SUMMARY

• SAP Security and GRC Consultant with 9 years of experience in Design, Implementation, upgrade and Support of various SAP Projects.
• Have completed multiple security deployments and SOX 404 audit compliance on SAP ECC: databases - SQL and Oracle for the following functional areas and modules in SAP namely SD, MM, PP, FI/CO, HR, BI, SRM, SCM, PI, CRM, SRM, S4 HANA with Fiori, HANA, Solution Manager, Enterprise Portal, GRC 5.2, 5.3, 10.0 and 10.1 Access Control along with all new dimensional products offered by SAP. Worked on SOX Audit Preparation on SAP systems and provided consultation and remediation on SOX 404 compliance findings.
• Performed SAP Security related task such as Role development using Profile Generator, activating/setting up Profile generator and upgrading, Corrections and transports.
• SAP User Administration: Maintain User accounts and ensure all security access is assigned without SOD conflicts.
• Experienced and strong with Security Audits, SOX Section 404 compliance and Audit Information System. Used SAP audit transactions and configured audit and reporting through SM18, SM19 & SM20.
• Hands-on strong experience with working on profiles, authorizations and objects for access management and authorization control.
• Implemented many projects and involved in Project Planning, providing a sustainable Technical Architecture to support Functional Requirements and driving it successfully through Realization and Post-Implementation Support.
• Worked closely with End Users, Role Owners and Functional Analysts to analyze and determine the most appropriate and efficient way to deliver authorizations to end users.

PROFESSIONAL EXPERIENCE

SAP GRC Access Control Analyst

Confidential

Responsibilities:

• Implemented GRC AC10.1, Configured GRC AC Access Risk Analysis (ARA) and Emergency Access Management (EAM) and Access Request Management (ARM) components.
• Configured MSMP workflows for addressing various user request types in Access Request Management.
• Configured the MSMP Firefighter log report workflow for getting the logs to firefighter controllers.
• Successfully implemented various MSMP Mitigation control workflows like mitigation control setup and assignment.
• Configured various BRF+ rule kinds like Initiator rule, Agent rule, Routing rule and Notification and variable rule.
• Successfully configured User Access Reviews (UAR) for assessing the user’s access in all production environments.
• Lead the Role Redesign project on ECC to address large number of SoDs within SAP security roles, as identified due to the GRC 10.1 implementation.
• Determine cause and find solution to a variety of GRC issues in Access request management and Risk Analysis.
• Develop SoD rules based on audit findings and recommend best practices to client.
• Manage Firefighter usage and log management.
• Implemented role changes based on SoD findings according to SOX.
• Utilizing SAP Service Marketplace (developer keys, search SAP notes, user id creation, and user access within the marketplace).

Environment: s: SAP ECC 6.0, BI 7.0, SAP GRC AC 10.1, NetWeaver 7.4, SAP HANA 2.0, ServiceNow

SAP Security and GRC Consultant

Confidential, Phoenix, AZ

Responsibilities:

• Perform day to day Security Support activities on ECC (FI/CO, SD, MM, PP etc.), BI/BW, HR, EP (JAVA Security), HANA, S4 Hana with Fiori and Solution Manager (SOLMAN).
• Created new ECC Derived roles based upon the company codes.
• Performed user administration, role administration, security reports and analysis.
• Troubleshooting day to day end user authorization issues.
• Worked closely with End Users, Role Owners and Functional Analysts to analyze and determine the most appropriate and efficient way to deliver authorizations to end users.
• Utilizing SAP Service Marketplace (developer keys, search SAP notes, user id creation, and user access within the marketplace).
• Implemented the strategy of creating /updating the existing business roles to new roles to transaction matrix which involved detail analysis of updating the SU24, SE93, PFCG and Security tables.
• Provided security expertise in resolving complex authorization issues using ST01, SU53, STAUTHTRACE and SUIM.
• Created and maintained BI Reporting roles and Analysis authorization roles.
• Built and troubleshooting the Analysis Authorizations using the transaction RSECADMIN.
• Assigned the BI Analysis Authorizations to the role using the object S RS AUTH.
• Set up authorization / security at info cube / info objects and creating new analysis authorizations
• Worked with portal user / role administration.
• Design and build plan for unit testing of SAP standard and custom transaction codes.
• Updated all the documentation related to SAP security.
• Worked and developed roles for various modules such as HR, MM, FI/CO etc.
• Hands on experience with testing the roles and the workflows.
• Involved in regular support activities along with the support team.
• Implemented GRC AC10.1, Configured GRC AC Access Risk Analysis (ARA) and Emergency Access Management (EAM) and Access Request Management (ARM) and Business Role Management(BRM) components.
• Configured MSMP workflows for addressing various user request types in Access Request Management.
• Configured the MSMP Firefighter log report workflow for getting the logs to firefighter controllers.
• Successfully implemented various MSMP Mitigation control workflows like mitigation control setup and assignment.
• Configured various BRF+ rule kinds like Initiator rule, Agent rule, Routing rule and Notification and variable rule.
• Determine cause and find solution to a variety of GRC issues in Access request management and Risk Analysis.
• Develop SoD rules based on audit findings and recommend best practices to client.
• Manage Firefighter usage and log management.
• Implemented role changes based on SoD findings according to SOX.

Environment: s: SAP ECC 6.0, BI 7.0, SolMan 7.0, SAP GRC AC 10.1, NetWeaver 7.4, SAP HANA 2.0, S4Hana 1809, ServiceNow

SAP Security and GRC Consultant

Confidential

Responsibilities:

• Migrated SAP GRC AC 5.3 to 10.0 including Access Request Management (ARM) tool, Access Risk Analysis (ARA) tool and Emergency Access Management (EAM) tool.
• Enabled Business Configuration (BC) sets relevant to different GRC AC 10.0 components.
• Maintained & validated Connectors, Connector Groups definitions in GRC AC 10.0
• Configured integration scenarios PROV, SUPMG, AUTH and ROLMG to all target plug-in connectors.
• Configured Access Control Owners including Role owners, Risk Owners, Mitigation Control Owners and Monitors etc. using NWBC (NetWeaver Business Client) client
• Configured all post-installation technical settings for ARA, ARM and EAM tools.
• Access Request Management (ARM): Leveraged MSMP (Multistage Multi Path) workflow functionality & BRF+ rules framework integration to create workflows for automating user provisioning & Role/Risk/Function/Mitigations approval process to all SAP systems in the landscape.
• Access Risk Analysis (ARA): Leveraged standard & built custom rulesets for assessments of risks across the entire IT landscape and scheduled batch risk analysis to perform risk analysis across the system for users & roles.
• Maintained risk definitions, functions and defined risk owners and Approvers.
• Emergency Access Management (EAM): Configured Firefighting feature and maintained Firefighter IDs, firefighter owners and controllers.
• Configured Firefighter logs & email notifications to owners & controllers.
• SAP Role administration and enhancement of single, master/derived, composite roles via PFCG transaction.
• Secured critical tables and programs by implementing security for critical authorization objects.
• Worked closely with SAP functional and technical teams to understand business security requirements for designing/enhancing security roles that aligns with established processes & procedures
• Managed & lead multiple internal projects including inactive user cleanup, generic ID cleanup, and User License type classification, decommissioning obsolete roles and redesigning existing roles SOD free to maintain systems SOX compliant.
• SAP License Management: User License type classification in all the production and non-production using transactions USMM, SLAW, SU10 and SU01.
• Provided security expertise in resolving complex authorization issues using ST01, SU53, and SUIM.
• Maintained Analysis Authorizations and restricted Infocubes and Queries through S RS COMP and S RS COMP1. InfoObject level restriction implemented through RSECADMIN.
• Assign role to position with transaction PO13, Run RHPROFL0 and created Info type using PA30, when required
• Provided Security support for different environments like ECC 6.0, HR, BI, PI, SCM, SRM, Solution Manager (SOLMAN) and CRM.
• Handling all security issues and providing security support on timely manner along with attending regular security team calls.
• Support Basis team during the upgrades/Maintenance with user master export, import and lock/unlock mass user.
• Worked in Portal environment like creating, changing, deleting, locking/unlocking, password resets and assigning roles to users.

Environment: s: SAP ECC 6.0, PI/XI, GTS, BI 7.0, SolMan 7.0, SAP GRC AC 10.0, JIRA