SUMMARY

• Senior SAP Security and GRC consultant with over 8 years of experience in SAP Security and over 6 years of experience in GRC Access Control Suite.
• Worked on 3 Full life cycle implementation of SAPSecurity projects from design phase to Post implementation phase in SAPSecurity domain.
• Expert in administration of SAP Application Security in ECC 6.0/ 5.0 and R/3 environment for the modules of FI, CO, MM, PP, SD, WM.
• Also experience in SAP Security Administration for BW 3.5/BI 7.0 security, Enterprise Portal, CRM and HCM modules.
• As a security administration, strongly expertise in using Profile Generator (PFCG) for creation and maintenance of Roles/Activity groups as required and expertise in Security Administration activities such as creating login Ids, assigning and resetting passwords, locking and unlocking users.
• Extensive experience in Configure and Maintain CUA (Central User Administration) landscape.
• Extensively performed and monitored transaction codes SU01, SU10, SU24, SU21, PFUD, SUPC, SUIM, SU53, SU56, ST01, SE54, STMS, SCC1, SE09/SE10, RZ10, SM18, SM19, SM20, SE16 and SM30 in SAP Security. Used CATT Scripts for creating mass users.
• Hands on experience in using Online Service System (OSS) for corrections and enhancements provided by SAP in Service Market place.
• Worked with the functional and development teams for role development and strategy and also working with Developers in setting up required Authority Check for Custom Tables, Reports and Custom transactions.
• Analyzing user activities reports, T - codes and role usage report and detail role analysis to decide the role set for every user under the Job Title.
• Performed BW/BI security for Administrative users (creating authorization objects and restricting users at info object level) and reporting users (analysis authorizations).
• Working knowledge in analyzing and processing SOD issues using the GRC 5.3/ 10.0/ 10.1 Access Control tools such as RAR/ARA (Access Risk Analysis), SPM/EAM (Emergency Access Management), CUP/ARM (Access Request Management), ERM/BRM (Business Role Management) components with an excellent understanding of Sarbanes- Oxley Act (Section 302 & Section 404).
• Involved in configuring and customizing the Multi-stage Multi-path (MSMP) workflows especially when working with ARM and EAM components.
• Performed Role and User Analysis, Risk Analysis and Mitigating risks and roles as required.
• Involved in the installation and Configuration of SAP GRC Access Control 10.0/10.1.
• Scheduling and working on reports of background jobs as well as foreground jobs during the risk analysis in SAP GRC AC suite.
• Providing detail reporting on Segregation of Duties (SoD) and critical access violations at both user level and role level.
• Design preventative, mitigating and compensation controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy.
• Experience in documenting monthly performance reports, procedures, logs and other tracking documents to monitor health of project.
• A strong team player with ability to learn new skills and adapt quickly, highly motivated with excellent interpersonal, communication skills.

TECHNICAL SKILLS

ERP: SAP ECC 6.0/5.0, SAP R/3 4.7E, SAP BW 3.5/BI 7.0 security, GRC AC 5.3, 10.0 & 10.1.

Programming Languages: C, C++, T- SQL, PL/ SQL.

Database: MS SQL Server 2008 R & 2012, Oracle 10g, 11g.

Operating Systems: Windows (Server Edition, Enterprise Edition), UNIX, LINUX.

PROFESSIONAL EXPERIENCE

Confidential, Newark, NJ

Senior SAP Security and GRC Consultant

Environment: ECC 6.0, GRC 10.1, BI 7.0, HR.

Responsibilities:

• Handled Security designing roles for all modules of SAP R/3 such as FI, CO, MM, SD and PP.
• Worked on Role Maintenance, Transaction codes, Profiles, Authorization objects, Authorization groups, Single Roles, Composite Roles, Derived Roles and User Maintenance.
• Analyzed each role and mapped them to transaction codes according to business process.
• Created and generated roles, profiles, authorization objects, object classes and assigned to user master record.
• Used Transport Management System (STMS) for Transporting the generated roles and profiles.
• Extensively used the following transactions on daily basis - SU01, PFCG, SU53, SU56, SU24, SUIM, SUGR, SE16 and ST01 for providing technical support to users.
• Experience in BW and BI Analysis Authorization (RSSM/ RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems using RSECPROT.
• Worked on giving custom BI authorizations S RFC, S RS AUTH, S RS COMP, S RS COMP1.
• Created BW analysis authorization and maintained roles based on created analysis authorization.
• Performing BO (Business Objects) security at users and groups level, Universe level, Folder access level in Central Management Console(CMC).
• Also performing security at Environment level between browser to web server and web server to BOE .
• Experience in HR security in providing authorizations in PA, ESS, MSS and payroll.
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Configured Profile Generator and performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.
• Performed reconciliation of User Master record & roles using PFUD and SUPC.
• Providing Temporary Access to all the Users with proper approval from the respective Business Process Owners in all Productions and Non-Productions Environments.
• Worked with process experts for SOD conflicts and assigned appropriate roles to the users. Also, supported audit team for generating audit reports.
• Meeting the Key Stake holders and Business team for ongoing SAP Role based provisioning and also for requirement gathering, analysis, designing Functional and Technical Documents workflow requirements, approval requirements and flow of request and data across multiple systems, serving as an Subject Matter Expert for SAP security.
• Configured all the four components ARA, ARM, BRM and EAM during GRC implementation.
• Configured MSMP workflows in Access Control Suite and activating the delivered business configuration (BC) set for Access Control Multi-Stage Multi-Path (MSMP) workflow configuration.
• Involved in post installation and Configuration of GRC activities.
• Performed Risk analysis for role level and user level.
• Created, modified, locked users through ARM component and performed risk analysis.
• Created RFC connection between GRC and Backend systems.

Confidential, Secaucus, NJ

Senior SAP Security and GRC Consultant

Environment: SAP R/3, ECC 6.0, GRC 10.0, BI 7.0

Responsibilities:

• Changing the Design of a Single Role and Composite Role with Proper approvals from respective Business Process Owners following the Process Norms.
• Troubleshooting missing authorization using SU53 and run trace ST01.
• Monitoring and handling Background Jobs like PFUD for updating User Master Records in all Production and Non Production environment on daily basis in all systems
• Experience in Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorization for various landscapes using Profile Generator
• Review and Transport the activities performed by other team members
• Extensively used SU22 and SU24 to update the USOBT C and USOBX C tables (transaction and the authorization objects).
• Monitored access to key authorization objects such as S BTCH ADM, S ADMI FCD, S TABU DIS, S DEVELOP for debug access and etc.
• Worked with functional team leads to define new custom transactions, objects, classes, integrating them in transaction codes and then apply security restrictions for custom reports/queries and transactions.
• Handling Object level changes for Transaction Codes through SU24 to maintain Authorization in standard or maintained mode.
• Extensively used the following transactions on daily basis - SU01, PFCG, SU53, SU24, SM59, RSSM (for BW) and ST01 for providing technical support to users.
• Executing Computer Aided Testing Tool (CATT) reports to update Org levels.
• Creating analysis authorizations and maintaining them at both user and role assignments using RSECADMIN in SAP BI 7.0 Security.
• Performing Authorization Trace in SAP BI 7.0 and generating error log reports for analysis.
• Experience in user administration 24x7 on call production support, quick turnaround for end user requests, and Helpdesk support for user administration
• Checking for Segregation of Duties (SOD) issues while assigning Roles to Users and while changing the design of a single Role, Composite Role and User group creation.
• Role transport to multiple landscapes, TR release through SE09/SE10/SE01.
• Report generation using SUIM and also to analyze the missing authorization based issue.
• Working with tables like AGR* for data collection and verification.
• End-to-end implementation of GRC Access Control Suite 10.0 and configured all the components in it as when required.
• Performed Role and User Analysis, Risk Analysis and Mitigating risks and roles as required.
• Checking the SoD (Segregations of Duties) using Risk Analysis and Remediation before assigning to the users.
• Working on Fire Fighter (FF) for Super User privileges like maintaining Owners, Controllers and Fire Fighter Access to user.
• Checking the log report as and when required for audit purposes.

Confidential, Buffalo Grove, IL

SAP Security and GRC Administrator

Environment: SAP R/3 4.7E, ECC 6.0, GRC 5.3, BI 7.0

Responsibilities:

• Responsible for all the aspects of SAP Security Administration tasks including coordinating and interacting with business, technical and functional consultants for gathering SAP.
• Security requirements, role development, Custom authorization, security system validation, User Administration, Testing, Transports and troubleshoot.
• Validating Authorization errors and create/maintain SAP Security process documents for SAP.
• Designed, Developed and maintained different roles like Composite roles, Single roles & derived roles for SAP Modules FI, CO, SD, MM, PP, BW, HR for SAP Global implementation.
• Executing Computer Aided Testing Tool (CATT) reports to update Org levels and using SECATT script for mass changes.
• Building the Roles using the transaction codes and implementing these Roles for the client organizational levels creating derived Roles and authorization profiles for the various plants located at different geographical locations.
• Successfully transported the generated roles and profiles using SAP transport management system (STMS) and handled normal & mass generation of roles and transport of roles.
• Participated in Internal and External security audits.
• Worked with business, functional leads and Basis to identify critical & immediate roles.
• Troubleshooting user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error.
• Responsible for coordinating, communicating within the team and end users.
• Involved in the installation and Configuration of SAP GRC Access Control 10.0.Creating and maintaining the user IDs in CUA.
• Identified Segregation of Duty conflicts and propose recommendations that lead to implementation of mitigating controls and elimination of risks.

Confidential

SAP Security and GRC Consultant

Environment: ECC 5.0, BI 7.0, GRC 5.3

Responsibilities:

• Undergone internal training on GRC Access Control suite.
• Well experienced in planning, designing, documenting and implementing security related standard procedures for the user administration, roles and profile generation. Created single roles, composite roles and derived roles as per organizational structure in R/3systems using PFCG.
• Monitored User maintenance on day-to-day basis and role maintenance on requirement basis.
• Setting up security roles and user accounts for over 800 End Users for primary Go Live.
• Monitored User maintenance on day-to-day basis and role maintenance on requirement basis.
• Identifying the missing authorizations using SU53/ST01 trace and maintaining them in suitable role and SU56 in order to find security problem.
• Troubleshooting performance issues & adjustment of SAP profiles.
• Locking critical transactions using SM01.
• Worked with the Business Process Owners to restrict sensitive transactions and security authorizations, and ensured segregation of duties (SOD) over all fields of business areas.
• Successfully transported the generated roles and profiles using SAP transport management system (STMS) and handled single& mass generation of roles and transport of roles.

Confidential

SAP Security Analyst

Environment: ECC 5.0, BW 3.5, HR.

Responsibilities:

• SAP Security administration and maintenance
• Design, Configuration & Testing of SAP Security Roles
• Creating/ Maintaining the ORG Fields in Objects
• Adequately securing programs, transactions and tables
• Role Download/ Upload, Mass Generation/ Mass Transport.
• Mass Assignment and Re-assignment of Roles/ Users
• Mapping of Missed Authorization Object in T-codes.
• Mapping of T-code with Reports and Programs.
• Monitoring Central User Administration (CUA).
• Maintaining (Create, Delete, Change, Copy) SINGLE, COMPOSITE and DERIVE Role in Customer Namespace.
• Performed Spool Administration, Client Administration, SAP background job scheduling and monitoring, Transport Organizer and other Basis day to day activities.
• Locking critical transactions using SM01.
• Assigning HR ESS/MSS access to the user as per requirement.
• Analyzing SU53 screen shots to debug authorization problems.
• Analyzing ST01 trace log to fix the authorization bugs.