PROFESSIONAL SUMMARY

• Over 7 years of my SAP SECURITY ADMINISTRATION & SOX COMPLIANCE EXPERTISE
• Well experienced with multiple SAP security lifecycles (Analysis & Conception, Implementation, Quality Assurance & Tests and Cutover).
• Experience in leading individuals and implementations and mentoring team members.
• Expertise in formulating complex strategies and business plans to implement enterprise security and data integrity.
• Expertise in remediation of SOX issues and implementing controls.
• Well versed in implementing central data, business process and change management strategies in complex business environments.
• Good experience with R/3 Security including ECC 6.0, ECC 5.0, 4.7, 4.6C, 3.0D and ISU.
• Capable of implementing security for Business Objects, BW/BI, Solution Manager, SCM, SRM, SNC, CRM, PLM, PDM, PPM, QM, XI and EP.
• Well versed in security implementation for the BI 7.0 Analysis Authorizations concept.
• Experience in migration from BW 3.5 to BI 7.0 as well as new implementation of BI 7.0.
• Well versed with the new Analysis Authorization concept.
• Proficient in HR structural authorizations security administration.
• Expertise in implementing PLM security including versions 7.0, 5.0 and 4.6.
• Well versed in setting up Business Partners and designing position-based as well as territorial-based security.
• Configuration and maintenance of CUA including integration with the Enterprise Active Directory.
• Well versed with SSO solutions such as Kerberos to enable user authentication and integration with Enterprise Portal and all SAP systems.
• Well versed with security in EP 6.0, 5.0 with NetWeaver 2004 and 2004s
• Involved in Solman 7.0 to 7.1 upgrade
• Implemented the new AJAX based portal 7.3 while federating with the portal 7.02.
• Hands-on experience in planning, configuring and implementing GRC/Virsa Suite 5.3, 5.2, 5.0 and 4.0, and working knowledge in Approva BizRights and Security Weaver.
• Good understanding of SOX SOD issues and mitigation processes working with internal and external auditors.
• Expertise in planning and implementing GRC processes, test and implementation plans.
• Worked on all the four GRC components (CUP (Compliant User Provisioning), RAR (Risk Analysis & Remediation), SPM(Fire Fighter), ERM(Role Manager).
• Hands on experience with Rule Architect, Alerts and Mitigation Controls and Configuration in CC.
• Worked on the Support packages application extensively and also applied patches as per OSS notes.
• Good knowledge of NW IDM, BW, ITS, SAP WAS, NetWeaver 2004, 2004S and mySAP 2005 architecture concepts.
• Involved in Mentoring and Knowledge transfer on Security.
• Quick learner, self motivated, with excellent problem solving skills, good communication skills and team spirit.

Experience
Confidential. May 2011 - Current
Milwaukee, WI 
SAP Security (ECC, PLM, BI & GRC) Lead Consultant

Global PLM and BI security implimentation & Go live support for all the SAP systems for Jhonson Controls Power Solutions entity. 
Accomplishments:

• Formulated detailed worldwide implementation plans and release strategies for the Security changes according to the global release strategy.
• Worked extensively with business teams from Europe, China, Mexico, Brazil and the US to design global and local roles based on job responsibilities.
• Created derived roles based on Org Levels for the global release.
• Worked with the business entities to develop a user role matrix and Organizational chart.
• Created Standard Operating Procedures reflecting the approval flow and policies for User Access management, Role Management and Transport management.
• Created custom roles for Solution Manager based on job duties and activity within Solution Manager for basis, security and operations team.
• Configured CUA system to enable single point of user administration.
• Worked with Basis in installing the Kerberos SSO solution..
• Synchronized the Single Sign-On mechanism with the Enterprise Active Directory (LDAP).
• Configured SSO with the Enterprise Portal for both internal and external (Suppliers and Vendors) users.
• Involved in drafting the release plan and have assessed the estimated time frames for all the cut over activities for security.
• Worked on all the major go live activities including Mass user creations and role assignment using Ecatt Scripts.
• Worked extensively during the hyper-care period and have resolved remedy tickets on priority basis.
• Monitored the ticket queue in Remedy, and utilized off shore resources efficiently in managing the workload.
• Managed a team of four resources from off shore and provided direction on resolving the tickets.

PLM

• Created process specific roles for PDM (ECM, DMS, BOM, and MM) and have roles for Reports, Create and Change accesses.
• Created roles specific to Time Entry and Management for administering and approving timesheets in C-projects.
• Implemented the security for external vendor collaboration users/admins for communicating the Designs and Labels Info in C-folders.
• Configured and assigned PLM Portal roles for ECC users

BI Security

• Created a detailed Project Plan and Implementation Strategy for implementing Analysis Authorizations.
• Gathered detailed requirements and user matrices for all Reporting areas in order to determine the best possible approach.
• Used RSECADMIN extensively to develop authorizations based on the characteristics and hierarchies identified during analysis
• Used the Analysis tab of RSECADMIN extensively to simulate users running queries in BEx and used the Error logs to determine missing authorizations.
• Restricted users to the Infoareas and Infoproviders based on their portal and BEx usage.
• Restricted Key Figures to engineer column level Security to restrict sensitive data.
• User provisioning into the BOBJ clients (BI launch pad & CMC) & Xcelsius, Data services.

GRC/Audit

• Worked with the various Business stakeholders and Audit teams in identifying risks, mitigation controls and approval workflows in consideration with current processes.
• Created mitigation controls for SOD issues and scheduled batch jobs to provide reports to the Management team on a quarterly basis for review.
• Provided reports to the internal and external auditors and created custom audit roles based on audit needs.
• Created documentation and trained the audit team and off-shore support security team in all aspects of the GRC Suite to provide for a seamless transition.
• Configured Access Enforcer and defined the user access request process.
• Configured main, forked and parallel workflows and identified escape routes for approval process.
• Defined custom attributes, workflow paths, initiators, stages and custom determinators for complex site based scenarios.
• Provided training and documentation to the audit and Global access provisioning team in Access Enforcer
• Prepared POC to upgrade current version GRC 5.3 to GRC 10.0.
• Created Firefighter IDs and roles based on business areas and requirements.
• Configured Owners, Controllers and security setup along with various configuration parameters in Firefighter.
• Configured Firefighter background jobs for running in hourly to ensure the controllers get the Login Notification and Log Reports.
• Trained potential Firefighters and Business owners on using the Firefighter cockpit and various reports.

Environment:. ECC 6.0, SAP R/3 3.1, BI7.0, BOBJ, PLM 7.0, xRPM, SAP PLM/SRM Portal, SAP ServiceDesk, CUA-LDAP, SRM 6.0, SNC, & GRC 5.3.

Confidential.
Jacksonville, FL Sep 2009 – April 2011
SAP Security (ECC, BW, HR & GRC) Lead Consultant

Global SAP security redesign & SOD Cleanup across all environments arising due to audit deficiencies also Responsible for Implementation & Support of ECC 6.0, BI 7.0, SRM 5.0, CRM 7.0, HCM & GRC 5.2. 
Accomplishments:

• Identified pain & improvement areas needing immediate attention in the SAP Security CoE and implemented process improvements for the same.
• Re-designed all SAP roles and implemented a common security policy for all SAP landscapes
• Re-designed table security , program security & custom tcode security.
• Prepared a cleanup plan and strategy including UAT, change communication & training.
• Configured & trained Firefighter usage to the SOD cleanup impacted users.
• Role SOD, profile SOD & user SOD cleanup resulting in re-designs and new approaches - E.g., field restrictions, material type restrictions, master data access cleanup etc .
• Developed Security SoP & Guidelines document to act as a single source & point of information for SAP Security SLAs, escalation procedures, DR etc
• Configured and extensively used SAP ServiceDesk for support tickets, services & SLA monitoring.
• Server Resource Sizing & landscape architecture design for ControlPanel, CUA, IDM etc
• Support in Implementation, Performance, Integration Testing, Load Testing & End User Training.
• Configuration, integration & support of all Controlpanel Components : Risk Analyzer, Usage Analyzer, Transport Manager, Role Manager, User Manager, FireCall(EA), AutoAuditor.
• Designed Security architecture for various teams including FI, CO, SD, HR, BI, BOBJ, CRM & EP.
• Analyzed the current security needs and worked with the respective Business areas in determining their reporting security needs.
• Evaluated different methodologies to implement Analysis Authorizations based on existing security best practices and client’s security approach.
• Created a detailed upgrade strategy and implementation plan to implement Analysis Authorizations.
• Activated Business Content in IMG for the new Analysis Authorization concept.
• Created detailed inventories of new authorizations created for future enhancements.
• Used automatic generation to create Analysis Authorizations using ODSs and flat files in RSECADMIN.
• Formulated complex mapping documents to establish relationships between the InfoObjects, Analysis Authorizations and their respective roles.
• Used object S_RS_AUTH to assign the Analysis Authorizations in the Reporting roles.
• Cleaned up SOD conflicts for one client by separating conflicting infotypes, Timesheet entry & payroll access, restricting PA20 and other access.
• Designed, configured and cutover of GRC Access Control 5.3 – CUP, SPM & RAR.
• Supported existing installations VIRSA 4.0 & 5.3 – Workflows, mitigating on behalf of control owners/internal audit, GRC upgrade, IDM-GRC CUP webservices integrations etc
• Configured Audit logs and exercised periodic user & SOD access reviews.
• Created Rules, Rulebooks, and Templates for BizRights for both SOX and Access Lists.
• Generate Access Lists in BizRights, and perform access remediation on user accounts based on its reports.
• Supported Implementation of all GRC components including RAR(Compliance Calibrator) , CUP(Access Enforcer), ERM(Role Expert) & SPM(Fire Fighter).

Environment: ECC 6.0, SAP R/3 3.1, BI 3.5/7.0, BOBJ, CRM 7.0, xRPM, SAP Portal, SAP ServiceDesk, CUA-LDAP, SRM 5.0, SCM/CRM 2007/XI, HCM & GRC 5.2., VIRSA 4.0.

Confidential June 2008 – Aug 2009 
Kansas City, MO
SAP Security/GRC Consultant

Planning, Implementation & Support of SAP Security, Design & Integrating Sym-Guard’s ControlPanel Suite for SAP Compliance and multiple go-lives across the world USAccomplishments:

• Identified pain & improvement areas needing immediate attention in the SAP Security CoE and implemented process improvements for the same
• Developed Security SoP & Guidelines document to act as a single source & point of information for SAP Security SLAs, escalation procedures, DR etc
• Designed Security architecture for various teams including FI, CO, SD, HR, BI, BOBJ, CRM & EP
• Configuration, integration & support of all Controlpanel Components : Risk Analyzer, Usage Analyzer, Transport Manager, Role Manager, User Manager, FireCall(EA), AutoAuditor
• Configured and extensively used SAP ServiceDesk for support tickets, services & SLA monitoring.
• Configured Audit logs and exercised periodic user & SOD access reviews
• Server Resource Sizing & landscape architecture design for ControlPanel, CUA, IDM etc
• Support in Implementation, Performance, Integration Testing, Load Testing & End User Training
• Redesigned user provisioning, SOD check & de-provisioning processes with SAP IDM in the mix
• Evolved the rule set change management process in GRC & MS Access tools
• Eventually Integrated GRC, all SAP instances & Remedy/non-sap application with IDM and enabled some enterprise SOD checks
• Integrated the entire solution with SAP IDM 7.1 infrastructure for SAP provisioning
• Integrated BMC Remedy with IDM for manual completions, error handling & other escalations.

Environment: ECC 6.0, HCM, BI 7.0, BOBJ, CRM 7.0, , SAP IDM 7.1, xRPM, Portal, SAP ServiceDesk, CUA-LDAP, Sym-Guard ControlPanel for SAP Compliance.

Confidential
West Palm Beach, FL Sep 2007 – May 2008 SAP Security Analyst

Accomplishments:

• Helped in creating Project Plan(MPP) for SAP system authorization, Compliance & Governance & Production support including individual task allocation, dependencies & outlook integration
• Defined Authorization assignment & management strategy and Procedures
• Define User and Authorization Management Technical Strategy using CUA
• Define User Roles and role Management Procedures (Role Owners, etc)
• Train User and Authorization Administrators (Ongoing user admin support)
• Created Genesis Security strategy document according to Company security norms
• Established Naming convention and developed Support, Dev & Production roles
• Helped establish middleware: Vertex, Delego, Trillium (Data Quality Solutions)
• Functional Teams Job Role Map to Process Steps for each BPD to complete Role Design
• Role Analysis & Object level security to build Production security roles
• Helped training by creating roles according to the training catalog
• Helped team to build Functional & Role specs with all updates of role creation till post implementation
• Identified SPOCS in business for Approval, Change & User Creation process
• Created a Functional Spec for Security Automation program for Business approval
• Identified & Built Functional controls in each business process with the help of audit team
• Helped CRM & Retail teams in creating & assigning BP’s IC & SOS Profiles
• Evolved compliance friendly process flows for approvals of all change requests
• Configured & implemented VIRSA 5.2 catering to the audit needs.
• Created & Defined JCO connections for Cross System VIRSA simulation & analysis
• Batch jobs for SoD report dump & actions to eliminate existing violations/risks
• Helped BASIS to establish Change Control(CHARMS)&Transport Management(STMS)
• Worked on FI(GL,AP,AR), HR, BI 7.0, CRM 5.0, SCM 5.0, XI & Solution Manager 4.0
• Defined & Set Authorization relevant Characteristics, Attributes & InfoObjects
• Analysis Authorizations by Maintaining Characteristics, Attributes, Hierarchies & Variables
• Assigned groups & individual authorizations through RSECADMIN
• Performed Upgrades, system copies, Client Copies, Correction and Transport System.
• Designed Security testing strategy and trained QA team for Security & compliance testing

Environment: SAP ECC 6.0/HP Servers with AIX/Oracle. VIRSA Compliance Suite 5.2

Confidential Jan 2006 – Aug 2007 
Minneapolis, MN
SAP Security Analyst

Accomplishments:

• Established SAP access/approval/change processes per SoX/audit standards.
• Evolved compliance friendly process flows for approvals of all change requests
• Made sure the processes were adhered by all teams before the changes went into production
• Implemented VIRSA Compliance Calibrator & FireFighter catering to the audit needs.
• Established naming convention & usage guides for both
• Uploaded mitigation controls & created firefighter ids, owners & monitors
• Mitigated risks & users with controls in place
• Defined RFC connections for Cross System VIRSA simulation & analysis
• Batch jobs for SOD report dump & actions to eliminate existing violations/risks
• Verifying all approvals for the Change request, SOD Simulation reports, QA tests if applicable
• Security Maintenance & Support as part of Legacy System support (R/3 4.7, BW 3.5) and new system implementation (ECC 6.0, BI 7.0, etc)
• Worked on FI(GL,AP,AR), HR, BW 3.5, BI 7.0, CRM 5.0 & Solution Manager 4.0
• Created Business Partner for each employee(BP)
• Assigned BP to the org model(PPOMA_CRM)
• Was responsible for analyzing and setup of different roles, profiles and authorizations
• Performed Upgrades, system copies, Client Copies, Correction and Transport System.
• Worked on CTS, STMS and all other Transportation related issues.
• Central User Administration(CUA), role maintenance & system administration
• Trained personnel on security concepts in their respective functional areas
• Performed extensive QA for new role and role changes before approving change requests.

Environment: SAP ECC 6.0/IBM Servers with AIX/Oracle. VIRSA Compliance Suite 5.0.
Confidential Feb 2005 – Dec 2005 SAP Security/SOX - Virsa Analyst 
Accomplishments:

• Technical consultant for SOX security redesign project responsible for coordinating technical implementation of security changes, testing strategy and SOD tool configuration. Actively involved in process decisions and technical documentation.
• Work closely with security team and management to determine best approach for role redesign project.
• Principal contact for SAP security internal and external SOX audits. Prepare responses and provide technical evidence to challenge audit findings.
• Administer Virsa Compliance Calibrator 4.0 and Firefighter 3.0. Update rule set to insure that each business risk is accurately translated in rule architect. Update Firefighter tables and configure monitoring background jobs. Apply patches across clients and work closely with vendor to address bugs and fix various inconsistencies in the tool. Create custom matrices to address gaps in object-level reporting on sensitive transactions in 4.0 version.
• Primary resource for R/3 upgrade from 4.6B to ECC 5.0. Perform post-upgrade maintenance procedures, run security conversion tools, adjust existing roles with new security objects, research notes on new functionality, implement automated testing process and support implementation team through all phases of the upgrade.
• Build custom tools to improve efficiency of security administration and reduce manual tasks.
• Review IT support access, identify and document additional controls around sensitive basis transactions in preparation for audit reviews.
• Provide day to day security administration support including user admin changes, role modifications using the Profile Generator and troubleshooting authorization errors.
• Provide strategic advice and training for full time security staff.
• Work with business process owners and local security committees to define change procedures, approval process and security policies.
• Ensure successful transition from implementation team to newly formed security support team and approval committee.
• Troubleshoot and resolve authorization issues by reviewing SU53 reports, system logs and traces.

Environment: SAP ECC 5.0/Sun Solaris Servers with Linux/Oracle. VIRSA Compliance Suite 4.0.