SUMMARY

• Over 14 years of solid sap experience in SAP R/3 and Net weaver Technologies on Security and Authorizations with strong understanding of information security practices, sap best practices and SOX Compliance tools like GRC.
• Completed 3 Full Life Cycle implementations in sap security, 4 support and 3 Up - gradations.
• Experienced in working for Implementation, Go-Live, Post Go-Live, and Production Support projects.
• Extensive experience in Requirement gathering, Design, Development and Maintenance of SAP application security.
• Experienced in handling the security workshops and being the focal point for major security issues.
• Implemented security for various modules like BI / BW, BO, SEM - BPS, FI, CO, MM, SD, PM, HR / HCM, CRM, SRM, EBP, APO, XI, PI, EHS,WM, PS etc.
• Amazing experience in implementing portal security for ECC, ESS, MSS, EC, ME, MII, BPC,BI,BO and Enterprise Portal (EP) etc.
• Experienced in GRC10.1 (ARA, EAM, ARM and BRM) and GRC 5.3 (RAR, SPM, ERM and CUP) end to end implementations and worked on support as well.
• Broad experience in maintaining Single, Composite, Master and Derived roles using Profile Generator (PFCG).
• Extensive experience in creating Dialog, Service, Background and Communication User id creation using SU01 and SU10.
• Experienced in Central User Administration (CUA) configuration, maintenance and troubleshooting. Experience in creating users and assigning roles through CUA.
• Experienced in both Role Based and Position Based security models.
• Experienced in development of Structural Authorization.
• Very good knowledge of producing and analyzing reports in SAP using SUIM and security related tables (AGR*, USR*, etc) and customized Query reports.
• Developed LSMW and ECATT scripts for user id creation and role assignment.
• Worked on User/role remediation project for Sarbanes-Oxley Act (Section 404) using VIRSA / GRC System.
• Experienced in working with Internal and External Auditors and keeping the SAP systems audit compliant.
• Experience in writing SOX controls, SOX narratives, Technical Auditing process and Remediation process in highly demanding environments.
• Extensive experience with resolving ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
• Strong experience in SAP security Process Evaluation and advising client on sap best practices.
• Experienced in supporting more than 70,000 users and 40 SAP client systems.
• Ability to manage multiple tasks of production support and implementation projects.
• Experienced in adhering to the Change Management Process for transporting roles and tables, security objects and maintaining the change documents.
• Good understanding of ASAP and AGILE Methodology.
• Great experience in User licensing, sap best practice and optimizing cost.
• Experienced in providing security authorizations Training to the client.
• Interfaced extensively with clients to gain insight and developed solutions to meet business needs across the entire SAP landscape.
• Strong organizational and communicational skills combined with an aptitude to work both as a team member as well as an individual with minimum supervision, good work ethics, quality service, and proven results.

TECHNICAL SKILLS

• SRM
• BPC
• ME
• MII
• PLM
• ARIS
• BO
• BI
• Solution Manager Security
• Enterprise Portals
• BPC
• EC
• EHS
• SRM portal security.
• R/3 Security (FICO
• MM
• PP
• EHS
• SD
• PM
• WM
• SMP
• CRM
• APO
• SRM etc) on ECC6.00 and SMP(SAP Mobile Platform)
• GRC Access Control 10.1(ARA
• EAM
• ARM and BRM) and GRC Access Control 5.3 Tools (RAR
• CUP
• SPM and ERM).
• BI 7.0 & BO Security
• HR Security
• XI/PI Security
• CRM Security
• SRM Security and APO Security.

PROFESSIONAL EXPERIENCE

Confidential

Sr Sap Security Consultant

Responsibilities:

• Production Support, Sox Analysis, Re-Designing Security, Fixing Defects.
• Troubleshooting authorization issue by using SU53, ST01 and RSECADMIN tcode. Did Role remediation and designing for ECC roles.
• Worked on Leak survey project, Material Traceability Project, AMBBS, EDGIS project.
• Worked on GRC10 AC (Access Risk Analysis-ARA, Emergency Access Management-EAM,Access Request Management-ARM, Business Risk Management.-BRM)
• Created roles for sap modules like SD, MM, WM, FI, HR, PM, BW/BI etc. according to business requirements using tcode PFCG.
• Created Customized auth objects using tcode SU21 and field were created using tcode SU20 and were linked to tcode by using SU24.
• Created Auth Groups in SE54 maintained table TDDAT and assigned the auth group to a table. To maintain the security and access to critical tables.
• Designed security for SMP (SAP Mobile Platform), MII, EHSM (Employee Health and Safety, EC (Environmental Compliance) etc.
• Open connections for sap and raising messages for sap for issues.
• Creating OSS ids, S-user ids, Developer keys, Object keys Maintains Secure area at Sap Market Place.
• Resolving daily routine Support tickets.
• Worked on user licenses and saved 2 million dollars by correcting license.
• Worked on daily production support security tickets of SD, MM, WM, FI, HR, PM, BW/BI, EC,MII,EHSM portal and ECC portal. Defined SLA’s for tickets. Troubleshooted daily authorization issues.
• Gathered requirement and designed new End user, Batch user and CPIC user roles.
• Worked on gathering requirement and redesigned roles for SD, MM, WM, FI, HR and PM module on the basis of tcode usage by business. Designed new roles according to business tcode usage and remediated old roles for critical and sensitive authorization objects and tcodes. The objective was to lower down the no of SOD violations and mitigation controls. Cleaned up BI/BW roles for HR info cubes and Info areas.
• Activated BC sets for AC10 using Tcode SCPR20.
• Activated Services for GRC10 .1 AC using Tcode SICF.
• Created CONNECTORS and connected child systems like ECC, SRM and BW.
• Maintained 1000 Parameters for ARA.
• Set up background jobs for Role, authorization and profile sync.
• Configured and Maintained GRC Rule Set and customized ruleset. Created local and Global rule set according to client requirement.
• Created risk ids and defined High, Medium and Low risks.
• Created Mitigation controls and assigned mitigation controls to controllers and owners for monitoring.
• Tested SOD report at user level, Action level and permission level.
• Configured sensitive tcodes and power fulauth objects.
• Used ARA to Determine and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID. This powerful feature effectively eliminates new risks being introduced to production environment.
• Used ARA to easily create, maintain, and manage Risks used to generate Rule set.
• Configured Emergency Access Management-EAM GRC10.1 Common components.
• Maintained 4000 parameters for EAM in GRC10.1AC and Use Centralized EAM.
• Created Fire Fighter Ids in Child systems like ECC, SRM, and BW etc.
• Created Fire Fighter Controller and owners in EAM system and assigned Controller role and owner Role.
• Assigned Fire Fighter Ids to fire fighter users. Tested functionality.
• Maintained reason code and email template for sending logs approval email.
• Trained user EAM and prepared training material.
• Trained Fire Fighter Controller and Fire Fighter Owners on how to audit logs and approve them.
• Tested log reports with Transaction logs, Session logs and change logs.
• Worked on Maintaining MSMP Workflow and customizing workflow
• Maintained template for email communication and access request submission.
• Worked on Specific Settings for Provisioning and Managing Users.
• Worked on End User Personalization Forms.
• Worked on setting user request types and approvers in ARM.
• Gathered requirements and designed sap security roles for MT, AMBBS, EDGIS and LS projects. These projects used SAP ECC and SAP mobile plate form. It was Integration of Sap with Ipad and Android tablets using SYCLO.
• Designed role for Mobile (like Field tech) and non-mobile user (like surveyor, asset strategist, Supervisor etc.
• Designed and implemented portal roles and portal groups for MII (SAP Manufacturing Intelligence Integration), EC and EHSM (SAP Environment, Health, and Safety Management) and EC (SAP Environmental Compliance 3.0)
• After pilot Go-live these systems were migrated to LDAP from UME data base.
• Worked with external and internal auditor on providing SOX evidences for each SAP and GRC control.
• Worked on writing SOX controls and narratives.
• Worked on defining new process to remediate SOX deficiencies.

Confidential

Sap Security lead

Responsibilities:

• Managed team of 4 on - shore and 6 off - shore team members.
• Worked on Production Support high visibility issues.
• Reported weekly ticket status to management.
• Validating team member’s work and delivering to client.
• Worked on SOX reports and evidences and answered SOX questions.
• Did Role remediation and redesigning for ECC and BW roles.
• Created roles for Sap Solman and supported it.
• Worked on Firefighter creation / assignment through SPM (Super user Privilege Management) Mapped Firefighter ID’s to owners and Controllers.
• Worked on Transport Management, transporting roles from development to quality and then to production system.
• Creation of Test ids for different test scenarios as per client requirement.
• Creation/modification of single/composite/derived roles as per the requirement.
• Worked on producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc.), and SUIM reports.
• Worked on Mass user management using SU10. Uploaded user and roles through SECATT and LSMW.
• Authorization Profiles: Generating authorization profiles, inserting missing authorizations, maintaining open authorization fields and organizational values.
• Created BW roles for reporting users using S RS ICUBE, S RS COMP, S RS COMP1 and S RS FOLD objects.
• Created BW roles for administrator users using S RS ADMWB, S RS IOBJ, S RS ISOUR, S RS ISRCM, S RS ICUBE, S RS MPRO etc.
• Created analysis authorization through RSECADMIN and assigned to role through auth object S RS AUTH.
• Worked on Tracing analysis auth through RSECADMIN trace and fixing auth issues.
• Worked on GRC upgradation from GRC5.3 to GRC 10 migrated GRC rule sets, Fire fighter Ids, FF controllers and owners.
• Created training materials for end users on User access request, FF id usage and FFid request approval.
• Created connectors and connected child systems.
• Prepared SOD analysis and troubleshooting user request doc.
• Supported and worked daily GRC tickets.

Confidential

Sap Security Analyst

Responsibilities:

• Implemented sap security for ECC and BW, created roles for these systems.
• Configured CUA and supported it.
• Worked on Production Support, SoX Analysis, Re-Designing Security, And Fixing Defects.
• Designed process for user and Sap audit
• Worked on CUP, SPM and RAR GRC tools.
• Designed BPC security, implemented and now supporting it.
• Created roles for Sap Solman and supported it.
• Designed security for BOBJ, Implemented it and supported it.
• Open connections for sap and raising messages for sap on issues.
• Creating OSS ids, S-user ids, Developer keys, Maintains Secure area at
• Sap Market Place.
• Implemented BPC security—Created Member access profiles, Task Profiles, Created Teams, Access uses from active directory to BPC side, assigned Teams, member access profiles and task profiles to users. Restricted access according to dimensions.
• Created BPC admin role on BPC side and created BPC data load role on BW side. Created role s for BPC on BW side for all UJ* tcodes, some of such tcodes are UJFS, UJBPCTR, UJSTAT, UJBR, UJKT etc
• Implemented BI security, created roles for users according to requirements for Bex queries.
• Designed and implemented security for BOBJ, maintained access levels at folder levels, query level. Created user groups and assigned rights. Created access for query designer and Universe designer.
• Solution manager was upgraded, backup of user master and roles was done. By using SU25 tcode new auth objects were added in SU24, profiles were re-generated for all solman roles, data was copied from USOBT and UBOBX to USOBT C and USOBT C these new auth object entries were activated in SU24.
• CUA was re-configured in Solman, some RFC’s were redefined. All the child system were attached to Solman again and change logs were activated.
• Installed and configured Super user Privilege Management (SPM) GRC 5.3
• Created SPM users and mapped them in SPM Assigned Administrator role, Controller role and Owner Role.
• Customized Super user roles and tested the logged table.
• Configured Notification by Email, workflow and log file in Cockpit.
• Trained user How to Audit Transaction log and Sap Change Log
• Trained user on SPM and prepared Training material. Assigned super user roles to the users for emergency access and monitored & audited their activities.
• Configured SAP GRC Compliant User Provisioning (CUP) - Password Self
• Service, User Request work flows Like Basic, Detour, Escape routes, Forked and
• Parallel work flows.
• Did Workflow specific configurations, setting up E-mail remainders, Auto
• Provisioning, Configuring CUA System Setting, Identify STMP server for email Notification.
• Worked on Creating Initiators, Defining Stages, Defining Paths, Escape routes, Configuration of Approvals, Escalations, Next approver, Wait time, Alternate approver etc.

Confidential, Atlanta, GA

Sap Security Consultant

Responsibilities:

• Requirement gathering, Design, Development, and Maintenance of SAP application security and sap roles in ECC, BIW, BO, SRM, CRM.
• Working on daily routine level 3 tickets and meeting SLA
• Recommending Sap best practices to Client
• Maintaining users and roles for DEV, QA, SBX, PRD system.
• Analyzing system health every week and send report to internal control team
• Working on RAR, CUP and SPM GRC tools.
• Remediated ECC roles, removed and mitigated all high risks.
• Customized rule set and SOD matrix
• Worked on user license and audit.
• Gathered requirement for SRM and SRM-SUS roles.
• Designed SRM security and presented to management.
• Created SRM roles on abap side and portal side, created several roles SRM like SRM Bidder, SRM Employee, SRM manager, Operational purchaser, Component Planner, Internal Dispatcher, Purchase assistant, Strategic Purchaser
• Created customized SRM portal roles like Bidder, Requisitioner, Manger,
• Employee, Supplier, Purchaser etc Chopped down views, work sets and pages According to requirement.

Confidential, Southborough, MA

Sap Security Lead

Responsibilities:

• Requirement gathering, Design, Development, and Maintenance of SAP application security and sap roles in ECC, SRM, BI, BO.
• Created Portal roles on SRM, EHS, BI portal, designed & implemented security.
• Designed the sap security and roles for DEV, QA, SBX, PRD system.
• Designing procedure for requirement gathering, implementing Security on DEV, QA, Sand Box and PRD environment.
• Creating roles, Single role, Composite role and Derived Role in PFCG
• Assigning roles to users, troubleshooting daily user issues.
• Configured CUA & attached all the systems, trouble shooting CUA issues.
• Set up security in BO at group level, User level and folder level.

Confidential

Sap Security Consultant

Responsibilities:

• Requirement gathering, Design, Development, and Maintenance of SAP application security and sap roles.
• Redesigned the sap roles, as client was not passing not passing Sap Audit.
• Assigning roles to users, troubleshooting daily user issues.

Confidential

Sap Security Lead

Environment: SAP ECC 6.0, BIW 7.0, HR security, SAP Portal 7.0, APO, CRM 6.0, Solution Manager, GRC (Virsa) Tools.

Responsibilities:

• Assigned customized roles to the users according to business requirement, maintaining SOD, and analyzing the role assignment in GRC tools.
• Transported roles to other client using SE01, SE09, SE10, and PFCG.
• Maintained SAP system profiles in RZ10 and saw the current report RSPFPAR
• Used parameter values for applying company rules for password, no of active session, Multi-user login etc.
• Assigned roles to users to meet business and HR requirements using Authorization object P ORGIN, P ORGXX HR, P PERNR, P ABAP, PLOG, P APPL etc.
• Activated structural authorizations in OOAC (updates table T77S0).
• Created Structural Authorization profiles using tcode OOSP (updates table T77PR).
• Assigned regular Role Authorization via PFCG.
• Assign Structural Authorization profile to User Id by running report RHRPROFL0. But I did by using transaction SM30 to update Table - T77UA (User Authorizations = assignment of Profile to User).
• Created Organizational Plans by using PPOCE.
• Worked on Report RHUSERRELATIONS which tells the authorization profiles exiting for the user.
• Implemented SAP HR Symmetrical Double Verification
• Migrated BW roles to portal and edited the roles in role editor in portal.
• Created role on the basis of position and structural authorization and assigned to the users.

Confidential

Sap Security Consultant

Environment: SAP ECC 6.0, Portal 7.0, BI 7.0, and Solution Manager Implementing-partner: Accenture and Sap America.

Responsibilities:

• Customized sap standard roles in PFCG and assigned to users.
• Created customized roles to meet business requirement.
• Requirement gathering, Design, Development, and Maintenance of SAP application security and sap roles.
• Created customized authorization objects and fields to have full control on user data access. Provided solutions to complex authorization problems.
• Used both general and structural authorizations to meet business requirements.
• Designed new roles by discussions with functional consultants.
• Running of Sod risk analysis (at Auth object level and tcode level) whenever there is Role creation, role change or role assignment to a user.