• I am an information technology professional with over 25 years' experience including 15 years consulting Company facing and 12 years SAP Security proficiency in both transactions PFCG and SU24. SAP environments are ABAP, Portal and Java ECC modules FI, CO, IDM, HR, SD, MM, PP, PM, QM, WM etc . Business Suites experience is CRM, SRM, SEM, SCM, APO, BW/BI, and GRC understanding internal controls and Segregation of Duties framework . SAP techno experience includes infrastructure, solution architecture and interfaces, plug-ins/add-ons.
• Broad experience in various industries is Aerospace, Utility, Retail, Manufacturing, Logistics, Department of Defense, Insurance, Software Vendor, Financial, Consulting, Electronics Entertainment, etc.
• Skills project management, solution architect, development, implementation upgrade, support, and customizing. Proven ability to grasp system needs, evaluate priorities and apply technologies to deliver integrated solutions and in interfacing with diverse users on all levels, across functional lines. Background includes leadership, interpersonal, strategic and analytical skills. I am very creative with the ability for problem solving and satisfying client needs.

Technical Experience

• Worked closely with the Business Analysts to design and maintain security roles to ensure that systems across the entire landscape are SOX compliant and designed solutions for SAP ECC, HCM, Portal, BI, SRM, SCM, BW/BI systems. Duties included design, administration and maintenance of GRC Tools including Risk Analysis and Emergence Access.
• Led team member for the architecture of SAP security for multiple Integration projects, Rollouts, Role Redesign and Upgrade projects protecting sensitive business information by securing custom programs, tables and ensuring that security roles are designed, developed and transported in accordance with the company regulations and processes.
• Conducted periodic security reviews of the SAP systems, ensure application of relevant security access participating in audit and compliance activities working within project plans while fostering relationships with other cross-functional teams within the organization.

• Review post SAP Security implementation, roles, profiles and auth objects.
• Review and evaluate client's SAP 5.3 installation and recommend how to improve the process and configuration.

• Manage completion of role design and development deliverables, including consultation with functional and business partners
• Establish and maintain repeatable standards for Access Controls within SAP landscapes and integration with NW IDM.
• Understand, communicate and translate authorization concepts to business process owners Conduct risk assessment for new project implementations
• Collect customer security requirements for managing and controlling authorizations to data and ensuring that security work is consistent with other systems strategies
• Work with functional role owners in determining segregation of duty violations
• Mentor and coach SAP role build/support team

• Collaborated with consultants, Unix engineering and project management other colleagues, in order to successfully to build GRC10 infrastructure and architect and deliver large GRC10 and NW IDM application implementations.
• Managed and participated in Company statement of work SOW initiatives, which required the involvement of the appropriate, plan and schedule, resources, and delivery of the SOW.
• Provided required Company solution and liaison between the Company, partners, delivery resources and project management. Have strong Company engagement experience, which requires the ability to partake in scope of work determination, product pricing and RFP/RFI responses.
• Worked closely with system integrator partners to leverage available infrastructure and assisted with creation and delivery of joint products and services.
• Provided technical support and expertise in analyzing Company requirements, in conjunction with the Company's current network, applications and capabilities, ensuring the solutions will accomplish the Company's objectives.
• Customized SRM roles to automate, simplify, and accelerate procure-to-pay processes for goods and services with supplier relationship management.

• Led the security team defined the project objectives ensuring that project engagement deliverables meet contract and work plan.
• Redesigned technical security infrastructure and redefined specifications as per business requirements.
• Planned and executed the upgrade project then gathered and defines business requirements, design, and configured security of SAP upgrade lifecycle.
• Redesigned security infrastructure for various modules: BW/BI, FI, CO, HCM, SD, MM, XI/PI, Java, NW IDM, UME and Bolt-on applications.
• Developed and configured GRC Access Control Tool to avoid SOD Conflicts to comply with Sarbanes-Oxley SOX regulation.
• Realigned GRC Access Control and application security in order to have the most impact on critical business activities.

• Configured Governance, Risk, and Compliance GRC Risk Analysis and Remediation RAR - Integrated the GRC solution in NetWeaver JAVA/ABAP landscapes working with VIRSA Compliance tools.
• Defined custom rules to fit company requirements and solutions. Reviewed segregation of duties SoD and user access to sensitive data.

• Responsible for implementing, monitoring, and enforcing all security policies, standards, and procedures necessary to ensure the confidentiality, integrity, and availability of information maintained on one or more computer/network/applications platforms and to protect that information from intentional or inadvertent access or destruction.
• User provisioning experience, including LDAP, UME, and ABAP back-end integrated solutions including Tivoli products and NW IdM .
• Maintained assignments of authorization objects with security roles, profiles and objects including ABAP, portal and java.
• Provided support for internal audits SAP information table data etc.
• Integrated 3rd party bolt-on products Cognos, Sabrix, IBM WebSphere, etc. within the security solution strategy.

Responsibilities/Deliverables: SAP ECC 6.0 and BI Security

• Defined new security roles to support the implementation of the upgrade project from 4.7 to ECC6.
• Migrated from BW3.5 to BI7.0 and designed new security roles for 7.0.
• Configured, executed, and documented SAP change control functions for production batch jobs.
• Maintained and provide production security support to R/3 including XI/PI,MM, PP, PM, PS, QM, SD, BI and SCM
• Help system Integrator with BI security Strategy
• User Provisioning with GRC Compliant User Provisioning
• Provided guidance regarding remediation, risks assessment and design of internal controls to ensure compliance to SOX. Document the risk analysis and established security policy, processes and implementation strategy.
• Used SAP VIRSA/GRC Compliance Calibrator 4.0 and 5.2 tools for effectively managing segregation of duties for users and roles. Also maintained role matrix GLOBAL and MATRIX1 , conflicting transactions and critical authorizations.
• Provided analysis and reports for Sarbanes-Oxley compliance to the internal audit department and business unit managers
• Analyzed of SOD business and compliance requirements and redesigned to new upgraded SAP Security.
• Advice on the user Provisioning process and best practices
• Actively involved in discussions with System Integrator for implementing GRC Fire Fighter and Access enforcer
• Provide management oversight for the Mitigation controls
• Helped design user provisioning process for release 1.2
• SAP ECC 6.0 and BI Security
• Configured SAP security system to effectively support business processes and job functional requirements to support the upgrade from R3 4.6 to ECC 6.0.
• Developed the global security plan defining security strategy in design, development implementation and support created template for the global rollout for the creation and maintenance of security accesses, permissions and controls by job role requirements
• Designed and performed fully integrated tests of delivered solutions investigated, diagnosed and analyzed issues and recommend solutions managed and tracked project schedule
• Analyzed internal controls relative to structure and business processes identified gaps or opportunities for improvement and recommended solutions then constructed and tested of configured controls.
• Reviewed security design and provided guidance on segregation of duties, sensitive transactions and authorization objects access.
• Refined the security policy, standards and procedures user documentation and conducted training for management and business process owners.
• Provided Production security support for all SAP instances. GRC Compliant User Provisioning
• GRC Compliant User Provisioning
• Conducted Top-down IT Governance consulting.
• Used Virsa Compliance Calibrator 4.0 tool to administer Segregation of duties for users and roles.
• Led the GRC development, including planning, design and implementing strategy.
• Collaborated with SAP Business Process Owners to ensure that business process meets the business security needs. Analysis of SOD business and compliance requirements and redesigned to new upgraded SAP Security.

Responsibilities/Deliverables: SAP ECC 6.0 and BI Security

• Led the SAP security upgrade from 4.6 to ECC6 for the basis modules. Worked on the upgrade of the BW3.5 to BI7.0.
• Maintained and Production support for all SAP instances R/3, BW, CRM, APO, SCM, EBP, XI and Solution Manager
• Planned and executed the plan through testing and implementing all the changes from the upgrade.
• Customized the authorization objects for the maintaining the product master data in SAP catalog content management.
• Aided in system upgrades from R/3 4.5b to 4.6c/d.
• Performed technical troubleshooting and documented process steps and best practices.
• Supported efforts for data migration, server consolidation, and networking.
• Help Identify the sensitive t-codes
• Actively involved in setting procedures for securing ABAP/4 programs and custom table with Authorization Groups, transactions and authority check statement.
• Involved in Designing Strategy for Implementing Central User Administration
• SAP Basis
• Create and manage the scheduling of batch jobs
• Importing transports to clients in SAP Landscape DEV, QAS, and PROD TRNG .
• Applying corrections SAP Notes
• Spool Administration SPAD/SP01 :
• ISU/CCS Security
• Worked with business owners for the preparation of functional specifications, testing and creating and executing test scenarios.
• Assist with bug fixing within SAP ISU-CRM.
• Design security roles and provided guidance to train end users.
• GRC Compliant User Provisioning
• Implemented SAP GRC Access Control previously Virsa Firefighter and Compliance Calibrator and extensively involved in developing process for change control and Defect resolution process.
• Involved in role maintenance in compliance with SOD and worked the Role owner, Process owners and SOD approvers.

Responsibilities/Deliverables: SAP R3 4.7 and BW 3.5 Security

• Maintained and provide production security support to R/3 including MM, PP, PM, PS, QM, SD IM/WM, BI and SCM,
• Troubleshoot and resolve existing roles
• Provide support and maintenance in user administration for the project and assist with day-to-day maintenance for the business users
• Monitor requests for access to ensure solutions are performed in a timely manner.
• Performed technical troubleshooting and documented process steps and best practices.
• SAP GRC Process Control 2.0
• Performed Sarbanes Oxley Compliance - SAP System Audit and documentation of Significant Processes and controls.
• Worked with client to come up with process Risk, Rules, deficiency Exception Case and Control Category.
• Configured the Organizational structure and hierarchy
• Administrated key process such as rule testing, Master data testing and configuration
• Trained users in User Interface such as filtering item, modifying and uploading documentation
• Emergency Access- SAP GRC Emergency Access
• Involved in designing strategy for Implementing GRC Fire Fighter
• Advised on the best methodology for implementing GRC Fire Fighter
• Identified process and procedures for reviewing Fire Fighter Logs

Responsibilities/Deliverables: SAP R3 4.7D and BW Security

• Security Team Lead, v4.7d implementation project modules included FI/GL, MM, PS, QM, SD IM/WM, BW, CRM and EBP .Develop and access permissions.
• Defined performance metrics Troubleshoot user access problems. Provided feedback on performance of others.
• Team Lead in the SAP Security global rollout of all international SAP projects which included locations in Canada, United Kingdom and the Netherlands.
• Developed and managed the project plan for the Pilot implementation and subsequent country rollouts.
• Converted the standard purchasing process into EBP/SRM requirements and customized new authorization objects, fields and organization levels.
• Set up the rules based security for suppliers and their employees and defined additional attributes
• SAP GRC- Virsa Access Enforcer 2.0
• Interfaced different systems to transfer users in the system
• Defined user data sources
• Configured number ranges for the system
• Configured request configuration module with request type, category, reason and priorities
• Created service level agreement based on business and company requirements
• Identified all the approvers with Email, point of contact info and application approvers
• Authentication of roles for user identify
• Workflow configuration module for email notification, approval, alternate approvers and escape route

• Responsibilities/Deliverables: SAP R3 4.7 and BW 3.5 Security
• Provided Production security support for all SAP instances R/3, BW, CRM, APO/SCM, and developed Solution Manager Application.
• Internal SAP Security Implementation and Support Tools Development Project for HBCG.
• Provided SAP Security knowledge and best practices support to assist in the design and development of SAP Security Implementation and Support Tools to facilitate HBCG's SAP Security implementation and support of client SAP Systems.
• Assisted in detail testing tools and documenting process procedures.

Responsibilities/Deliverables: SAP R3 4.6C and BW 3.0 Security

• Worked with client team to define, create, and support SAP Portals.
• On-going maintenance and support of phased security implementation of Asia, Europe and Latin America.
• Provided SAP Security design and best practices support for Sony's phased rollout of SAP R/3 and BW/BI in Asia, Europe and Latin America.
• Processed defects and supported change requests in test environments as it relates to this implementation and interfaced with Functional Teams to ensure job roles were consistent across lines of business and business processes.
• Analyzed and recommend technologies to enhance current systems and support overall business goals and global client relationships.
• SAP GRC- Virsa Fire Fighter:
• Worked with Fire fighter for emergency access to functional team members
• Configured fire fighter to capture logs
• Communicated with the Security Coordinators, Line of Business LOB people for organizing and analyzing the security requests and documenting the details for future reference.

Responsibilities/Deliverables: SAP R3 4.6C and BW 3.0 Security

• Developed and designed security roles for two new deployment locations from the ground up.
• Developed and tested R/3 including FICO, HR, MM, PP, PM, PS, QM, SD IM/WM, BW and SCM,
• Led development and implementation in both Chicago, IL and Minneapolis, MN and the rollout to Canada.
• Interfaced with user community to understand their security needs and worked with functional teams to define user roles and requirements.
• Coordinated security role testing and end-user role mapping activities for the two deployments.

Responsibilities/Deliverables: Conducted Sarbanes-Oxley Tool analysis.

• Assisted in evaluating Sarbanes-Oxley tool content and processes for SAP R/3.
• Assisted in normalizing Approva Segregation of Duties SOD content.
• Assisted in developing Approva Implementation Methodologies.
• Performed various Approva projects for Lucent Technologies, Honeywell and KLA-Tencor.

Responsibilities/Deliverables: SAP R3 4.6A and BW 3.0 Security

• Redesigned and retrofitted the roles for FI/CO, MM, PP, SD, IM/WM and HR in compliance with segregation of duties principles.
• Performed functional and integration testing.
• Documented and integrated security solutions into application functional and technical roles.
• Designed formal training classes for client global SAP Security Administrators, global help desk staff, process, Basis, ABAP and implementation teams on SAP R/3 application security concepts.
• Integrated Business Process Controls framework into technical security design.
• SAP GRC Remediation
• Established procedures to monitor and mitigate Segregation of Duties SOD conflicts.
• SOX remediation testing for a major manufacturing holding company.

Responsibilities/Deliverables: SOX Remediation and Redesign SAP R3 4.5A

• Sarbanes Oxley project responsible for internal controls and security infrastructure.
• Maintained and provided Production security support for all SAP instances R/3, BW, CRM, APO/SCM, HR .
• Assessed the security risks and exposures using the Risk Controls Tracking Systems tool.
• Remediated and took corrective action in following areas: SAP access controls, segregation of duties SOD , operating systems, databases and network throughout the SAP landscape.
• Made the changes and worked with users through implementation and conversion.
• Redesigned areas as required and developed standard operating procedures as needed.

Responsibilities/Deliverables: SOX Remediation and Redesign SAP R3 4.5A

• SOX remediation testing.
• SOX policies and procedures development
• Developed and tested new technical roles.
• Maintained and provided Production security support for all R/3 including FICO, HR, MM, PP, PM, PS, QM, SD IM/WM, BW and SCM/APO.
• Assessed risks and ensured that SAP access controls, segregation of duties and monitoring are implemented.
• Made the changes and supported the users through implementation and conversion.
• Redesigned and retrofitted the internal controls of the SAP landscape and infrastructure to strengthened controls and protection.
• ISU/CCS Security
• Redesign ISU to for SOX compliance and governance in the security configuration and utilization of CIC/Front Office functions and workflow.
• Designed training material for transferring SOD knowledge of ISU security and configuration and for transferring knowledge of Fl billing configuration

Responsibilities/Deliverables: SAP R3 4.5A Security

• Readjusted and converted roles and authorizations.
• Converted mainframe jobs and positions to R/3 including FICO, HR, MM, PP, PM, PS, QM, IM/WM, and SCM/APO.
• Implemented security for Human Resources, Business Warehouse, Sales and Distribution, Logistics and Finance with 9,000 users.
• Developed and executed test cases and to setup multiple users and/ or roles.
• Converted existing manual positions in the old system and made them SAP compatible roles using the Profile Generator.
• Redesigned positions and created profiles based on divisions, departments and financial grouping within the HR.
• Provided maintenance and support to SAP Security department modules MM, FICO, PP, SD, HR and PM.

Responsibilities/Deliverables: SAP R3 4.0B and CRM Security

• Conducted new implementation and conversion of old roles to SAP.
• Completed full life cycle implementation of security development in three types of environments for Defense Agency.
• Advised project team and client management on security issues and problems.
• Devised methods for clients to establish security policies/ procedures.
• Led the security effort for the project.
• Developed comprehensive security strategy and established guidelines to design security controls of the system.
• Created profiles based on organizational structure and mapped positions to profiles.
• Designed the security infrastructure on five levels: application, users, database, operating system and desktop levels.
• Planned organization security plan.
• Configured the systems parameters to ensure the security at the system level. Set-up and configured the AIS Audit Information Services based on the extensive client data collection requirements. Set-up operational and security logs.
• Completed full life cycles implementation security development in R/3 landscape for a financial institution with 60 branches in 3 states, created 19 roles for 300 users.
• Completed an upgrade life cycle implementation and converted R/3 authorizations from version 3.1h to version 4.6b for a Chemical Company.
• Created profiles based on geographical and work-center organizational units.
• Installed the CRM R/3 2.0b SR1 systems on Windows NT/Oracle platform.
• Installed the standard R/3 system on Unix/Oracle platform for SAP training.
• Assessed SAP enterprise products and services, then modeled the positioning of these products and services to show the future direction of SAP. Assessment resulted in mySAP Workplace retooled and enhanced then renamed to SAPPORTAL.
• Formulated Security Assurance Audit procedure based on extensive research of security issues internal and external to SAP.
• Recommended the remedies to implement the necessary security measures.