SUMMARY

• SAP Security and GRC Specialist with 10Yrs of experience in Implementation, Upgrades and Operations Support on SAP S/4HANA, ECC, BI, Enterprise Portal and HANA DB.
• Extensively worked in Project development phases in Analysis, Design, Development, Configuration and Customization of SAP Security, ABAP Roles & GRC Solutions for various domains in multiple SAP Lifecycles.
• Rich experience in integration of SAP GRC 10.1 & Security Solutions for various SAP systems, such as - S/4HANA, ECC 6.0, HCM ESS/MSS, HR, BI/BW 7.3 (Analysis Authorizations), BOBI 4.2, SAP Solution Manager 7.2, Enterprise Portal Security, SAP Process Orchestration PO 7.5, GRC 5.3 migration, HANA DB Administration, SAP Gateway Server, FIORI Apps etc.
• Prepared presentations for Project Kickoff meetings, designed Blueprint by conducting workshop presentations in requirements gathering phase, and prepared GRC 10.1 & ABAP Roles design documentation for Signoffs, prepared test scripts for UAT and End User training documents for the repository.
• Experience in preparing project documentation & templates - Business Blueprint, Process definition, Role Definition, Business Requirement and SOD Matrix etc.
• Implemented Lean/Six Sigma processes to optimize the run services and improve productivity savings.
• Performed the role of SQA (Software Quality Assurance), QMP (Quality Management Plan) and Continuous Improvement plan within the SAP project landscape.
• Worked as a Configuration Manager and entrusted with maintenance of all project artifacts.
• Experience in SAP S/4HANA Security User administration, Role administration, Authorizations and Privileges
• Identified and defined all privileges types (System/Object/Package/Application/Analytical) at user level
• Technical hands on Experience in SAP GRC Access Control and Process Control 10.1 Suite in Implementation, Automation, upgrade experience and with GRC AC 5.3 Suite (CUP, RAR, ERM, SPM).
• Worked on SAP GRC Access control and Process control to automate tools for managing an internal security model, remediate compliance issues, and monitor potential business risks within an SAP system.
• Worked on SAP Procure to Pay (P2P) Process Analyzer to track procure to pay transactions, and identify exceptions to business rules on a continual basis.
• Have extensively worked on configuring MSMP & BRF Plus rules in GRC Access Control 10.1. Designed and implemented workflows for business scenarios for User management, Emergency access management.
• Experience in implementing SAP CUA (Central User Administration) functionality within customer landscape.
• Created an Audit Risk Rating to find the set of auditable entities and risk factors.
• Successfully executed around 10 annual Security Audits with external and internal Audit teams and initiated immediate remediation plans.
• Strong knowledge of multi system landscape architecture and integration aspects in implementation of complex security framework and SAP Role matrix using the SAP Authorization Concept in Profile Generator tool (PFCG).
• Thorough understanding of Sarbanes-Oxley (SOX) Act (Section 302 and Section 404) and also experience in Segregation of Duties (SOD) and Audit Compliance Standards.
• Excellent knowledge in profile-based security, structural authorizations, Computer Aided Test Tool (ECATT/SECATT).
• Knowledge on BOBJ Security Administration.
• Expert in User Tracing and Troubleshooting User Authorization issues using SU53 and ST01.
• Experienced in producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*).
• Extensively worked on HR Authorization Objects like P ORGIN, P ORGXX, P ORGINCON, and P PERNR etc.
• Worked on BI 7.3 Security in creating, maintaining Analysis Authorizations using RSECADMIN tool.
• Experienced in managing teams with full responsibility of maintaining high level of Response & Resolution SLA for clients.
• Experience on Creating EC2 instances on AWS Cloud platform and experience on AWS Console
• Hands on experience on System/Instance Status Checks to detect problems that may impair with the instances.
• Monitored Cloud Watch alarms & metrics.

TECHNICAL SKILLS

SAP: S/4HANA, SAP ECC 6.0, SAP GRC AC & PC 10.1, GRC 5.3, SAP Security Authorizations, User & Role Administration, CUA, Data Migration, SOD Matrix.

Data Base: HANA DB, Oracle, DB2, SQL Server, MySQLService Management Service Now, BMC Remedy, HPQC, HP-ALM, ITSM, CHARM

PROFESSIONAL EXPERIENCE

Confidential, Cary NC

SAP GRC Lead

Responsibilities:

• Worked with key stakeholders in preparing and presenting for the implementation project of GRC AC 10.1.
• Gathered project requirements and designed blueprint for GRC 10.1 to integrate with S/4HANA system on premise, HANA DB, Solution Manager, Process Orchestration 7.5 and BOBI 4.2.
• Prepared presentations for Project Kickoff meetings, designed Blueprint by conducting workshop presentations in requirements gathering phase, and prepared GRC 10.1 & ABAP Roles design documentation for Signoffs.
• Prepared test scripts for UAT and End User training documents for the repository.
• Worked with the functional area owners to gather security requirements and ensured delivery of SAP Security Roles.
• Configured GRC AC 10.1 Post installations and configured ARA, EAM, ARM, BRM.
• Created Connectors for all the systems within the landscape and integrated all SAP systems.
• Collaborated with SAP implementation teams to design an appropriate SAP IT control structure that addresses information security and IT regulatory risks.
• Designed & Documented S/4HANA ABAP Roles as per the line of business requirements.
• Designed and created all types of SAP Single, Master, Derived, and Composite Roles.
• Created roles restricted to Org and Non-Org authorizations using Profile Generator.
• Maintained all supporting documentation related to the security design.
• Worked on SOD risks by eliminating them using GRC.
• Adjusted SAP security role defects during and after the implementation efforts.
• Designed and Created Security Roles that are free from SOD conflicts and increased transparency related to authorizations.

SAP Security Lead

Confidential, Benton Harbor, MI

Responsibilities:

• Worked with the functional area owners to gather security requirements and ensured delivery of SAP EWM Security Roles.
• Designed and Created Security Roles that are free from SOD conflicts and increased transparency related to authorizations.
• Created and Restricted Org and Non-org authorization values in Master and Derived roles using Profile Generator.
• Re-evaluated the SAP role design for any excessive access and large number for segregation of duty (SOD) conflicts.
• Ensured SU25 security post installation activities using SAP standard methodology prior to production movement.
• Leveraged SAP GRC tool to ensure SOD restrictions maintained throughout the system.
• Gathered
• Gathered emergency access requirements and Designed Firefighter ID usage for the SAP EWM system.
• Created Security Roles for Firefighter ID's usage.
• Working on HANA database roles buildup activity.

SAP Security & GRC Consultant

Confidential, Lancaster, PA

Responsibilities:

• Detailed Analysis of multiple SAP Systems and Security setup functioning in USA, Europe comprises of various landscapes I.e. SAP ECC, GRC, HR, APO, CRM, SOLMAN, BI, BPC and Portal systems.
• Defined and derived the realization of best in class enterprise security architecture in multiple phases concerning implementation of SAP GRC 10.1.
• Worked closely with IT and key business thought leaders to ensure delivery of secured application access throughout the organization.
• Created the documents and templates for tailoring out the requirements for GRC 10.1 AC & PC modules - ARM, ARA and EAM.
• Worked on SAP Procure to Pay (P2P) Process Analyzer to track procure to pay transactions, and identify exceptions to business rules, on a continual basis.
• Also Worked on SAP Order to Cash (OTC) Process Analyzer to continuously monitor controls in SAP order to cash process, from sales order entry through shipping, invoicing and payment.
• Activated BC Sets for ARA, EAM, ARM, & BRM.
• Worked on GRC 10.1 post-installation activities & maintained security parameters for EAM, ARA & ARM tools.
• Configured MSMP workflows for different user provisioning scenarios i.e. New, Change, Lock and Unlock user accounts. Created complex BRF plus rules and workflows to meet the user management scenarios.
• Maintained Rule Sets, Function ID’s & Risk ID with Risk Owners and generated rules for the Risk ID.
• Defined process and ownership of the Risks and Functions.
• Configured Parameters for EAM & Mapping of Owners, Controller and FF Ids etc.
• Running and publishing various SOX reports like, UAR, Critical Actions, SOD, Critical Permissions, Firefighter Log Review, 90/360 days Inactivity, and SAP Security Parameters. Also worked on Security Patch Review, Table Log Review, DDIC Activity, SAP ALL, SAP NEW Access, access to modify logs.
• Analyzed existing roles and recommending the changes required
• Analyzed SAP BI Security platform and created/maintained Analysis Authorizations using RSECADMIN tool for all BI business modules.
• Assisted technical teams and developers to ensure consistency within company data security policies.
• Worked on SAP Audit tools (SM20, SM19 and SM18).
• Worked with various functional and audit teams to setup the SODs and defining Rules and Risk IDs.
• Prepared Roles and SOD matrix to comply with company’s and SOX policies guidelines

Confidential

SAP Security & GRC Lead

Responsibilities:

• Strong knowledge of designing of roles & authorizations and implementation of complex security framework and role matrix for SAP HANA Enterprise platform.
• Created New users/modify existing users in HANA DB and S/4HANA
• Identified the necessary object privileges / system privileges/package privileges/SQL Privileges required for each user (Developer/functional/Business Users etc.) and add them to the roles/user profile.
• Experienced in all administrative tasks related to HANA Security
• End-to-End Role Administration - Which Includes Creating Roles in PFCG, generating profiles, SU24 changes to Authorization Objects, Creating Authorization Groups, Analysis of Critical Authorization Tables, Analyzing Missing Authorizations and security support during Go-Live activities, Adding Authorization Objects Manually, User Master Reconciliation, Transporting Authorization Objects etc.
• Complete User administration -- Which includes Administering Authorized Users (add/delete/lock/modify), Security Validations for New Releases, assigning User Groups, Performing User Export/Import, modifying user data (basic user data, user default, active and expiration dates), Modifying user authorization access, Analyzing User authorization errors using SU53 and ST01. etc.
• Configured MSMP workflows IN GRC 10.0 for different user provisioning scenarios like new, change, terminate, lock and unlock user accounts, create complex BRF plus rules and workflows to meet the existing user management processes.
• Assists with the management of improvement initiatives from a structural, functional and organizational change management perspective.
• Provided trainings on Company QMS (Quality Management System) and CMMI concepts.
• Conducted unit, user acceptance and system integration tests. Documented defects in HPQC, resolve the defects, document the test results, gather test signoffs, prepare cutover and go-live strategy, create user guidance documents for user interface with SAP and GRC systems, create work SOPs and work instructions for support teams, provide post go-live support.
• Conducting meetings with business and functional teams to finalize rule sets, workflows and master data for user and role provisioning, role authorization and position matrix.
• Implemented Emergency Access Management for handling fire fighter IDs, configured automatic workflows for managing emergency ID assignment and review of the firefighter logs, build firefighter IDs in remote systems, identify FF owners and reviewers and schedule batch jobs for log generation.
• Work with compliance managers/leads to review the reports and facilitating in eliminating SOD risks and creating and maintaining mitigation controls.
• Extracting and analyzing various system reports (UAR, Critical actions, SOD reports, Security parameter settings, etc.) to make sure the SAP systems are compliant.
• Understanding existing HR Structure &Authorization system setup by closely monitoring activities in HR system.
• Designing HR Authorization concept which best suites the client’s need. Analyzing and adjusting ESS/MSS roles.
• Have worked extensively on BI Security creating, maintaining Analysis Authorizations using RSECADMIN tool.
• Troubleshooting BI authorization related problems using RSECADMIN and Transactions RSD1, RSA1.
• Cleaning up of roles and profiles, which are not in use.
• Extracting, analyzing and providing various reports to Business stake holders - Weekly, Monthly, Quarterly, Semi-Annually and Annually.

SAP Security/GRC Consultant

Confidential, Fort Worth, Texas

Responsibilities:

• Worked with the business area owners and business analysts to gather security requirements, assist in designing and building appropriate role-based security for the SAP environments including role definition and job/position mapping.
• Integration of different components of GRC Access Control ARM, ARA, EAM.
• Carry out configuration tasks in development which also includes post installation configuration steps and steps for implementing GRC as per design documents
• Centralized Emergency Access Management, Provision & Manage Users, Design & Manage Roles.
• Integration GRC Access Control for User Authentication & User Details repository (LDAP)
• Analyzing existing authorization objects and recommending the various other authorization objects to make use of as per need.
• Analyzing and adjusting ESS/MSS roles.
• Created, generated profiles, Authorizations, object classes, objects, and roles and assigned to user master.
• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles.
• Used SU24 for maintenance of authorization objects/keys in transaction base.
• Transported profiles between clients and within R/3 system landscape, performed transports and mass transports of roles.
• Management, User administration monitoring, User Tracing and Troubleshooting User Authorization issues using SU53, ST01 & SUIM.
• Worked on remediation and assist in elimination of Segregation of Duties (SOD) conflicts inherent within the International paper SAP security Model.

SAP Security/GRC Consultant

Confidential, Texas

Responsibilities:

• Maintained User master record using SU01, including complex design restrictions.
• Mass user creation using SU10.
• Role creation/ modification using Profile Generator (PFCG) including complex design restrictions.
• Expertise in resolving Authorization issues by analyzing Authorization Checks.
• Troubleshooting user access through authorization error analysis (SU53, SU56) and System Trace (ST01).
• Worked on audit logs using SM18, SM19 and SM20.
• Restriction of Org and Non-org authorization values in Master and Derived roles
• Maintained authorization groups for all the required tables in the table TDDAT
• Proficient in working with the tables USR*, AGR* and USH*.
• Performed risk analysis at User level and Role level to mitigate risks for the users using Risk Analysis and Remediation (RAR) tool.
• Automated workflow for user maintenance using auto-provisioning tool Compliant User Provisioning (CUP).
• Assigned firefighter controller to the firefighter ID and mapped to distribute Fire Fighter logs to owners.

SAP Security/GRC Consultant

Confidential

Responsibilities:

• Preparation of project estimations, identifying resources from within the team for the work in projects.
• Review application security requirements for roles and authorizations and document security designs.
• Extensive experience in User & Role administration.(Single, Composite & Derived Roles)
• Role Administration (new creations/modifications/remediation) by using PFCG
• Add/remove the excessive access from the existing role at organization values level.
• Secured roles by Company Code, Plant, Cost Centre, Profit Centre, and Purchasing Organization etc. to avoid cross country access.
• Worked on BI Security creating, maintaining Analysis Authorizations using RSECADMIN tool.
• Troubleshooting BI authorization related problems using RSECADMIN, RSD1 and RSA1 Transactions.
• Coordinated overall UAT testing of the Re-design Security project.
• Preparation of reports (Daily/weekly/monthly) for the work done by team.
• Coordinating with offshore client team and onshore client team via daily/weekly calls for the inputs and suggestions.
• Actively participated in preparing work-instruction documents for the projects.
• Providing weekly/monthly updates to higher management and business.
• Analyzed the existing roles and Performed Remediation on cross-country access.

SAP Security/GRC Consultant

Confidential

Responsibilities:

• Extensively used Automatic Profile Generator (PFCG) to create roles/profiles for various modules such as HR, MM, SRM, BI/BW, and SOLMAN etc.
• Good Experience in tool SU24 for maintenance of authorization objects/keys in transaction base.
• Transported the generated roles and profiles using SAP transport management system.
• Creation and Modification of User Master Records for Project and End Users.
• Management, User Administration Monitoring, User Tracing and Troubleshooting User Authorization issues using SU53 and ST01.
• Worked on BI Analysis Authorizations using RSECADMIN Transactions.
• Providing particular accesses to SAP to analyze critical errors, providing with OSS Connection open, and updating the password details in secured area.
• Experience in user administration 7x24 on call production support, quick turnaround for end user requests, and Helpdesk support for user administration.
• Working knowledge of Segregation of Duties (SODs) analysis and auditing requirements.
• Providing Extended Accesses, based on problem situation and SU53 dumps according to business justification provided.
• Worked on creation and Maintenance of Fire Fighter (VIRSA) user IDs for Critical Authorizations for Project and End Users.
• Performed user maintenance tasks, User creation, deletion, lock down, activation, password management tasks and ran various user administration reports.
• Worked on CUA as a Security administrator.
• Worked as part of remediation team and assist in elimination of Segregation of Duties (SOD) conflicts inherent within the International paper SAP security Model.