PROFILE SUMMARY:

• Over 15 years of solid SAP security experience (design, implementation, upgrade, cutover, post go - live, support & knowledge transfer) in S/4 HANA, ECC, BI, Business Objects, BPC, CRM, CAR, HANA, HCM, SCM, SEM, SRM, SRM, Solution Manager, PI/PO, GRC Access Control and Portal areas. Several full life-cycles of security implementations in Retail, Banking, Finance, Pharmaceutical, Media, Manufacturing, Auto and Government industries. Excellent experience in change control management, security audit, and access controls for Sarbanes-Oxley & SSAE SOC2 guidelines.
• Extensive security analysis/design/implementation and production/operations support work on GRC (5.3 through 10.0-10.1 with SAP NetWeaver 7.0 EHP 2), IdM tools (ELM - IBM, 8.0 - SAP), HANA (SPS 08, 10), APO/SCM (7.0), BCS (4.6C), BOBJ (4.0), BPC (5.0 through 7.5 - 10.0), BW (3.5, SAP NetWeaver 2004s through SAP NetWeaver 7.0 EHP 1), CRM (4.0 through 7.0), ECC (4.6C through 6.0 EHP 7), Identity Manager 7.2, Portal (SAP NetWeaver 7.0 (2004S) through 7.4 with SAML authentication), SRM (4.0 through 5.0), SEM (5.0 through 6.0) and Solution Manager (7.0 through 7.1) systems. Experience in all areas of SAP security including requirements gathering, analysis, design, configuration, testing, implementation, post implementation support and HANA Enterprise Cloud (HEC) migration. Very good understanding of SAP security concepts, methodology, Segregation of Duties (SoD), system landscape, and different approaches for implementing system wide security effectively.
• Coordinating with management, business teams and leading security team and projects from long time.
• Excellent planner, work towards doing things right the first time and deliver projects on time and within budget.
• Provided guidance to various big and small consulting firms on complex security issues and custom solutions to their problems.

PROGRAMMING LANGUAGES AND SKILLS:

SAP ABAP

C

SOAP

Fortran

Assembly

SQL

Web & Scripting:

HTML

XML

ASP & ASP.net

JavaScript & VBScript

Version Control and Change Management:

Lotus Notes

Remedy

Service Center

TestDirector

Vantive

Oracle (including SQL & PL/SQL)

MS Access

UNIX

Windows

S/4 HANA, ECC, BI, Business Objects

SCM, SEM, Solution Manager

BODS, SLT, CAR, HANAHCM, SRM, CRM

Portal, XI/PI, PO

IdM, GRC, CUA

PROFESSIONAL EXPERIENCE:

Sr. SAP Security Lead Consultant

Confidential

Responsibilities:

• Lead security architect for ECC 6.0 to S/4 upgrade project. Migrated SAP security to S/4 environment with new business and reporting requirements.
• Work with business units and SME’s at Cambridge location to gather business requirement and expectations for S/4 updates and Fiori tiles. Worked with development team to configure Fiori tiles per business specs and updated / designed existing and new security roles.
• Worked with client’s IT security team to steer them through obsolete t-codes, objects, and updated SU25 to reflect new S/4 functionality. Developed LSMW scripts for mass user updates to SAP systems.
• Attended leadership meetings on estimates and resource planning (part of new project work) and managed business milestones and expectations.
• Worked with internal audit team to discuss new role design (three-tier role model, update existing single roles) and to remediate users where necessary. Changed security role model to separate out HR sensitive access and created guidelines to request such an access on emergency basis. Experience with audit SSAE SOC2 guidelines. Worked with external auditors (KPMG team) and internal audit team for a successful new role model audit.
• Worked closely with Basis team on system availability, down timelines, and cutover transport activities.
• Participated and guided Business and Basis teams on S/4 roles migration to HEC system. S/4 HANA system was cutover to HEC system.
• Developed HANA views Content roles for the selective business teams (FI/CO, HR) and access request process for the Helpdesk team to follow. Managed security transport packages and transports via LCM process.
• Developed HANA disaster recovery script in case of a data loss mishap per Confidential IT team directive. Worked with Confidential senior leadership team for the budget and timeline requirements.
• Connected Fiori to GRC via new connector. Requested Fiori access to be audited via GRC processes. Certain S/4 business access was combined with default Fiori roles, in addition to standalone Fiori roles to be requested via separate approval process.
• Resolved client GRC issue of not capturing correct logs as of SM20. Updated GRC EAM process to reflect latest emergency access roles and owners/cotrollers.
• Reviewed GRC 10.1 to 12.0 upgrade and provided feedback to management team. Developed project plan with timeline and resource plan. In process of automating access provisioning for all Confidential business users using SAP IdM 7.2 and CUP process of GRC 12.0.
• Updated BI reporting profiles per the new roles model and access was restricted to business folders per business area. Default roles access was combined with the S/4 and Fiori roles. A roles matrix was created for such a process and Help-Desk team was trained for it for a streamline process.
• Participated in SoX meetings with PWC, KPMG and the business teams. Drove audit discussion with Confidential ’s business groups and mitigation process.
• Managed existing support team in terms of their workload and acted as liaison between business and day-to-day support activities.
• Conducted daily meetings with the support staff and prioritized their daily agenda items.
• Created and managed a security forum process for Basis team members to participate in on weekly basis and answer to certain company security guideline questions.

SAP Versions: ECC 6.0, S/4 1809, HANA 2.0, GRC 10.1, 12.0, SAP IdM 7.2.

Sr. SAP Security Lead Consultant

Confidential, Sunnyvale, CA

Responsibilities:

• Worked with business units across the globe and SME’s at Sunnyvale location to gather their business requirements and implement a comprehensive SAP security solution.
• Designed Parent/Child/Derived roles model to meet complex business requirements in the transactional system.
• Help re-design, simplify exiting roles model to meet SAP recommended, a composite & single three-tier roles model. Documented new solution and provided training to support tea on the new model.
• Upgraded security setup to S/4 HANA. Reviewed S/4 notes, made business aware of the changes for training perspective. Attended leadership meetings on estimates and resource availability planning (part of upgrade project). Worked closely with Basis team and internal auditors on system availability timelines and cutover activities. Supported issues through hypercare period and transferred knowledge to off-shore team for day to day support activities.
• Upgraded existing Fiori roles to meet S/4 requirements and created configured Fiori roles to meet business requirements. Updated GRC ruleset to include new S/4 t-codes and removed any obsolete ECC t-codes from it. Updated BRF+ services to include Fiori setup (both existing and new) to the GRC scope
• Gathered business requirements and implemented SLT and Central Finance on HEC system. Attended meetings with the HEC team and preparation for SAP migration. Utilized SAP MDG for master data harmonization. Discussed user license requirements with IT team and managed it’s implementation.
• Worked with functional and business teams to support bugs, issues part of Functional, Integration and User Acceptance Testing (UAT).
• Re-designed GRC Emergency Access tool to support id-based assignment from its original user based setup. Updated Emergency Access to 12.0 version and connected HANA database to it.
• Provided design support for BI, configured new analysis authorizations and enhanced existing ones to support new business model.
• Supported HANA security design and enhanced existing HANA roles to support the acquisition and new users.
• Worked with Internal audit team to perform comprehensive SoD (SoX analysis) on 10+ years of custom t-code analysis and impact assessment. Performed; t-code usage, roles in question, business owners, existing approvals (if any) analysis for business review. Lead business meetings and point contact person for technical questions and making sure that timelines are met. Reported to IT director for the initiative.
• Used RevTrac transport management tool to manage workbench, customize requests to production. The workflow process secured electronic approvals for role owners and management.
• Transitioned legacy PR approval process security to the Fiori tool. Designed security solution using Neptune tool to save on SAP user licencing cost and used Fiori for Purchase Requisitions and Invoice approvals. Implemented front-end and back-end tiles based security and provided documentation and training to onshore and offshore client support team.
• Gathered business requirements for Global Trade Services (GTS) and implemented security design for it. Provided bug-fixing support in lower environments, cutover and post go-live project support.
• Managed existing support team in terms of their workload and acted as liaison between business and day-to-day support activities. Conducted daily meetings with the support staff and prioritized their daily agenda items.
• Reported directly to the Director of IT and VP of Finance, and participated in business steering committee for progress, issue log & roadblocks discussion.

SAP Versions: ECC 6.0, S/4 1809, BI 7.0, HANA 2.0, GRC 10.1, 12.0

Sr. SAP Security Consultant

Confidential, Cleveland, OH

Responsibilities:

• Discussed various solutions and conducted workshops with client teams to help understand the complete business requirements.
• Provided guidance on watch out, best practices and implementation steps.
• Designed CAR (Customer Activity Repository) for sales data. Point contact person for ABAP and HANA security implementation and resolution of POSDTA (Point of Sale Data Transfer Analytics), PMR (Promotion Management for Retail), Assortment Planning & Management Planning areas. Performed cutover and go-live activities.
• Implemented HANA Web IDE solution for implementation over HANA Cockpit design for easier and as a cheaper alternative.
• Configured both Catalog and Content roles in HANA. Created content roles and user ids in HANA Studio.
• Implemented frontend and backend security for FIORI tiles. Presented design options to business, and designed the automated provisioning for FIORI users. Designed, developed and performed cutover activities.
• Worked on HANA and BOBJ integration project. Used SAML for SSO from BOBJ.
• Implemented and supported BOBJ, setup the approach from analysis of requirements to design, test and implementation using best practices criteria.
• Secured BOBJ queries data in HANA using Analytic Privileges Created project and end-user ids for BOBJ.
• Used RevTrac to create and manage projects, transports and transport approvals to production.
• Help client understand Sarbanes-Oxley (Segregation of Duties) requirements and future use of those, such impacts and importance behind following those guidelines.
• Participated in design discussions and roll-out plan for the implementation and advised on the support period and SLA requirements for the hyper-care and post hyper-care periods.
• Help training team chalk out the steps needed for train the trainer material and help management derive cutover discussions.
• Reported directly to the Confidential business director and participated in the weekly steering committee meetings about the project progress
• Advised on current and future state support resource requirements and development time, resource matrix for the successful project implementation.
• Worked with Basis team in implementing latest notes for SAP Fiori, CAR and HANA to help bring their SAP version to latest platform.
• Worked directly with the system architect in defining missing implementation steps and updating the project plan.

SAP Versions: ECC 6.0, CAR 2.0, HANA 2.0, BOBJ 4.2

Sr. SAP Security Consultant

Confidential, Detroit, MI

Responsibilities:

• Joined this project during the realization phase. Worked on BW, SEM, CRM, ECC, HR and SRM security development, testing, defect resolution, cutover and go-live activities. Lead security contact for BW and SEM security for enhancements and post implementation support.
• Upgraded BW 3.5 to BI 7.0, SEM 5.0 to 6.0 - BPS and BCS, and Portal EP 6.0 to 7.0. Developed and supported test plan, and created security awareness presentations for functional teams. Defined security activities for cutover, deployment and post maintenance. Managed SAP marketplace for OSS messages, notes and developer/object keys. Provided Production support and development on BW 3.5 in parallel to BW upgrade to 7.0 using transactions such as RSA1, RSSM, RSD1, RSRT, and RRMX. Implemented BW security in Portal.
• Created Analysis Authorizations on BI using RSECADMIN transaction. Created reporting and power user roles securing data at infoArea, infoCube, Query, and change and display access for Business Explorer through BW and Portal. Created and supported workbook roles for various areas. Worked with BW developers on securing queries, programs and sensitive HR information. Help resolve critical BI hierarchy and Dashboard issues.
• Supported ECC 5.0 (modules - Finance/Controlling, Project Systems, Plant Maintenance, Project Planning and Warehouse), Portal, SRM and HR Level 1 production incidents. Resolved HR structural authorization technical and process issues. Helped resolve critical PA/PD and OM issues in HCM. Scheduled rhproflo HR reconciliation job and created process to update infotype 0105. Implemented Payroll sub-module in SAP for the centralized payroll department. Expert knowledge of Payroll infotypes, t-codes and authorization objects. Helped Level 2 and 3 users and did knowledge transfer to employees.
• Architect behind ECC 5.0 to 6.0, Solution Manager upgrade project and its 5 box system strategy.
• Implemented Treasury and Cash Management modules from scratch from requirement gathering to go-live support activities.
• Implemented Real Estate module security to support company’s real estate assets.
• Involved in security optimization project for ECC, SRM, HR and Portal role consolidation, security matrix update and process enhancement.
• Implemented dynamic profile based security solution for Supplier Portal in order to bring company suppliers on SAP landscape. In this fully automated approach, suppliers are managed by their admin. Lead coding activity and supported cutover/go-live phase.
• Used GRC Compliance Calibrator to do Segregation of Duties analysis, simulation of changes to access/roles and reviewing SOD rules with internal auditors. Mitigated conflicts, managed Mitigation and Rule transports. Help define sensitive t-codes and objects for GRC tool. Help implement and support role based Fire Fighter for various organizations to manage off hour and emergency access issues. Created Fire Fighter emergency approval process.
• Defined security policies for Identity Management (IdM) project and lead implementation efforts.
• Supported SuccessFactors Employee Central permissions for the existing design. Supported RBP framework for permission groups and users.
• Established SAP security procedures, guidelines and help define quarterly access review internal audit requirements.
• Lead contact person for Identity Access Management (IAM) implementation to automate user provisioning process. Working with IM developers help identify user provisioning rules and regulations (FERC, NERC).
• Provided step by step guidance, documents on CAR implementation, conducted meetings with leadership to understand their business requirements and developed/submitted the project plan for it. Performed PoC in a sandbox environment to enable visual aspect of the plan.
• Documented security design and user access procedures in Livelink and Documentum central repository.
• Documented security role change requests using Mercury and Peregrine systems.

SAP version: ECC 6.0, BI 7.0, SEM 6.0, SRM 5.0, and Portal 7.0. CAR 2.0

Sr. SAP Security Lead Consultant

Confidential, Denver, CO

Responsibilities:

• Designed SAP security solution for a retail implementation. Lead all aspects of ECC (FI/CO, MM, SD, PS & WM) security implementation for NG including development, testing, defect resolution, cutover and go-live activities.
• Discussed various solutions and conducted workshops with client teams to help understand watch outs, best practices, implementation steps. Help client understand Sarbanes-Oxley (Segregation of Duties) requirements and future use.
• Designed authorization solution, positions (for both head-office, store users). Streamlined design across all 100+ stores and brought them over to one solution.
• Handled requirement gathering sessions with teams, created position matrix, roles (single, derived, parent/child & composites) and secured business sign-offs on new design.
• Helped resolve System Integration Testing (SIT), User Acceptance Testing (UAT) scenarios, bug fixes and changes across the landscape.
• Worked with both internal & external audit teams to alleviate any concerns on the design solution.
• Created security policies in the areas of DDIC, SAP* id login, Firefighter access and quarterly audit procedure in conjunction with internal Audit team policy.
• Handled solution cutover activities during go-live and performed hypercare activities9.
• Prepared documentation and performed knowledge transfer to the support team during to be able to handle/resolve issues on their own.
• Documented any changes using Remedy tool.
• SAP version: ECC 6.0.

Sr. SAP Security Consultant

Confidential

Responsibilities:

• Designed security solution for complex retail (Stores) and DC s (Supply Chain) implementation. Worked on ECC (FI/CO, MM, SD, PS & WM), BI, HCM, CRM, SRM, Solution Manager and GRC suite. Lead security development, testing, defect resolution, cutover and go - live activities. Lead security contact for SAP retail and GRC suite for enhancements, support pack upgrades and post implementation support.
• Designed BI solution from scratch based on business requirements for 1400 retail stores and head-office users. Lead meetings with business teams (Finance, Loss Prevention, Store delegates etc.) to gather BI security requirements.
• Created Analysis Authorizations using RSECADMIN transaction.
• Created reporting and power user roles securing data at infoArea, infoCube, Query levels and change and display access for Business Explorer through BI and Portal.
• Created and supported workbook roles for various areas. Worked with BI developers and provided guidance on queries, programs and sensitive HR information.
• Help resolve critical BI hierarchy and Dashboard issues. Help resolve authorization issues during SIT, UAT test cycles and performed cutover.
• Participated in daily business and weekly leadership meetings for status, open issues and timeline discussions. Trained both on-shore and off-shore team members on BI design and provided support documentation.
• Security Architect for the multi store access concept for both Portal and RFC handheld devices. Implemented unique custom solution for stores to enable user access multiple stores based on their active sites. Used ELM (Employee Lifecycle Manager) as a store front-end IdM tool. Integrated ELM with GRC CUP and a custom module (GreenLight) through webservices for user provisioning, site table updates. Defined security policies for IdM project and lead CUP, GreenLight RTA design studio configuration. Did Blueprinting and Design of approval workflow process.
• Upgraded GRC 5.3 to GRC 10.1 version. Implemented ARA, ARM and EAM including post implementation and configuration steps including checking of GRC installed components, activating of application, activating BC Sets, creation and configuration of connectors, Maintain connectors and connector types, groups and setting, GRC parameter settings for ARA and EAM, running of synchronization jobs, generation of rulesets, configuration in NWBC, setup of parameters in target systems and transports. Creation of all required ABAP roles for GRC. Updated webservices for user creation, modification (role changes, user expiration etc.) purposes for ARM and IdM tools. Automated whole flow of access provisioning via IdM and GRC tools. Creation of all ids including FF ids, Mitigation ids, Mitigation approver ids, Role owner, Role approver, FF Controller and Approver ids and setup of Reason codes etc. Transported rule sets from Development to Production and use of MSMP and BRF+.
• Provided day to day support including functional support to create functions, permissions, risks and adding risk ids to custom rule sets.
• Updated current IdM solution to SAP IdM 8.0 version.
• Customized IdM application for Confidential installed SAP and non-SAP environments. Integrated IdM with Single Sign On (SSO) for one time password recognition and with Active Directory. Setup self-service for user management (view reports, password reset etc. functions) and authorizations behind it. Setup self-approve process workflow for retail users and approval process support users.
• Configured GRC workflow for SAP access provisioning. Developed and tested scripts. Performed knowledge transfer to client s on-shore and off-shore resources for support purpose.
• Setup provisioning framework for SAP IdM. Built custom connectors, modify provisioning framework per custom requirements. Good knowledge of Java and SQL scripting for workflows and provisioning. Built complex workflows to support non-SAP servers.
• Updated workflows in GRC to support feed from and to IdM. Create data packages, repository types, jobs in SAP Identity Management Developer Studio. Active Directory knowledge for integration with AD. Support unit testing, system integration and user acceptance testing, cutover and post go-live period.
• Presented various SAP IdM options to the management for implementation and their good and bad options.
• Held various discussions with both SAP and legacy leads, presented options, collected their feedback and blueprint the solution.
• Very good understanding of security policies, SAP, Fiori, and Netweaver Portal for existing implementation and future road map. Managed content transports. Provided technical documentation and knowledge transfer to both on-shore and off-shore team resources. Prepared and shared documentation with various management teams for future access provisioning and de-provisioning requests.
• Review policies, documentation and provide guidance to R&A team.
• Participate in leadership meetings and provide status updates.
• Good understanding of section 302 and 404 of Sarbanes-Oxley Act (SOX), COBIT framework and business processes.
• For HANA, worked on both Catalog and Content roles. Created content roles and user ids in HANA Studio. Created all technical and project team ids in HANA. Working on securing data using Analytic Privileges.
• Implemented frontend and backend security for FIORI tiles. Presented design options to business, and architected the automated provisioning for FIORI users (over 50,000 users). Designed, developed, performed cutover activities.
• Implemented Plant Maintenance (PM) module from requirement gathering to go-live phase. Performed Development, supported SIT / UAT, Cutover activities.
• Provide post go-live R&A support to business and managed resources based on severity of issues.
• Reviewed project architecture and provide input on timeline, challenges to the leadership team
• Implemented and supported BOBJ, setup the approach from analysis of requirements to design, test and implementation using best practices criteria. Supported day to day BOBJ issues including user and alias creation, universe and connection security, configuration of entitlement systems, role import from entitlement systems, role mapping to groups, folder security, troubleshooting report level issues and working on authentication management with SAP, Active Directory and enterprise user groups. Created Active Directory users, user groups and enterprise groups. Created custom access levels for content and applications. Worked on Dashboard and Xcelsius queries and managed synchronization jobs between Active Directory and BOBJ. Moved user groups, folder structures and custom access levels to Staging andProduction systems. Assisted BOBJ functional teams to add queries to folders and secured BOBJ queries data in HANA using analytic privileges.
• For BODS, created user groups based upon development and functional teams requirements.
• Worked on a project to implement CRM, POSDM, BODS, SLT, HANA security and connected it to GRC.
• Worked on Security design, development and implementation of CRM 7.0 with EHP 3, worked with the functional teams to finalize requirements and acceptable solutions. Used UI logging for user data input and ease of role design. Created business and standard SAP Security roles that drive end user access restrictions. Maintained Security objects C LL TGT and UIU COMP for CRM 7.0 for front end views. Unit tested business and standard roles, Coordinated integration testing and cutover and go-live activities. Provide production support when required.
• Implemented user delegation and password self service solution in Portal. Store users were able to rest their Portal/AD passwords by answering correctly to their selected questions. Store managers are empowered with the user password reset tool for their store users through user delegation tool.
• Implemented HR security (PA/PD, OM modules) from scratch part of the HR roll-out initiative. Resolved org management and structural profile issues with the HCM functional and security teams. Guided security team over the implementation of Payroll module and best practices. Implemented and secured e-recruit sub-module roles.
• Worked with internal and external auditors to enable R&A monitoring and apply recommended updates. Enabled SM20, ST03N audit logs.
• Prepared documentation and provided training to SAP production support staff (CoE) and NSC (National Service Center).
• Documented security role change requests using Remedy and Mercury (HPQC) tools.

SAP version: SAP Netweaver 7.4, ECC 6.0 EHP 7, BI 7.0, BOBJ 4.0, SRM 7.0, Portal 7.0, GRC 5.3/10.0/10.1 , SAP IdM 8.0, CRM 7.0 EHP 3, CAR 2.0, HANA 1.0 SP 10

Sr. SAP Security Lead Consultant

Confidential

Responsibilities:

• Lead meetings with the Functional, Development and Project Management to understand key issues and to develop a comprehensive BI and BOBJ security model.
• Integrated Active Directory groups so that BPC is accessed through secure connection using RSA token instead of just directory authentication. Groups BPC ADMIN RDS and BPC ADMIN RDS TEST were used. Also BPC USERS group in Active Directory for reducing the number of users who can potentially get BPC access.
• Very good understanding of .NET IIS based architecture and different components of BPC interfaces like MS Office, Admin, web etc.
• Configured new BI security roles (Casual, Power, Workbook and Data) and analysis authorizations fixing all security issues on hand.
• Advised business leads to have one Power user role solution based on their requirements rather than one per area. Developed one Power user role solution to create ad-hoc reports and workbooks by various business areas such as Finance, Controlling, Project Systems and HR. Restricted query display and any sensitive access at the info-area, info-provider and data level.
• Implemented Business Objects (BOBJ) security at the Folder and Universe level. Secured SAP, non-SAP data and developed security procedures for creating, securing Crystal and Webi reports. Streamlined security practice at both levels of SAP BW (for Data, Info-provider) and BOBJ (for Webi, Crystal).
• Imported backend BW Role/s, created User Groups and Folders in Central Management Console (CMC). Active Directory authentication and one AD User Group concept was employed.
• Managed aliases in Business Objects, developed Custom security rights and moved Webi reports and Universes from Support to functional folders. Supported development team with access issues to Web Intelligence (Webi), Universe Designer, Infoview and Desktop Intelligence applications. Provided an upgrade analysis report to Business Objects 4.0.
• Executed security strategy and project development plan. Discussed project progress regularly with the Project Manager.
• Participated in steering committee (CAPSL) meetings with the company vice presidents and answered questions.
• Trained security and BI teams of the new model. Instructed BI team of the steps to consider and discuss while creating new queries.
• Provided documentation on naming convention, test cases, test plan, job aid, executive summary (future recommendations) etc.
• Developed production support roles for Basis, security and Development teams to avoid any un-authorized access events.
• Secured sensitive t-codes, tables and programs with the help of business and development team. Developed emergency and off-hour Firefighter access process.
• Reviewed and updated client’s User Request Form (SURF) to in corporate new security model requirements and Change Management procedure.
• Resolved outstanding critical ECC security issues such as buffer refresh ($sync), making a field (RESPAREA) org level relevant and secured open/close period transaction (OB52) using authorization groups, limiting access based by teams and time. Restricted development team access to t-codes RSA1 and Listcube.
• Established step by step job aid documentation for the security team.
• Created security policy document for securing non-dialog id’s such as DDIC and SAP*.
• Created authorization groups and secured custom t-codes with it.

SAP version: ECC 6.0, BI 7.0, BOBJ 3.1, BPC 7.0.

Sr. SAP Security Consultant

Confidential, Troy, MI

Responsibilities:

• Developed and executed security strategy & project plan to identify/clean manually inserted objects in R/3 roles. Upgraded security from R/3 4.7 (Finance/Controlling - FI/CO, Plant Maintenance - PM, Warehouse Management -WM) to ECC 6.0. Developed and supported test plan, cutover, deployment and post maintenance. Created and managed OSS messages for security issues.
• Laid out and executed security strategy for separating a GMAC owned business in the same production instance. Developed new Functional, Data roles and performed cutover tasks in ECC and BI clients.
• Implemented Global security model to consolidate all North American and European divisions into one SAP instance. Updated role naming convention and configured security to streamline business processes across various SAP instances. Worked closely with the Business and Functional teams to understand ECC, BI, SRM and Portal requirements. Updated GRC ruleset and owners. Resolved user acceptance testing (UAT) issues, supported cutover and post go-live activities.
• Implemented Business Planning and Consolidation (BPC 7.0) security. Very familiar with the Admin Console. Created teams as agreed by business to apply security rules, designate a team leader to save team templates on the server. Setup member access and task access profiles to restrict user from an application or task. Secured UJE tables to prevent any un-authorized change through ABAP backend.
• Developed structural authorizations based on company’s HR organizational structure. Updated payroll roles to include Canada and Mexico countries to support company’s centralized Payroll structure. Expert knowledge of various HR area infotypes and switches. Used P PERNR object to grant employee self service access in ESS and expert in setting up different HR switches. Used objects P ORIGIN and P ORIGINCON to secure master data based on Personnel Area, Employee Group and Employee Subgroup. Expert implementation and troubleshooting knowledge in the areas of PA/PD/OM/ESS/MSS/E-Recruit. Configured e-recruit roles.
• Developed Analysis Authorizations on BI using RSECADMIN transaction. Created reporting and power user roles securing data at infoArea, infoCube and Queries. Created and supported workbook roles for various areas. Work with BI developers on securing queries, programs, process chains and sensitive information.
• Supported Treasury and Cash Management modules. Provided support and moved transport changes to production.
• Lead consultant to verify, implement and co-ordinate Business Objects (BOBJ) implementation as part of the Banking Service Design (B.S.D) project. Implemented Folder based structure to host Web Intelligence (Webi), Crystal reports and Universes. Developed Business Objects custom security rights for power and casual users. Enabled Auditing tool and managed Business Objects transport jobs using Life Cycle Manager (LCM). Configured Event based report bursting (Publisher) functionality for multiple reports and managed Microsoft Outlook groups. Conducted meetings with business users to make them aware of the front end change and fixed any test issues.
• Support Real Estate module security for company’s mortgage business as part of federal government requirement.
• Performed the security fit-gap analysis for implementing Bank Analyzer (B.A) to meet Federal Bank Holding Company (BHC) requirement. Designed open hub and B.A security.
• Created ECC, BI, SRM and HR iViews, roles, groups, users, and transports in Portal to meet business requirements of EP7.0. Point contact person for Single Sign On (SSO) and LDAP related issues. Setup Delegated User Administration and managed FPN network including FPN cache management on producer and consumer Portals. Very familiar with content administration, user administration and system administration features. Good knowledge of procedure for carrying out Portal content migration and resolved Portal language setup issues.
• Configured and administered Access control ‘SAP GRC’ and implemented SOD conflicts administration strategies and remediation. CG counterpart for implementing GRC CUP for automated User Provisioning, ERM for Role Management and SPM for FireFighter modules. Discussed with business and various teams to identify requirements and handled testing. Worked with Basis team to identify and implement Service Packs. Worked on GRC upgrade from 5.1 to 5.3. Update ruleset and mitigate user access. Execute RAR to identify any possible SoD issues before adding t-code to a role or functional role to a user, and generate Audit reports. Configured and extended RAR ruleset to BI environment to better manage production support teams and sensitive query access. Installed BC sets and did configuration setup for capturing and displaying logging data in the system. security risk assessment, management, compliance and controls experience. Documented procedures and performed knowledge transfer to employees. Participated in SOX IT controls meeting to discuss and eliminate any vulnerability threats.
• Strong knowledge of section 302 and 404 of Sarbanes-Oxley Act (SOX), COBIT framework and business processes. Designed the IT controls with main focus of eliminating redundancy in quarterly assessments.
• Identified webservices between the Identity Manager (SUN IdM) and GRC CUP for user provisioning and other HR status update requests in production. Developed user provisioning policies, lead coding and troubleshooting activities.
• Use of Xellerate for production provisioning (OIM 10g) using a custom front end, did some initial work on upgrading to OIM 11g and evaluation of SAP NetWeaver IdM. Worked on Solution Manager and ChaRM.
• Configured Maintenance Optimizer in Solution Manager to download patches from SAP. Developed security Roles for ticketing system and Project Management.
• Support Central User Administration (CUA) to create/maintain users in complex non-production landscape. In process of testing GRC CUP provisioning/update functionality to replace CUA in near future.
• Provided security for Test Data Migration Server (TDMS) to create non-production ECC clients with customized data migration and reduced data volume. Updated ECC SPAM/SAINT to the latest version.
• Support PI/PO roles and issues for the production support (Basis/Technology) teams to transfer data between SAP and non-SAP systems.
• Update and create security policies in the areas of DDIC, SAP* id login, Firefighter access and quarterly audit procedure in conjunction with internal Audit team policy.
• Secured custom t-codes with authorization groups and created procedure for such development. Setup custom switch to restrict password wizard to generate eight character long strong passwords in NW environments.
• Support local development team with access keys and other SAP marketplace requests.
• Participate in weekly technology meeting to discuss upcoming support pack upgrades, refreshes, disaster recovery exercise and their impact on security. Discuss timelines and create Power Point presentations.
• Helped create disaster recovery plan from the COE (Center of Excellence - competency center) perspective with help of various support teams and used Paragon tool to document it.
• Plan security initiatives and resource requirement to meet Federal Bank Holding Company (BHC) status.

SAP version: Portal 7.0, ECC 6.0, BI 7.0, Business Objects 3.1, BPC 7.0, SRM 5.0, PI/PO, and Solution Manager Systems.

SAP Security Lead Consultant

Confidential

Responsibilities:

• Supported functional, business teams with blueprint activities and conducted security strategy sessions with functional and business teams to help understand position based security approach.
• Supported functional, business teams with realization phase activities. Configured ECC roles (using t-code PFCG) based on local country specific naming and as per the global security requirement. The derived roles (modules - FI/CO, WM, QM, LIMS, PP, PM and PS) were configured as par with the pharmaceutical industry GxP standard. The ECC roles were developed after carefully analyzing client’s business requirement of clear data ownership and to avoid duplication of t-codes.
• Helped create training material and scheduling of business resources for GxP relevant training. Worked very close with the training team for change to the training material to reflect security updates. Used Microsoft Access based BR&AT (Business Roles & Authorization) tool to document and print security roles, GxP & business sensitive t-codes.
• Configured localized Benefits and Payroll sub-module for the Canadian employees and granted access to run bi-weekly payroll. Expert knowledge of payroll infotypes and troubleshooting. Participated in blueprinting and development of PA-OM, Time Management, Training and Event Management roles.
• Created Analysis Authorizations on BI using RSECADMIN transaction. Created reporting and power user roles securing data at infoArea, infoCube, Queries. Created and supported workbook roles for various areas. Worked with BW developers on securing queries, programs and sensitive information. Created custom t-code for running open hub functionality under transaction RSA1 and resolved critical BI hierarchy (data) and Dashboard issues.
• Worked on security design, development and implementation of CRM. Worked with ABAP and Portal teams on customization and object and field level security. Created custom field for Sales Organization to secure CRM data and to create derived roles for CRM. Created separate set of data roles to decrease the total number of derived roles. Created security matrix with mapping of tcodes to roles to process roles, made sure that no SOD conflicts exist and did user provisioning both in portal and back end systems
• Secured local t-codes with authorization groups and worked with global support team to fix global custom transactions.
• Developed SCM/APO roles per business requirement. Secured Advanced Planning Optimizer tool based on location, planning area, forecast profiles and SDP planning books. Very familiar with the /SAPAPO* t-codes and C APO* authorization objects.
• Used RWD uPerform to collaborate, utilize and share knowledge among the local and global resources.
• Supported local development team with access keys and other SAP marketplace requests.
• Implemented cost center user exit solution for securing cost center information across Canada.
• Helped implement Approva Bizrights tool for segregation of duties (SOD) checks and identify business critical and sensitive t-codes. Coordinated with the global (Germany team) to mitigate roles and update local rule set.
• Participated in steering committee, weekly team and progress update meetings. Updated security project plan and created cutover plan.
• Documented security design and user access procedures in Doc Navigator and central repository.
• Supported go-live and handover of SAP security design to global support team in Europe.

SAP version: ECC 6.0, BI 7.0, APO 4.1 CRM 7.0, Portal 7.0 and PI systems.