SUMMARY 
Building on a strong background of over thirty-one years of systems and software experience, I have been responsible for the design, development and implementation of a wide variety of software related projects. For the past 16 years, I have concentrated this experience in providing high quality SAP Security, Sarbanes-Oxley and GRC for several fortune 500 companies as an independent computer consultant. I have been involved with 7 successful implementations of SAP Security.

EDUCATION 
B.S. Electrical Engineering Technology
A.S. Pre-Engineering

SPECIAL TRAINING CLASSES COMPLETED 
Introduction to ABAP/4 (BC170) 
System Administration I (JSB10)
System Administration II (JSB30) 
System Administration III (JSB40)
SAP Data Dictionary (BC030) 
Dialog-Oriented Report Programming (BC190)
D346BC Basis 3.X to 4.6 Delta 
4.6 Security Concepts (CA940)
SAP APO Overview (AP010) 
BW Overview (BW200)
BW Authorization Concepts (BWNA40)

Confidential, Nov. 2009 to April 2010 SAP Security Consultant

• Provided SAP Security support to an end-user community of around 7000 users on 4.6C landscape.
• Worked to resolve SAP Security related tickets entered in Remedy Help Desk System.
• Followed a very strict Department of Defense user provisioning protocol.
• Used Virsa Compliance Calibrator to make sure that all new users were SOD/GRC compliant.
• Setup new Firefighter accounts and made changes to existing ones.
• Made role changes following a very strict D.O.D. Change Request protocol.
• Used HP Quality Center to setup testing for any role changes made.
• Managed Department change reports and Inactivity Reports.
• Worked with MM, PP, PM, PS, QA, FI, CO modules.

Confidential, June 2009 to Oct. 2009 SAP Security Architect

• Supported the testing phase and Go-Live of a new implementation of Vistex.
• Designed and created new roles and made changes to existing roles identified by testing.
• Created new User ID’s and test ID’s via CUA .
• Taught two of their employee’s security concepts, so they could better identify what is needed in their roles.
• Used Solution Manager for documentation, Status reports, creating and handling of issues and for doing Transports. CUA is running in Solution Manager.
• The client is running ECC 6.0.
• Identified possible SOD problems with some of their roles. They have no SOD tool.
• Completed another successful Go-Live.

Confidential, October 2007 to August 2008 SAP Security Architect

• Worked with the Functional Team to design and build new roles for the new plants that were going live. This included single, derived and composite roles.
• Used CATT scripts to create all the new users for the plant go-lives and to assign their roles.
• Took over their everyday user maintenance and role maintenance as they did not have a full time SAP Security employee.
• Client uses the Remedy Help Desk Software package.
• Got rid of old roles that had been created not using standard naming convention. This required building new master and derived roles and moving the users to the new roles.
• Researched GRC tools and helped with presentation.
• Took Auditors Security report and removed many SOD violations that the customer currently had in Production.
• Trained Basis Team members about GRC, being a private company they were currently not required to follow these procedures.
• Trained a new fulltime SAP Security person to take over the everyday security needs for the customer.
• The customer is currently on Version 4.7 Enterprise.
• Created and maintained roles in the following areas SD, FI/CO, WM, AM, SCM, MM, PM, PLM, PP, PS, QM, SCM, HCM.
• Made SU24 changes to promote better security practices.

Confidential, August 2007 to October 2007
SAP Security Architect

• Built over 100 new and derived roles for new implementation of ECC 6.0.
• Worked in modules FI/CO, AP, AR, GL, PP, PM, PS, HR, AM, myAgri.
• Supported the IT team in Sandbox, Development, QA and Training.
• The customer has the myAgri Add-on installed.

Confidential, March 2007 to August 2007
SAP Security Architect

• Re-designed all their IT and Production Support roles and made them GRC compliant.
• Supported the re-design and testing of all their functional roles.
• Supported the upgrade to ECC 6.0 through Sandbox, Development, QA and Production upgrades.
• Worked with FI/CO, AP, AR, BW, CRM, GL, MM, SCM , HCM, WM, Solution Manager.
• The customer has the Retail Add-on installed.
• Worked on Production Support for ECC 6.0, BI 7.0 using Analysis.
• Worked with Structural Authorizations within HCM and BI.
• Authorizations/RSECADMIN tracing, Portals/Netweaver, CRM, APO.
• Eliminated SOD conflicts using SAP’s GRC Tool Virsa.
• Used eCATT scripts to make mass changes to users.

Confidential, November 2004 to December 2006 SAP Security Compliance and GRC Consultant

• Worked on the IRM Security Compliance Team (GRC). The team was responsible for identifying SOD violations, both intra-role and role-to-role. Utilized Price Waterhouse’s GRC tool SAFE. SAFE was purchased by Virsa and then by SAP and it is now called GRC. It is similar to Compliance Calibrator.
• Performed remediation for two years working with the role owners in removing transactions and table access from many roles, as well as, removing thousands of roles from individual users to put them into compliance. If violations still existed, mitigating controls were put into place by the user’s controller to justify the violations.
• Ran numerous reports and created many spreadsheets using the SAFE tool. All the major functional areas were covered in this process SD, FI/CO, GL, MM, AM, PP, PS, SEM. Because of my work with the first remediation, was chosen to also perform the remediation and SOX compliance for the HR system.
• While not working on GRC, I worked with the SAP Security Team. Made changes to roles and to user’s access based on USD tickets that came into their queue. Was selected to make changes to their X-roles which are utilized in all their systems like BW, APO, CRM, SCEM and HCM. These roles had to be kept in sync on over 100 different clients. International Paper has a huge SAP landscape consisting of over 100 different SAP systems and close to 100000 users. The client is running versions 4.7 and some 4.6 systems and one of their systems, SCEM, is on 5.0. They are also the largest user of CUA.
• Maintained the HR Security Inbox which consisted of assigning the roles and org units specified in the tickets. Created new org units and assigned different portal roles as needed. Structural Authorizations were being utilized in HCM and BI Worked on My-IP tickets which dealt with Employee and Manager Self Service.

Confidential, May 2004 to July 2004 SAP Security/GRC Consultant

• Worked for a major Food Industry company in Thomasville, GA. Documented their existing profiles and created a spreadsheet where each profiles transactional capability could be looked up. Built another spreadsheet that contained all the Segregation of Duty transactions contained within each user’s profiles. Added another column to the spreadsheet that showed all the possible Segregation of Duty violations that were contained in each user’s profiles.
• Reviewed Price Waterhouse/Coopers (PWC) audit results. Determined from previous work, and from PWC’s audit, that one profile was causing a large number of the violations. It contained all functional area access. Created and tested a display only profile that was given to many of these users. Gathered from these users the requirements needed to either build new profiles or added new transactions to their existing access to take care of their none display needs in production. This helped to get Flowers Foods closer to achieving Sarbanes-Oxley compliance (GRC). Used the results from PWC’s ACE Tool to actually create a spreadsheet of the Segregation of Duties transactions that a user had actualy performed in the last six months.
• Reviewed several GRC tools that would help them go to a role based environment when they upgraded to 4.7 next year. Created a spreadsheet that contained the software packages capabilities along with Pros and Cons for each software package reviewed. Was able to get into a 4.7 Enterprise test system and see how their current profiles and activity groups looked as well as review the standard set of roles supplied in 4.7. Presented them with three different plans to move to a role based environment by their 4.7 upgrade, one manual and two using a different software package.

• Worked for a major Food Industry company in Buffalo, NY.
• Built new activity groups using derived profiles and made the necessary organizational level and authorization adjustments. The activity groups were created for a new Procurement roll-out on a SAP 4.5B system.
• Created lots of user ID’s in QA and Production systems.
• Added new activity groups to users already in production.
• Researched OSS notes for security problems they were having.
• Transported newly created and modified profiles into production.
• Worked with the testers in QA to take care of any problems that arose from the new profiles.

• Worked for a major Department of Defense company that was upgrading from 3.1H to SAP Version 4.6C with IS-AD Industry Solution. The client was also experiencing very poor performance. Assisted in the upgrading of both Oracle and SAP on a test system that was successfully upgraded.
• Utilized the profile generator to modify the existing role based profiles to work with the new release after the upgrade.
• Fixed their performance problems that were database related.
• Performed the everyday duties such as security, transports, researched and applied OSS notes, applied LCP’s, performance monitoring and tuning.
• Trained their new employees on the duties they were expected to be able to perform.

• Worked on a project that was being outsourced to another consulting firm.
• Wrote over thirty documents describing the various responsibilities of the outsourcing firm including in-depth documents concerning security administration. The client was using security templates that had to be explained thoroughly so that the outsourcing security consultants could administer it properly.
• Performed the duties that were expected of the new outsourcing company. These duties included security, transports, performance monitoring, archiving, handling system problems and issues, training new employees of the outsourcing firm. The platform was 3.1H running Informix on Sun equipment.
• Worked remotely for seven months performing archiving during the nights and on weekends.

• Involved in the deployment of three implementations of SAP for a major Department of Defense company. One implementation was with SAP version 3.1I. The last two implementations utilized SAP version 3.1H with the IS-AD Solution. The system platform utilized was IBM RISC 6000 AIX machines running the Oracle database.
• Major focus was delivering the security requirements for the roles and responsibilities provided by the functional teams. Utilized the Profile Generator to create over 200 activity groups.
• Set up over 1000 users with the proper activity groups. Set up the profiles for the configuration and development teams. Wrote the security strategy documents and procedures manuals. SAP modules included HR, SD, FI/CO, MM, PM, PS, QA, WM. Assisted company auditors in developing audit procedures for SAP for enterprise rollout. Trained their employees how to use Profile Generator.
• Handled day-to-day security problems and modifications.
• Assisted in several installs of SAP 3.1H and 3.1I, upgraded 3.1H to the IS-AD solution. Performed CTS, client copies, system copies, applied LCP’s, backups, researched notes on OSS, applied numerous OSS repairs, added printers to SAP and the print queues needed in AIX, performed Oracle DBA duties using SAPDBA. Provided off-hour support until the clients SAP team was able to handle 24/7 coverage.
• Performed a complete implementation of HR security.
• Was utilized as the SAP Basic Team Lead. Worked together with clients team lead in applying LCP’s, OSS notes, installing new SAP kernels and making sure that SAP was Y2K compliant.
• Because of the small Basis team, was utilized in all areas of SAP Basis at one time or another.

• Main responsibility was SAP security, this included adding new user accounts and setting up SAP role based Security profiles for production rollout and maintaining profiles and authorizations. Involved in the security strategy and documentation of the enterprise wide SAP implementation. Created role based security profiles for the SD, FI/CO, MM, PM and HR modules. Trained three full time employees in SAP security. Created new profiles for two different implementations.
• Performed a complete implementation of HR security.
• First member of the consulting team. Had to wear many hats and come up to speed very quickly. Performed System Administration for a HP-9000 I70 and a HP-9000 T500. The team was also responsible for the deployment of TCP/IP and the SAPGUI interface on Windows 3.1, WFW and Windows NT workstations. Involved in the Proof of Concept testing and evaluation of all the software packages needed for the system wide connectivity and rollout of SAP. Supported over twenty different instances of SAP version 3.0F.
• Performed Correction and Transport (CTS), repairs to SAP code, performance monitoring, Oracle upgrades, backup/recovery, added network printers, some ABAP/4 programming, installed Hot packages and researched SAP problems in OSS.
• Duty Manager for one week every month. During this time, was responsible for handling or directing the resolution of SAP system problems on all systems, including two production systems, and was on call, 24/7, during this time.
• On the initial Steering Committee on SAP until it went enterprise wide. Received an award recognizing accomplishments as the best customer support person in all the Utility Group.