36 by creating Variants, and monitoring the Background jobs using SM37

Confidential, Cincinnati, OH Jan'03-Feb'04
R/3 Security Administrator

Responsibilities:

• Worked with functional teams to design and redesign new process and create new end-user single, composite.
• Designed several utilities to support SAP R/3 security reporting needs. Reports of user usage profiles and authorizations, comparison reports in different R/3 system.
• Work with profile generator (PFCG) in creating roles, profiles, composite roles, derived roles, and global roles.
• Worked with process experts & head of departments for SOD conflicts and assigned appropriate roles to the users.
• User Administration for more than 10,000 users.
• Creating new users and maintaining users on day to-day basis (Single roles, Composite roles (jobs) and Derived roles).
• Supported audit team for generating audit reports.
• User Administration, User Authorizations and profiles, Log Monitoring. Setup profile generator (PFCG) to create authorization profiles
• Creating Individual and Complex roles for the user security.
• Worked with the functional teams to facilitate design and creation of roles and profiles under tight deadlines
• Generate security reports for the department managers and to the management for Sarbanes Oxley Audit.
• Generate roles and composite roles in the development system and transported to the quality and production system.
• Trouble shooting system problems by analyzing system log, Update monitoring, Alert monitors, system traces, lock entries, system dumps.

Confidential, NY Jan'02-Nov'02
SAP Security Consultant

Responsibilities:

• Created new roles using Automatic Profile Generator
• Created and modified Single roles, Composite roles and Derived roles
• Worked on Check Mate Tool in processing the SOX request figuring out the root cause
• Handled SOD conflicts for Sarbanes Oxley Compliance
• Roles were evaluated and modified to meet the Sarbanes-Oxley test
• Monitor the system for Audit Compliance
• Transport roles using SE09/SE10
• Troubleshoot the security/ authorization related problems using SU53, ST01 and SUIM
• Created reporting roles secured by Info objects such as Company code, plant etc
• Created Custom Reporting Authorization Object using transaction RSSM
• Created roles for restricting access to queries, workbooks, info cubes etc
• Involved in testing of the roles along with BW team
• Troubleshoot the authorization problem using RSSMTRACE, RSSU53 and also using RSR_TRACE
• Knowledge transfer to customer employees
• Provide assistance with Help Desk problems, particularly problems related to SAP R/3

EDUCATION:

B.S in Computer Engineering

STATUS: US Citizen