PROFESSIONAL SUMMARY

Around 8 years of IT industry experience as a SAP GRC 10, ECC,BW and Solution manager Security System Consultant in Leading, Administering and Supporting projects in SAP. A strong commitment towards technical excellence and flexible attitude with excellent interpersonal skills.

Technical Skills:

PROFESSIONAL EXPERIENCE

Confidential

Role: Sr. SAP Security Analyst

• Designed, developed and implemented role based security for SAP implementations working with process team members to determine roles and responsibilities for multiple functional areas, using profile generator, configuring security tables and parameters for profiles and authorizations for assignment to end users.
• Well experienced in GRC 10
• Working on security upgrade GRC 10 to 10.1
• Experience SAP GRC Process Control V10
• Worked on CUP,RAR,BRM,SPM/EAM
• BRM business role mgmt., role methodology development, configuration of workflows for the BRM, Life cycle maint..
• CUP CUP configuration, Workflow configurations, Administration of requests
• RAR- Risk analysis and configuration.
• Worked on Access risk remediation and Mitigation project in GRC 10
• SPM/EAM Firefighter config, FFID assignments ,work flow, email set up etc.
• Worked on SOLMAN 7.1 CHARM Tool Security
• Worked on solman services,Business Partners creation and folders creation in SOLMAN for security related
• Worked on User Access Reviews
• Worked on BRFplus
• Creation of new Mitigation ID based on requirement.
• Worked on System Measurements for SAP Licenses
• Responsible for day to day technical support and resolution of security issues
• Worked on BO Module Reporting Roles and BI/BW analysis Authorization
• Experienced with pulling TCODES from Solution Manager BPML
• Analyzed and replaced existing roles with new roles accurately matching business needs
• Performed gap analysis, conducted risk assessments, managed issues
• Worked on design and Build role development in ECC ,BW,GRC and Solman Environments
• Very good experience on Upgrade the SAP GRC Access Controls
• Prepared the Audit Reports through Process Control
• Experienced in non technical security requirement and design build access based on functional requirements
• Have experience on LSMW script
• Worked on Security Change Management
• Worked on automated Control Monitoring, Master data upload generation Utility, Compliance frame work by using SAP GRC Process Control
• Complete configuration of Compliant User Provisioning.
• Mapping Functional Areas to Initiators.
• Create/Maintenance of Automate Provisioning workflow stages and Paths
• Streamline Approvals through CUP Automate Provisioning
• Identifying real time SODs through Automate provisioning.
• Extensively worked with Sarbanes-Oxley Compliance - Strategy management related to SAP business processes, transactions, control infrastructure, financial reporting process. Remediation of Segregation of Duties SOD within SAP implementation..
• Develop segregation of duties SOD model and resolve SOD conflicts.
• Worked on BI objects.
• Performed Proactive research regarding advances in technology to develop business case to promote use of technology advances.
• Supported successful internal auditing and document significant processes.
• Resolve issues in unit, integration, and system testing, along with test scripts.

Environment: Environment: ECC6.0, Solman 7.1 Charm Security , GRC 10, BW 7.3, BO 4.0, Remedy and HPQC

Confidential

Role: SAP Security Analyst

• Worked with functional and business teams to develop new roles and authorizations.
• Prepared the training materials for End Users and Approvers Manager, Role Owner,
• Worked with business analysts and clean up the security roles to eliminate segregation of duties SoD conflicts using GRC Risk Analysis and Remediation tool.
• Designed and developed security roles in MM, SD and FI for various deployments.
• Train the End Users and Approvers Manager, Role Owner, AMT, SEC and Basis Admins.
• Implemented GRC Access Control Suite 5.3 for proof of concept which includes Compliant user provisioning, Risk Analysis and Remediation, Super user Privilege Management.
• Conducted User Access Reviews for semi annual audit. Helped the internal and external auditors for quarterly and yearly audits.
• Effectively analyzed trace files and tracked missing authorizations for user access problems and inserted missing authorizations manually.
• Worked on SAP check indicator defaults and field values, reduced the scope of authorization checks using transaction SU24 and maintained check indicators for transaction codes.
• Develop authorizations for the transactions at the field level security.
• Analyze all customer programs and transaction codes for authority checks.
• Troubleshoot security / authorization related problems using SU53, ST01 and SUIM.
• Analyze business roles and mapped them to transaction code according to business processes.
• Completion of Post Installation Tasks for GRC 5.3.
• Continuously improved security configuration to reflect best practices and prepare for audit.
• Assist the client in building procedures processes for Sarbanes-Oxley SoX compliance.
• Configuration and Maintenance of Central User Administration.
• Defined field attributes for user maintenance and transferred users from child to central systems.
• Created BW Authorization Objects and developed roles for power and reporting users.
• Created and modified CRM GTS roles as per business requirements.
• Performed Licensing audits using Licensing Administration workbench SLAW
• Make use of Central User Administration CUA for user management

Environment: EHP, ECC6, GRC 5. SAP Solman 7.1 R3 4.7 EE, BW/BI,UNIX IBM-AIX, SAP NetWeaver, DB2 9i,Remedy

Confidential

Role: SAP Security Analyst

• SAP GRC tool: RAR Module, simulate users before actual assignment in SAP.SOD violations found is mitigated by using mitigation control document.
• SAP GRC tool: Fire fighter: Assign fire fighter ID to support user in order to support issues.
• Make use of role creation Role Change Request form in order to create a new role or make change to an excising role Change Request Board approvals mandatory for transports. Simulate the role using GRC before moving changes to quality environment.
• SOX Audit Report Monthly , inactive SAP user
• Generate monthly and quarterly report so it can be useful for SAP Security audits
• Worked on User Administration :creation of users, deletion, rename and validity changes
• Role Administration: Role creation, Role copy, Derived and Base roles. Composite, Simple, Role creation for functional users and end users.
• Monitored access to key authorization objects such as S BTCH ADM, S ADMI FCD, S TABU DIS, S DEVELOP for debug access and etc.
• Extensively used RSECADMIN tool to build Analysis Authorizations.
• Performed troubleshoot of Authorization Errors using Transaction Code SU53 and ST01.
• Worked with the business team to prepare and maintain role matrices and user mapping matrices
• Responsible for coordinating, communicating, teamwork within the team and end users.
• Extensively worked with security related tables such as AGR TCODES, AGR USERS, AGR 1251, AGR 1250, AGR DEFINE etc.
• Generating audit reports using SUIM, and security table such as AGR , USR through SE16.

Environment: EHP, R3 4.7 EE, ECC6, , GRC, BW,UNIX IBM-AIX, SAP NetWeaver, DB2 9i,DB Symphony

Confidential

Role : SAP Security Consultant

• User Management: Creation of SAP Users, Renaming, Deleting, validity restricting, user profile maintenance
• Role creation, Role copy, Derived and Base roles. Composite, Simple, Role creation for functional users and end users.
• Missing authorizations: Analyzing missing authorizations using SU53 and ST01
• Mass user maintenance using SU10.
• Reviewing basis critical authorizations/objects in production servers to analyze and rectify excessive/critical authorizations.
• SAP security Audit data maintenance Record keeping of critical user creation evidences, approvals etc.
• Configuration of Central User Administration CUA
• Role transport, download upload
• Movement of authorizations fields from lower level to organizational unit to control the authorizations at organizational level of role.
• Object level knowledge of basis authorizations.
• Monthly review of Basis critical authorizations
• Active user Inactive user report preparation using SUIM
• Various user report generation using SUIM
• Periodic Interaction with client/functional teams to understand and enhance sensitive authorizations in SAP production servers.
• Preparing standard operating procedures SOP for new processes.

Environment: R3 4.7 EE, ECC6, SRM, GTS, GRC, EP, XI/PI, SCM, MDM, ADS,UNIX HP-UX, Win 2003, SAP Net Weaver, Oracle 9i/10g, Remedy, Livelink, IXOS, Lotus Notes

Confidential

SAP Security Consultant

• Create and maintain security roles in SAP ECC 6.0 and enhance functional, technical and support roles.
• Managed user account and roles created, modified users as per defined process created and modified roles and profiles per requirements using PFCG
• Transported change requests across Dev, QA and Production systems
• Implement security for SAP Enterprise Portal by designing distributing, uploading portal content roles.
• Perform simulation for new users and roles and assigned required mitigating controls.
• Collaborate with team and business representatives to ensure security settings meet business requirements and align with defined controls and standards.
• Monitor Remedy for production issues.
• Perform user administration and Mass Maintenance modify user access based on SU53 transaction snapshot and approval.
• Helped internal and external auditors in providing basis work program evidences.
• Implemented corrective action plans CAP as per the audit findings.
• Created and maintained policies and procedures, adhering to security requirements.
• Conducted User Access Reviews as part of annual audit.
• Managed user account and roles created, modified, and deleted users per defined process created and modified roles and profiles per requirements using PFCG.
• Created required roles for accessing SAP for material management and financial accounting departments.
• Modified user access based on requirements for SU53 transaction snapshot after seeking manager's approval.
• Reviewed critical and sensitive authorizations, implemented improvements that met audit requirements.
• Analyzed and fixed root cause of authorization problems.
• Evaluated Central User Administration CUA , set up SAP R/3 Security environment.
• Created and maintained logins and access privileges.
• Documented procedure for all SAP tasks process and controls.
• Monitored system checked for updated records, system locks, database locks, system log, and ABAP dumps.
• Recovered batch jobs on daily basis and escalated calls to respective teams worked with team until bug was fixed.
• Performed weekly and monthly job administration with reporting of jobs status to business users.
• Monitored month end jobs and prepared checklist.
• Transported change requests across Dev, QA and Production systems
• Performed User Management. Developed / maintained the activity groups and their assignment to users
• Troubleshot authorization problems using Repository Information System, Profile Generator using PFCG and Tracing authorizations using SU53 and ST01
• Developed CATT Computer Aided Testing Tools scripts for mass assignment of roles and assignment of users
• Resolved issues arising from testing using system traces and dumps.
• Cleaned up and optimized security Roles
• Converted manual profiles and implementation of role based security.
• Updated and maintained DDIC and SAP passwords
• Use of User Information System SUIM , SE16, SU24, SU21, PFUD, SUPC, Profile Generator PFCG , Mass user creation and changes SU10 .
• Participated in designing, writing and implementing security related standard procedures for the user administration, roles and profile generation
• Adhere to company policies and ensured proper approval before granting critical and restricted access to users.

Environment: SAP R/3 4.6C, 4.7 EE, ECC6 , IBM AIX ,Win 2003,Oracle :9i, Remedy