PROFESSIONAL SUMMARY

• An experienced SAP Governance Risk & Compliance (GRC) and Security professional.
• Over 7 years of SAP experience including the last 5 years specializing in SAP GRC.
• Worked on multiple SAP GRC (versions 4.0 and 5.x) implementation projects including fresh implementation and remediation of all the technologies/modules (RAR, SPM, CUP and ERM) and upgrades for RAR and SPM.
• Heavily used SAP Business Objects Superuser Privilege Management (Firefighter) 4.0/5.x tool for emergency access and SAP Business Objects Risk Analysis and Remediation (Compliance Calibrator) 4.0/5.x to remove excessive access and SOD issues.
• Highly experienced in designing, configuring, implementing and integrating SAP GRC Access Control products with all major releases of SAP including ECC 5.0/6.0 to meet business compliance (SOX) and audit needs.
• Extensive experience with SAP Business Objects Risk Analysis and Remediation (Compliance calibrator) 4.0/5.x tool to identify, analyze and resolve SOD and audit issues.
• Conducted internal trainings to users, business owners and security teams on SAP GRC/VIRSA products capabilities
• Strong background in design, implementation/configuration and optimization of business process controls in SAP to meet SOX compliance requirements.
• Worked with clients during pre and post implementation of SAP in identifying and designing control points and preparing working documents in readiness for external audit assessments.
• Experienced in SAP R/3 Security Administration and SAP BI security, with in-depth knowledge in designing and implementing SAP security solutions, which includes User and Role maintenance.
• Involved as SAP Subject matter expert on audit engagements to identify and evaluate business and technology risks, internal controls which mitigate risks for internal control improvement.
• Served clients across multiple industries like Healthcare, Energy, Consumer Business, Education, and Manufacturing.
• Familiarity and hands-on experience with SAP GRC 10.0 configuration

EMPLOYER: Confidential
Duration: 01/2009- Present
Role: Senior SAP GRC and Security
Key Responsibilities:

• SAP GRC RAR and SPM implementation.
• Customized and uploaded rule sets as per business requirements
• Utilized SAP GRC RAR in identifying Segregation of duty (SOD) conflicts as defined by the business.
• Worked with the business owners and SAP Security team in creating a remediation plan, involving role redesign and rule set adjustments to meet SOX requirements.
• Recommended and created mitigation controls in SAP GRC RAR 5.3
• Trained the functional teams in performing risk analysis using SAP GRC RAR, remediation and mitigation processes.
• Worked with the SAP Security team and business process owners to identity Fire fighter ID (FFID) controllers, administrators and Owners and mapped these in SAP GRC SPM 5.3

EMPLOYER: Confidential
Duration: 01/2006-12/2008
Role: SAP GRC and Security

Client: Confidential
Key Responsibilities:

• Upgraded Compliance Calibrator from version 4.0 to 5.2 which includes conversion of custom rule set, critical transactions, Synchronization of users, roles and profiles from SAP backend to SAP GRC RAR 5.2.
• Implemented SAP GRC SPM 5.2.
• Developed and implemented process for monitoring the following reports from security and audit perspective: SPM logs; SPM login notification; audit logs and email alert for failed logons.
• Performed SOD analysis on user access using RAR.

Client: Confidential
Key Responsibilities:

• Worked with respective functional heads for SOD & security changes based on SOX violations at T-code level & Object level.
• Identified critical SOD(s) and advised on applicable mitigating control.
• Customized Rule creation in SAP GRC RAR for action and permission level SOD violations in roles for various business processes and functions.
• SAP GRC RAR Rule validation for various business processes including OTC and P2P
• Configured SAP GRC SPM 5.3 to meet the business needs for secured emergency access to SAP.
• Configured SAP GRC SPM to capture logs and trigger alerts.
• Designed and configured/automated User Provisioning process in CUP 5.3

Client: Confidential
Key Responsibilities:

• Implemented SAP GRC CUP 5.3 for user provisioning.
• Configured basic, detour and parallel workflows.
• Defined request configurations and approvers.
• Set up risk analysis and mitigation and email reminders.
• Defined system connectors.
• Imported roles from backend systems and defined role configuration.

Key Responsibilities:

• Created new Roles using PFCG: single, composite and derived as required by the business.
• Reviewed critical and sensitive authorizations, implementing improvements to meet audit requirements
• Designed and performed unit testing of roles and resolved issues arising from testing using system traces and SU53 dumps.
• Secured Tables and ABAP/4 programs and custom table with Authorization groups, transactions and authority check statements.
• Worked with client for their different projects like role SOX clean up and Role clean up.

Key Responsibilities:

• Performed user administration (creating, locking, unlocking, changing, and, deleting user accounts) using SU01, SU10, SU3.
• Comprehensive use of Profile Generator to generate roles and assign roles to end users for different modules.
• Trouble shooting of authorization using transactions SU53 and trace tool ST01.

CERTIFICATION: CISA, CRISC, ISACA

EDUCATION: M.S. in Chemistry
B.Sc. (Hons) in Chemistry

TECHNICAL SKILLS:
Applications: SAP ECC 4.7/5.0/6.0, BI7.0, SAP GRC (RAR, SPM, ERM, CUP) 4.0/5.X/10.0, Approva Bizright
Relational Database: MS SQL Server (Enterprise Edition), MS Access and Oracle
Operating Systems: UNIX, Windows NT