SUMMARY

• Certified SAP Governance, Risk and Compliance (GRC) professional with over with 12 years of consulting experience includes engagements around Assessment, Roadmap, Strategy, Design, Implementation, Upgrade and Support of SAP Security & Authorization, SAP GRC Access Control, SAP GRC Process Control, SAP Risk Management, Business process controls, General computing controls, Segregation of Duties Analysis, Risk Mitigation, Risk Remediation, SAP Post & Pre implementation reviews, GDPR compliance framework and ITGC audits.
• Define and implement SAP GRC Process Control implementation that includes planning, requirements activities, master data gathering, SPRO configuration, defining testing strategies and establishing cutover and go - live activities.
• Configuration of Access Risk Analysis (ARA), Access Request Management (ARQ), Business Role Management (BRM), Emergency Access Management (EAM), Business Rule Framework (BRF+), Multi Stage Multi Path (MSMP) workflow, SoD rule-set customization, Risk remediation, Risk mitigation, Automated Controls, Semi Automated Controls, Manual Controls and ITGC control.
• Design, Build and Implement security roles to help address the client access requirements including segregation of duty (SoD) controls.
• Experienced Planning the ITGC Audits, performing walkthroughs, assessing the internal control environment, testing of controls, remediation activities and reporting to management.
• Identify Segregation of Duties (SoD) issues within the security design and worked with the business to formulate viable remediation solutions.
• Coordinate with Compliance and Internal Audit team to ensure that compliance requirements pertaining to various SAP processes were addressed in the SAP Security, Application Control, ITGC Control, and GRC implementation.
• End to End implementation of SAP GRC Risk management 10.0 which includes complete automation of Risk Identification, Analysis, Reporting, established KRI Automation and Integration with Legacy Risk tools for exposure calculation.
• Define strategy and roadmap for SAP S4 HANA impact on security and GRC ruleset.
• Defining automated controls for ITCC through RPA- Define bouts and requirements.
• Prepared check list, surveys for GDPR.
• Define strategy for achieve GDPR through SAP GRC Process Control
• Experienced in lead planning, strategy, proposal process, and bid preparation. Manage relationships with various businesses to reach base business sales growth goals
• Implementing Security in ECC, BW, S4 HANA, Fiori, HANA, and HR.
• Review controls in the current and ‘to-be’ business processes and help identify gaps and potential risks associated with the revised processes.
• Defining custom ruleset for SAP IS Utility.
• Define critical transaction access and defined and created custom SOX relevant SOD ruleset in SAP GRC and SOX analysis for new and existing users using GRC tools.
• Leading and providing technical direction to teams on SAP Licenses
• PMO responsibilities included interaction with key stake holders including implementation partners, reporting to client leadership, providing strategic direction to project team, program management, status reporting, resource management, performance management, risk and issue management, time & budget management.
• Proven abilities in managing large accounts and nurture relationship with client’s key stakeholders and implementation partners spread across various industries including Utility, Oil & Gas, Consumer and Industrial Products, Energy & Resources, County Council, Pharmaceuticals, Life Sciences & Health Care, Financial Services and Insurance

TECHNICAL SKILLS

ERP: SAP ECC 6.0/5.0, SAP R3 4.7/4.6C/4.6B/4.0B, SAP HANA

Portal: SAP Enterprise portal 5.0/6.0

SoD Tools: SAP GRC Access Control suite 5.X/10.X, SAP GRC Process Control suite 3.X/10.X, SAP GRC Access Control suite 5.X/10.X,APPROVA BizRights Authorization Insight

Business Process Controls: SAP GRC Process Control 3.0 APPROVA BizRights, APPROVA BizRights Process Insight

Other Products: SAP BW 3.x, SAP SRM, SAP BI/SEM 7.0, SAP CRM

PROFESSIONAL EXPERIENCE

Confidential

Responsibilities:

• Planning the ITGC Audits, performing walkthroughs, assessing the internal control environment, testing of controls, remediation activities and reporting to management.
• Understanding, analysing, and testing the IT general controls (ITGC) in areas including operations, change management and logical security across ERP (SAP) and Non-ERP applications.
• Collaborating with internal and external audit teams along with stakeholders from management to ensure deliverables and timelines of the SOX program are met.
• Managing frequent, ad hoc requests from the business for advice/assistance regarding controls and compliance
• Design, Implement and supervise the monitoring processes for sensitive access and key controls to ensure gaps are addressed timely.
• Assessing potential findings, providing recommendations and drafting remediation plans to manage IT risk and improve IT operations and internal controls
• Supervising and mentoring team of 10 individuals, and reviewing work papers to ensure they meet internal standards
• Designed Security for SAP S/4HANA (RTR, PTP), Fiori, GRC 12.0, BPC.
• Manage engagement teams and provide technical leadership in the strategy, design, and implementation of application security for SAP S/4 HANA.
• Worked with business and technology leads to develop SOD rules for different business areas.
• Advise on requirement gathering session with business and guide to establish S/4 Hana and Fiori security
• Define role strategy for S/4 HANA and Fiori
• Identify process, sub process, task and business role
• Define the mapping of catalog and group with apps
• Responsible for account development, cold calling, assessing client needs, and identifying solutions
• Manage account relationships, contract negations, sales, pricing, billing, and logistics
• Perform market research on competitive landscape and industry trends

Confidential, Wilmington, DE

SAP GRC Principal Consultant

Responsibilities:

• Manage engagement teams and provide technical leadership in the assessment, design, and implementation of application security and risk solutions. Advise on creating new org, control, Process, sub process, CCM, Risk management, Segregation of duties and Sensitive Access ruleset build for Segregation of Duties (SOD) and Sensitive Access (SA) for Enterprise Resource Planning (ERP). Collaborate with the engagement team to plan the engagement and develop project plans and work programs, timelines, risk assessments, and other documents.
• Conduct design and requirement gathering workshops with GRC stakeholders to identify business requirements and ensure that identified requirements are addressed in proposed GRC solution.
• Facilitate discussions around 'to-be' GRC processes and documented how these processes should be governed going forward.
• Develop the strategy for SAP GRC PC and on-board the different business unit.
• Designed and developed automated and manual controls.
• Design & build new rules and customize SAP delivered standard rule set.
• Identify and configure SOD risks in custom developed transactions based on the input received from client’s compliance and functional team.
• Perform Role and User analysis to assess remediation effort and prepare remediation approach and action plan.
• Define and develop new roles for BW/HANA/ECC/SRM.
• Provided impact analysis and solutions for projects related to SAP HANA and User Access Management
• Worked with database administrator, business, modeling and security teams, and provided expertise on HANA Studio, BW on HANA and BOBJ (Business Objects reporting) Security/views configuration and maintenance of User Administration in HANA DB.
• Document Segregation of Duties (SoD) program (review SoD management/ownership, gather customization requirements, frequency and usage of reports).
• Tested SAP IT General Controls (ITGC) for design and effectiveness.
• Defining and assigning Role Approvers, Monitors, Risk ID owners, and Business Units.

Confidential, Franklin Lake, NJ

SAP GRC SME

Responsibilities:

• Managed and lead the implementation of SAP GRC 10.0 Access Control globally. Advise on Segregation of duties and Sensitive Access ruleset build for Segregation of Duties (SOD) and Sensitive Access (SA) for Enterprise Resource Planning (ERP), Review and provide recommendation on design, configuration and to-be process for User Provisioning, Role Management and Emergency Access Management.
• SAP Security lead, overseeing the development of new roles for the implementation. Analyzing and providing recommendations on how to secure consolidated cost in client’s SAP ECC environment. Responsible for implementation of the controls around consolidated cost, addressing security for both standard and custom programs, queries and direct table access. Worked directly with SAP to get OSS notes implemented.
• Responsible for making sure that all SOX audits were completed and submitted on time each quarter
• Documenting and evaluating entity, ITGC and application controls
• Performing walkthroughs to test control design/operating effectiveness
• Developed project and resource plan for the consolidated product cost security in SAP.
• Develop client proposals and present at stakeholder meetings.
• Forecast future trends and orient strategies to capture maximum benefits.
• Coordinate with sales executives to better align company goals and tactics.
• Improve the bottom line by ensuring opportunities are addressed and deals are closed.
• Established and expand SAP GRC service practice

Confidential

SAP GRC Process Control Lead

Responsibilities:

• Performed various task under FAS Finance team in the areas of Process Control.
• Performed Entire IMG SPRO configuration and Customized Business Events and workflows.
• Performed Continuous Control Monitor rule building utilising BRF also Created CCM business rules to integrate AC and PC 10.0 with automated risk analysis.
• Managed the entire Master Data (Organization hierarchy, Process, Sub process, Control) load using MDUG (Master Data Upload Generator).
• Automated Business rules development.
• Data source build up through BW query- ECC tables.
• New Report development and Reporting Settings.
• Define customized SAP launch pad and customized report as per the business requirement.
• Designed and implemented the security model for GRC suite of products specifically the Entity level Authorization (ELA), including the creation of the necessary custom PFCG roles.
• Successful completion of cutover activities of the product including knowledge transfer to the Application maintenance team and involved in user training and troubleshooting multiple problems.

Confidential

SAP GRC Risk Control Lead

Responsibilities:

• KRI Automation and Integration with Legacy Risk tools for exposure calculation.
• Setting up Policy Management and Incident Management.
• Complete automation of risk identification, analysis and reporting.
• Setting up BW linkages for enhanced reporting requirements.
• Workshops with business for end to end solution walk-through and scoping definition.
• Establishing rules for risk generation based on data generated by multiple exposure monitoring systemsPerformed the entire IMG configuration relevant to Risk Management.
• Handled the Master Data for RM including Organization, Risks, Control and Manual Test Plan.
• Design security for Risk Management PFCG authorizations and Entity Level Authorization.
• Integration between RM and PC in terms of shared Organization and Controls. Since Process Control has already been deployed as a part of earlier release, integration between RM and PC has been a critical issue to avoid any loss of transactional data.
• Involved in describing test requirements to perform Unit Test, Integration and User Acceptance Test of Risk Management build.
• Customization of complete BCM Cycle in GRC.

Confidential

SAP GRC Lead

Responsibilities:

• Reporting directly to the Vice President-IT & Operations; accountable for System Admiration, Risk, Audit & Compliance operations. Responsible for I.T system analysis and development through improving it service delivery model & internal control mechanism. Conducting local level compliance check, investigation of financial reports of clients & analyzing of supplier transactions. Analyzing existing processes, providing recommendations to higher management in respect of implementing workflow mechanism, assistance to I.T for implementing new application by providing key inputs/ feedback to I.T during system transition and suggesting improvements for efficient transition to new platform.
• Planning, conducting, and coordinating financial and internal controls audits.
• Examining and modifying accounting and internal controls systems.
• Planning and meeting management of public companies and working on the audit goals.
• Developing and implementing strategies for streamlining financial and operational activities.
• Drafting and presenting financial statement to stakeholders and investors.
• Providing effective and sure-shot recommendation of the management on improving accounting and financial systems.

Confidential

SAP Security and GRC

Responsibilities:

• Creation of Composite and Single roles judging the Functional and Organization Level requirements and also based on the restrictions on different modules of SAP.
• Modification of Authorization Objects, Fields and Values (functional changes) and also Organization Level modification.
• Mass Generation and Transport of roles across landscape.
• Detection of authorization issues in functional modules like MM, SD, FI (AP,AR,GL and FA), PS, CATS etc.
• Modification of SU24 (Auth. Obj. Check Under Transactions) values depending on requirement.
• Upgrades using SU25.
• Custom development - As B&Q has directly added tcode manually, so whenever user tries to modify role using expert mode, roles get corrupted so to prevent that custom program developed.
• All Authorization changes like addition, deletion are carefully implemented with extensive analysis and make sure there is no SOX violation.
• Skilled in using various security related report tables via SE16 for various reports and analysis purposes and Knowledge on building SAP query for report needs which are not achievable through SUIM.
• Conducted POC for GRC AC suit for participants from IT, business, and audit and compliance team including training for the core team.
• Conducted POC for Remediation view in ARA and Simplified Access Request in ARM.
• Responsible for managing ITGC and application controls