SUMMARY

• Over 20 years of experience in Information technology, with specialization over 10years in SAP Security design and Authorization
• Experienced with SAP Support and Developing Security Strategies for R/3 (4.5 - 4.7), ECC 5.0/6.0, HR/HCM(ESS/MSS), BW/BI (BI 7.0, BW 3.5/3.1/3.0), HANA Studio, Portal and NetWeaver 2004s, GRC (5.3/5.2), SRM 6.0/4.0, CRM 7.0/5.0, SCM 7.0/5.0, PI (7.1, 7.0), HCM/HR, and Solution manager 7.1/7.0.
• Managed multiple SAP life cycle implementations, production support and upgrade projects.
• Broad experience in maintaining single, composite, and derived roles using Profile Generator (PFCG) in SD, PP, MM, FI, CO, APO (SCM), CRM modules
• Implemented both Role Based and Position Based security models
• Hands on experience in configure/maintain user maintenance (SU01)
• Extensive experience with resolving ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
• Experience in development of Structural Authorization.
• Experience in analyzing the authorization problems using System Trace (ST01) and Authorization Data (SU53).
• Involved with Security Design of HANA Object privileges, Package privilege, Analytic privileges - Attribute views, Analytic views, Calculation views and Roles. Implemented SAPHANA User Security and Management using HANA Studio, DB and Application Cloud, HANALifecycle Manager, Command line interface
• Designed and Implemented security for SAP BODS Business Objects Data Services / Data Integratorand Business Objects Enterprise XI 3.0 / 3.1
• Extensively used authorization dependency viewer within SAP HANA Studio (Information Models) totroubleshoot authorization errors for object types that typically have complex dependency structures likestored procedures and calculation views.
• Worked on Core SQL-Based Security Roles for Modeling and Monitoring with the SAP HANA database.
• Good understanding and experience with BODS - Data Integrator Scripting Language and variables.
• Involved in Granting and Revoking Privileges, SQL Privileges on HANA Activated Repository Objects.
• Worked on BOBJ Explorer using transaction RSDDTPS and restricting the users to run queries using info objects.
• Worked on Implementing Rights controlling user access to the objects, users, applications.Knowledge and experience with other BODS System Management Tools - Management Console,
• Extensive experience in ESS / MSS, Direct & Indirect Role Assignment, Org, Position and Context solution, Time management. Payroll, PD / Structural Profile, User Administration, HR tables and Info types, User Index.
• Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined process controls and standards
• Strong organizational and communicational skills combined with an aptitude to work both as a team member as well as an individual with minimum supervision, good work ethics, quality service, and proven results.
• Extensive interaction with business leads for requirement gathering and task initiations.
• Troubleshoot CUA issues like Address inconsistency, IDoc post processing and CUA refresh process. Involved in the complete process of removing a client and adding a new client to the already existing CUA.
• Designed Security Strategy for BW 7.0 and BW 7.3 security for various types of users
• SAP Fiori security administration
• Administer Developer keys, S-User IDs, SAP Support access, technical users (Batch, System...).
• Responsible for Functional and Technical design documents
• Based on the requirements from the business, proposed functional recommendations and provided documentation
• Based on the Functional design, created a technical design document and recommendations.
• Prototyped various new functionalities responsible for the technical design.
• Designed and built various Analysis authorizations based on the requirements from business with RSECADMIN on BW 7.0 and BW 7.3
• Provided security around various BW objects, Info cube, Info area etc
• Worked on Governance, Risk Management and Compliance (GRC) 5.3 Access Control Suite, End to end workflow configuration for CUP (Initiator, stages, Path, detour etc)
• Risk Analysis and Remedies (RAR) Reports SOD Violations, Critical Actions, Critical Roles by Risk, Critical Roles by Risk, Mitigating Controls by User.
• User Identity Management (UME) for user’s administrations
• User and Role administration using Java UME for GRC
• Updated roles for various groups with Ariba authorization objects such as /ARBA/PROG, /ARBA/RFC and business partner authorization objects such as B BUPA RLT, B BUPA BZT.
• Creating Incidents and maintaining OSS connections for customer support from SAP
• Monitoring CUP for pending Requests and delegating them to team members on a daily basis.
• Implemented BI/BW Analysis Authorization using RSECADMIN, granting access to Multi-Providers and restricting access by company codes, plants, distribution channels and hierarchical restrictions.
• Assigned Analysis Authorization objects to roles using S RS AUTH Authorization object.
• Restricting access to reporting users by assigning display and execute permissions and power users by assigning maintain authorizations using S RS COMP & S RS COMP1 and other objects to grant access to relevant queries and reports.
• Created Authorization group to group all Ariba tables into one umbrella for better control and security to be maintained through SM30.
• Setup TestIDs and managed SAP security authorizations test defects for Unit Testing, Integration Testing and User Acceptance Testing (UAT).
• Used Enterprise Portal 7.0 User Management Engine (UME) to create Enterprise Portal users and user groups, assign roles/user group to the users, Lock/Unlock Users, User Mapping in all SAP Systems and import/export users
• SAP BI 7.0 Security, used Bex Analyzer and BI Transaction RSECADMIN to create and assign analysis authorization by Characteristics, Attributes, Characteristics values, Hierarchies, Key Figure, Infoarea and Infoobject level, Infocube, ODS, PSA, Query, Infoproviders and Workbook for SAP BI Reporting users, BI users, SAP BI Administrators and Query Users.
• Maintaining authorization group for restricting table access to end users
• Extensively worked on SU24 changes for SAP standard transaction codes and Custom transaction codes.
• Executing Computer Aided Testing Tool (CATT) reports to update Org levels.
• Managing user administration 24x7 on call production support, quick turnaround for end user requests, and Helpdesk support for user administration.
• Documented SAP Security Administration policies, procedures, and change management controls.
• Triaging the Request Center, ISM tool and assigning requests to various individuals based on priority & criticality

TECHNICAL SKILLS

Technology: SAP R/3, BI, SRM, CRM,HR,SCM, MDG, SAP Portal, SAP MDM

Version: SAP R/3 4.7, ECC 6.0, SRM 4.0, BW 3.0, BI 7, GRC 5.3 & GRC AC 10.0

Tools: Service Now, HP Service Manager 7, Maximo-Service Request, SAP GRC - CUP, RAR, SPM

SAP Security Skills: User and Role administrations, Role redesign, Rollout of security roles, Implementation of SAP Security in projects, Auditing per SOD Remediation and SOX Compliance, SAP Security troubleshooting, analysis and recommendations, SAP Licensing of users, Role cleanups Define, design and document support policies, procedures and guidelines.

Portal Security: User administrations, creating portal groups and assigning portal groups to users, creating portal roles for Basis team, security team and portal developers

PROFESSIONAL EXPERIENCE

Confidential, New York, NY

Responsibilities:

• Role designing for new projects following proper naming conventions and robust security standards.
• Reviewing SAP Security and documenting the recommendations and providing suggestions to implement best SAP Security solution.
• Role re-design for the existing roles which were poorly designed.
• Provisioning users using Central User Administration on multiple non-production systems
• Role regeneration for the S/4 HANA upgrade project to identify irregularities and correct them and assignment of proper access controls for newly introduced transaction codes and authorization objects within the roles
• Resolving GRC issues and educating users, managers and owners with proper use of tool for Access Request submission, Risk Analysis and so on.
• Maintaining SOD Rule sets and mitigating controls for Access Control to identify risks and notify violations.
• Created and maintained Mitigating Controls to exclude certain risks for which the business had, in system and out of system controls.
• Master Data setup for Emergency Access Management for approvers, controllers, internal auditors and users along with firefighter user ids for firefighters.
• Securing Firefighter user ids from unauthorized access by creating user exit for the firefighter user ids.
• Setup batch jobs for generating Crystal Reports, Table format reports for Risk Analysis, etc.
• Setup of batch jobs to synchronize roles, profiles, users and roles from repository.
• Configuration for automatic provisioning of users, roles directly to user master record.
• Providing BW and BOBJ security support to the development teams and end users
• GRC administration for Access Controls and Process Controls
• Role creation, user provisioning and providing support for UME or Portal Security.
• Provisioning users using Central User Administration on multiple non-production and production systems
• Running CATT (SECATT) scripts for mass provisioning of users and role assignments.
• Role building for various markets restricting the user’s access to their respective markets in line with the business needs. Building roles for processes such as order to cash, procure to manufacture, make to deliver, procure to pay, record to reports involving modules such as FI/CO, SD, MM, PP, SCM, CRM, GTS, APO, HR BI-BOBJ and so on.
• Administering UME Security for eSourcing to maintain suppler details, Portals, etc.
• Configuring and maintaining RFC connections to establish communication between various SAP systems within the SAP System Landscape and also to establish communication with non-SAP applications.
• Creating Incidents and maintaining OSS connections for customer support from SAP
• Created new roles for Fiori
• NWBC Security and SAP Fiori Security
• Configured CUA to connect various systems to Central system for user and role provisioning.
• Created logical systems for Central and Child systems and assigned clients to the logical systems.
• Migrated users from central to child systems or vice versa accordingly.
• Maintaining CUA and provisioning of users via CUA into various child systems.
• Performing text comparison to import roles from child systems to CUA client.
• Troubleshooting IDOCs using SCUL to identify the reasons for user master records or roles not being assigned to the child systems.
• Troubleshooting the system connectivity issues and for authorization error using SM59.

Confidential, Philadelphia, PA

Responsibilities:

• Revised operational business processes by ensuring security, controls considerations and requirements.
• Defined and designed SOPs (Standard Operating Procedures) for SAP Security support and enhancements.
• Worked with functional team for identifying the key areas for restricting user access via transaction or object level.
• Used CATT scripts to create mass user accounts, create new derived roles, updating org values, assign roles to user.
• Lead and diligently completed the SOX Security access reviews by coordinating with various global role & business owners adhering to tight deadlines, which was successfully certified by external auditors.
• Streamlined the pending role changes and brought the SLA to overall 95%
• Analyzed& created BI analysis authorization object using RSECADMIN
• Effectively managed different tracks of multiple projects.
• Effectively maintained knowledge base repositories to better analyze, troubleshoot and resolve recurring and new issues with lesser response time.
• Worked with the Business Stakeholders at client side for requirement gathering and provide feasibility analysis
• Tested and implemented HR and BW Hierarchy Security to restrict BW data at Info Cube level.
• Created security role design matrix according to the business requirement.
• Involved in testing by tracing the authorization issues and change management phases.
• BI - use of RSECADMIN for user trace, auth. changes
• Designed roles for c-Folders
• Designed SAP Security architecture to integrate the requirement of multiple systems - SAP R/3, CE Net Weaver Portal, SAP MDM and SAP CRM, SAP MARS, SAP SCM, SAP PI, SAP SRM
• Designed Security Functions-to-Role design matrix as per the business profiles in adherence to SOX compliance.
• Proactive support with technical and business go-lives.
• Provided cutover & warranty support
• Created handover, technical and value add documents.
• Interact with functional and technical team leads on new requirement of Change requests.
• Analyze and provide effort estimation and allocation of work within Security resources.
• Analyze authorization issues and guiding client with best proposed solutions
• Assist in role cleanups, SAP licensing of users, RCA for incidents.
• Worked with both - internal and external auditors in SAP system audits.
• User and Role administration of SAP and portal systems.
• Worked on role setup on CPS (Central Processing Scheduling) Tool
• Worked on Portal security to setup roles, groups, user administration
• Made SU24 changes for the transactions to be adding as per the requirement.
• Creation of new R/3 and BW roles with developed specific for plant based on reference composite roles as per the project requirement
• Built, Tested and Implemented SAP Security roles and authorizations for various landscapes using the SAP authorization concept by Profile Generator (PFCG) based on the service request approval.
• Created and executed SECATT/SAP scripts to automate continuous process like mass user, role, SU24 changes, updating organization values etc.
• Role creation (As per Plants, Sales Org, Cost center, Profit Center).
• Resolving tickets arising in Maximo Service request, Request Center Request (RCR) by the different customers.
• Month end activities (Taking reports of the expired roles and inactive users and deleting them.)
• User administration using Central User Administration (CUA) on a multiple systems landscape

Confidential, Auburn, IN

Responsibilities:

• Worked with functional team for identifying the key areas for restricting user access via transaction or object level.
• Used CATT scripts to create mass user accounts, create new derived roles, updating org values, assign roles to user.
• Supported Go-Live and hyper care issues for WAVE 5, WAVE A project.
• Experience with GRC 5.3 and resolve the SOD conflicts in role based on RAR analysis.
• Experience with GRC 5.3 CUP and helped end users to create request and then assign the complete the request based on proper approval.
• Handle security tickets for Europe and North America business users.
• Managed security on Dual landscape systems (15 systems) to make sure the all the roles are in sync and users access is as per IT Matrix.
• Secured custom program using program authorization group
• Secured custom table using table auth group.
• User administration using Central User Administration (CUA) on a multiple systems landscape
• Secured BW reporting users using analysis authorizations in BI 7.0, BI 7.3 using the new security tool RSECADMIN.
• WAVE 5 implemented Security for 3 plant in Germany
• Upgrade from BW 7.0 to BW 7.3
• WAVE A implementing security design for US, Canada, Mexico
• Implemented profit center level security in Finance module using K PCA for WAVE A project.

Confidential, Holtsville, NY

Responsibilities:

• Analyzed and made recommendations for the redesigning the single roles.
• Led requirements gathering workshops for restricting display access to Sales and Finance users in ECC.
• Worked with functional team for identifying the key areas for restricting user access via transaction or object level.
• Performed checks for security related issues and troubleshooting using SU53, ST01.
• Performed mass changes in user accounts by using SU10, such as creating mass users, assigning roles to more than one user.
• Secured various authorization objects, info providers, info areas and info objects, and creation of various analysis authorization objects and corresponding roles for these objects on BW 7.0.
• Used the tool SUIM extensively to create reports on users and roles, to do a comparison between roles, to check change record history of roles and users.
• Used transaction code SU24 to find out the authorization objects for transaction codes & vice versa.
• Extracted information from SAP tables like AGR DEFINE, AGR USER, AGR TCODE, USR02 concerning users, roles & profiles.
• Used CATT scripts & Microsoft Excel to create mass user accounts, assign user groups and roles.
• Performed locking and unlocking as per user and departmental requirements.
• Performed Upload and Download of roles as per requirements.

Confidential, Philadelphia, PA

Responsibilities:

• Analyzed the SAP Systems and provided recommendation to clean up and maintain the SAP positions and user profile
• Responsible for the developing single/composite/derived roles using the Profile Generator (PFCG).
• Conducted business meetings to create new roles and update the existing roles for organization management
• Removed all the APR, LAR plants and associates codes like Company code, sales org, shipping point, valuation area etc from all the roles where ever it exists
• Conducted meetings with business and functional team (SD, MM, FI/CO, PU, WM, IP) to gather requirements for generic, derived and composite roles to implement the role- based security
• Designed and implemented role and positions based (indirect role assignment) security.
• Created Custom authorization objects and authorization fields.
• Closely worked with functional team for resolved UAT defects in timely manner.
• Analyzed the report generated in SU53 to find out the missing authorizations and resolve the User issues.
• Worked on various Roles and eliminated the Transaction Codes which are causing conflicts from those Roles.
• Utilizing system trace (ST01), authority check (SU53), debug mode to analyze and fix Problems related to Security
• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Created Transports in Development and imported into Quality and tested thoroughly before importing into Production.
• Production Support for all SAP user’s authorization and access issues around Europe, Asia and North and Latin America
• Running PFUD for updating User Master Records on daily basis in all Systems.
• Executing CATT / SECATT scripts for automating few activities like derive roles generation.
• Checking for Segregation of Duties (SOD) and Intellectual Property (IP) Issues.
• BW Security
• Designed Security strategy and also responsible for Functional and technical designs and provided documents.
• Migrating old BW roles to new BI 7.0using the program RSEC MIGRATION and responsible for design and creation of new roles upon business and IT requirements passing the SOX AUDIT.
• Expert in using RSECADMIN and building Analysis authorizations that are new to BI 7.0 security.
• Troubleshoots efficiently during implementation phase.
• Responsible for Cut-over security activities.
• HR Security -
• Configured SAP HR/ECC Security based on Technical Specifications
• Integrated Logon names and Personal Numbers and Positions for all HR Organizational management and HR Personal Administration
• Interacted with Portals configurators and developers in implementing Portals security for HR ESS and MSS
• Migrated SAP backend roles into Portals
• GRC 5.2 & GRC 5.3
• Helped in configuring Compliance calibrator by defining Critical roles, profiles and transactions
• Worked closely with internal audit and business in configuring custom transactions into different Functions (VIRSA) based on the SOD Matrix.
• Assisted in configuring RE by defining Role template structure, Role approvers.
• Used CC for Risk analysis during implementation phase and generated various reports.
• Checked for SOD conflicts under role and user level and ran different reports based on Critical actions and permission levels.
• Worked with business for Remediation of these conflicts and also worked with business for defining and creating Mitigation controls for different SOD violations and assigned these to different roles.
• End to end workflow configuration for CUP (Initiator, stages, Path, detour etc)
• Created Upload files based on data from all environments of SAP systems.
• Risk Analysis and Remedies (RAR) Reports SOD Violations, Critical Actions, Critical Roles by
• Risk, Critical Roles by Risk, Mitigating Controls by User.
• User Identity Management (UME) for user’s administrations.
• Super User Privilege (Firefighter) Transaction Usage Report, SoD Violations Report, Log Report.
• Good Experience in handling GRC considering SOD and SOX compliance.
• Successful Upgrade for GRC 5.2 To 5.3 and implementation of new GRC functionalities ie. CUPS, ERM, SUP, CC.
• New SAP Plant security configuration for manufacturing, warehouse, office, TOLL and Consignment Sites.
• Added new plant into Roles where ever the reference plant exists
• Cost center changes were done for new plant
• Created cost center hierarchy in BW for new plant
• Configured and delivered more than 80 New plants

Confidential

Responsibilities:

• Inventory control system: Developed software for inventory in FoxPro for SparkTek Tiles limited. The tool is for Maintenance of stock, order status, return items, Human Resource, Accounting system
• Software and hardware support for Mandal Revenue Offices in Rayalaseema Region.
• Installing & configuring of windows Server and Client operating systems. Managing user and group accounts.
• Administration and maintenance of Win 2000 and XP clients.
• Managing file & directory level permissions, Configuration of DNS, DHCP & Domain replications.
• VMWare Workstation 4.0 implementations at the Lab level Domain Server control and design.
• Implementing Security policies at different levels.