SUMMARY

• Over 12 years of SAP Security experience in leading various SAP Implementations and Upgrades with multiple full life cycle implementations for ERP 6.0/5.0/R/3 Security, SAP GRC Access Control Suite, HCM, BI 7.0/3.5, SOLMAN, Java Admin and Net Weaver Portals.
• Performed at Architect role piecing together all the components of SAP Security and Integration with HCM, IDM and GRC for a large implementation.
• Expertise in SAP GRC Suite (including GRC10.0) with multiple implementations and upgrades.
• SAP Certified GRC Access Control 10.0 and Security Application Consultant.
• Expertise in HCM Security (Org Management, LSO, E - Recruiting, Payroll, Benefits, Personnel Administration, Travel, Performance Module), with strong Structural Authorization experience.
• SAP IDM Implementation experience and sound knowledge on Identity Access and Management tools.
• Expertise in UME, Enterprise Portal Security, LDAP and FSCM Biller Direct.
• Expertise in implementation of Sarbanes Oxley Compliance standards, Worked extensively on Segregation of Duties issues.
• Worked extensively on Risk Analysis and Remediation (RAR), Compliant User Provisioning (CUP), Enterprise Role Management (ERM) and Firefighter (SPM).
• Experience with SAP NetWeaver IDM Implementation and Integration with HCM/GRC CUP for Provisioning.
• Provided SME in Security implementations and thorough knowledge in Authorization issues and user administration. Expertise in setting up CUA.
• Expertise with Security Audit Logs to run audit reports and possess strong skills in security implementation of R2R, P2P, HCM, BI and PI modules.
• Working knowledge in R/3 Basis, ABAP/4.
• Experience in multiple full life cycle security implementations for various modules such as HCM, FI, MM, PS, BI and GRC.
• Good Team Player, Strong Team Orientation & Leadership Qualities, hardworking and enthusiastic. Self-motivated and has proven ability to work in both independent and team environments

TECHNICAL SKILLS

ERP: SAP R/3 Versions from 4.0 to ECC 6.0

Languages: ABAP/4, C, C++, C#.NET and Java

Databases: Oracle, SQL Server, MS Access, DB2

Web Technology: ASP.NET, HTML, Java Script, XML

PROFESSIONAL EXPERIENCE

Confidential - Atlanta GA/Roanoke VA

SAP Security/GRC Architect

Responsibilities:

• GRC Implementation: Involved with Complete life cycle of Technical and Functional Aspects of the GRC project.
• Set up RAR, CUP, ERM and SPM Modules.
• Setup workflows in CUP for Role changes, Mitigation Control/Risk Changes and Role Assignments.
• Worked with Business to customize the Rule Set, Setup Mitigation Controls and mapping them to existing Risks.
• Performed and completed a PoC for GRC 10.0 for upgrade to Access Controls with focus on Business Roles.
• Configured and customized workflows in GRC Access Controls 10.0
• HCM Security Implementation: Worked extensively on LSO, E-Recruiting, Performance Review, Payroll Modules, and Setup Roles for those modules.
• Worked on Structural Profiles, Context Sensitive Authorizations, ESS/MSS Roles. Well versed with 2 PERNR Situation.
• BI Security Implementation: Setup BI Roles, Power User Roles with Analysis Authorizations.
• IDM Project: Worked closely with SAP IDM Consultant in setting up Repositories, Jobs and Tasks. Setting up EBRs. Gained experience with Full life cycle of SAP NW IDM setup.
• IDM-HCM Integration: Automated the employee provisioning and de-provisioning based on HCM attributes and position based assignment of roles.
• GRC - IDM Integration: Setup IDM to GRC-CUP Integration to ensure clean role assignment and Approval workflow is in place. PoC for GRC 10.0 with Business Roles and integration with IDM.
• R2R/P2P Security Role Review: FICO/MM Role Setup as per the Role Design and Performed Cross Work stream analysis
• Controls/Processes: Involved in setting up Controls and Processes for post go-live setup. Helped Management with the above.
• Portals/SSO Setup: Worked on Portal Role Assignment and Portal Role Mapping to backend ABAP Roles. Good knowledge on Federated/Consumer Portals. SSO Setup with SPNego Protocol and SAML Authentication.
• TDMS Setup: Worked with TDMS setup for Client copies and data scrambling.
• EhP6 Upgrade: Worked actively in EhP6 Upgrade from EhP4.
• Provided security support for SOLMAN, Change Management, ChaRM, PI, e-Rec.
• Production support for over two years with more than 50000 users in all the SAP Security areas.

Environment: SAP ECC 6.0; SAP Access Control GRC 10.0 and 5.3 (RAR, ERM, CUP and SPM), HCM (LSO, E-Recruiting, Nakisa, ESS/MSS and Payroll); FSCM Biller Direct; Solution Manager; SP Nego; TDMS; EhP6;

Confidential - Fort Worth, TX

Sr SAP GRC/ Security Analyst

Responsibilities:

• Performed GRC Upgrade from SAP GRC 5.2 to Access Control (GRC 5.3)
• Configured connectivity between the modules through Connectors, Web Services.
• Addressed problems with Risk Analysis in CUP and ERM during the Upgrade.
• Involved in applying RTA (HR and NonHR) Patches, Applying latest SPs.
• Executed test scripts in quality center to ensure the functionality is intact after upgrade.
• Performed post-Installation checks, uploaded initial files.
• Addressed configuration issues in all modules of Access Control Suite (RAR, CUP, ERM and SPM).
• Created test Mitigation Controls and recommended appropriate solutions to BO's to mitigate risks.
• Assigned Mitigation monitors, Reports to Mitigation Controls.
• Created Mitigation Owners, Monitors, Administrators in CC/RAR.
• Simulated for Risks with Roles, Users and suggested appropriate solutions for Role Changes
• Worked with Request Types, Workflows in Compliant User Provisioning.
• Helped BO’s in mitigating the Risks for provisioning roles to users through AE/CUP.
• Configured Auto Provisioning functionality in AE/CUP.
• Uploaded Roles, Modified Roles in ERM to Synch with the Backend.
• Addressed problems with Risk Analysis in RE/ERM.
• Scheduled Background jobs in SPM (Firefighter) to capture the activity performed by Firefighters.
• Assigned Firefighter IDs to Users
• Generated reports on Firefighter activity for Auditors, BO’s
• Role Development/Modification for SAP FI, HCM (Payroll, e-Recruiting and Personal Admin/Org Mgmt Roles), BI 7.0, Enterprise Portals.
• Worked on ESS/MSS Roles, supported 40,000 user base.
• Worked on HR Structural Authorizations and Org Management with strong understanding of HR Master Data Elements.
• Performed HR PD Security using Structural Authorizations: Used knowledge of HR concepts, Infotypes, Transactions, Organizational Management etc. for HR Security Model, ESS, MSS and Portal Security.
• Worked on FSCM Module (Biller Direct). Created Reference users/roles in it.
• Worked extensively on UME, Java Roles Administration.
• Gained experience in SOLMAN, LMS.
• Sound understanding in setting up SSO with SAP and Active Directory.
• Worked extensively on Custom Program/Table security.
• Created business roles for enterprise portals.

Environment: SAP ECC 6.0; SAP Access Control (GRC 5.3 - RAR, ERM, CUP and SPM), Java, and SAP GRC (CC 5.2), HP Quality Center 8.2 (Test Director), HCM 6.0; FSCM Biller Direct; LMS; Solution Manager; EP 7.0;

Confidential, Flushing NY

Sr SAP GRC/Security Architect

Responsibilities:

• Configure all modules of SAP GRC 5.3 - Access Control (RAR, CUP, ERM and SPM), Upgraded from CC to RAR.
• Worked extensively on mitigating Risks/SoDs by wrapping mitigation controls around them.
• Set up workflows in CUP to automate role provisioning and user master changes.
• Configured ERM Module and used the workflow from CUP to automate role change approvals from BPOs.
• Performed SAP Security work including set up of HCM Security Roles, Profiles and HR Structural Authorizations.
• Build and maintain the User/PD profiles across SAP landscape.

Environment: SAP ECC 5.0; SAP Access Control (GRC 5.3 - RAR, ERM, CUP and SPM), Java; LDAP, SAP CRM;

Confidential, Bristol, PA

Sr. SAP Security Consultant

Responsibilities:

• As a part of Role redesign, converted all job roles to function roles.
• Established JCO connectors to connect to multiple systems.
• Used Compliance Calibrator (CC) extensively to determine the risks associated with the roles.
• Worked extensively on eliminating 90% of the high priority conflicts.
• Trained business teams in creating Functions, Risks, Mitigation controls etc and running risk analysis.
• Met with Business Owners in all areas to explain the risks associated with the existing roles and remediated them using function roles.
• Documented and trained business teams in using firefighter. Scheduled firefighter background jobs to read firefighter logs.
• Used Firefighter extensively to grant access to Developers for assisting in debugging and troubleshooting problems in Production, Assigned Cutover access during Go-Live.
• Involved in continuous discussions with Business Owners for Role changes and Access issues.
• Eliminated risks associated with roles, wrapped Controls around them if they cannot be eliminated.
• Worked on Access Enforcer and Role Expert tools.
• Scheduled jobs to synchronize CC with the backend on daily (Incremental) and monthly (Full Sync).
• Involved in GRC upgrade (from 5.1 to 5.2).
• Responsible for setting up policies and procedures and delegated them to support team.
• Scheduled security background jobs and created batch user roles to be assigned to background user.
• Involved in 3 Go-Lives. Created Cut-Over Access for Developers to eliminate elevated access.
• Coordinated with programmers for maintaining programming standards for custom programs and custom tables.
• Submitted security reports on a monthly basis to management for review and assisted on user licensing. Monitored RSUSR100, RSUSR101, RSUSR102 reports daily.
• Traced all the transactions to check exactly which auth objects are checked against each transaction and configured for the same in SU24 transaction.
• Met with business teams in gathering org level information necessary for securing information against cross company codes.
• Created production master and child roles as per the formulated role design strategy.
• Worked on SECATT transaction to create multiple users.
• Created Variant Transactions for securing transactions by screen.
• XI Security: Configured roles for XI Administrators and Developers.
• Configured CUA and Maintained field parameters for central and child systems in CUA and set up partner profiles in child systems to receive IDOCs.
• Made all the CUA destinations trusted systems so that user change history will show the actual user name in history instead of the background user.
• Configured CUA parameters like user group and parameters such that central system pushes parameters to child systems.
• Configured Instance parameters for BW DEV QA and PRD systems.
• BW Administration workbench - BW Info cubes, Info objects, Hierarchy, Variables, Update and transfer rules, Info Areas, Info object catalog.
• Created custom auth objects to check against company code and other org levels when extracting data from info cubes when running queries against them.
• Made info objects authorization relevant in transaction RSA1.
• Used the new authorization component to secure the environment in BI 7.0 (RSECADMIN) for JRC.
• Authorized Characteristic and Attribute values.
• Secured Hierarchy and Key figure authorizations.

Environment: SAP ECC 5.0; SAP MM SD FI/CO BW UNIX, SQL Server, ABAP/4, Java, and VIRSA 5.1, SAP GRC (RAR, Privilege Mgmt, Compliant User Provisioning), Test Director 8.0.

Confidential, Chicago

SAP Security Consultant

Responsibilities:

• SAP R/3 and BW Security administrator over all the systems in the landscapes.
• Configured CUA for all systems in SOLMAN. (Dev, QA and Prod).
• Involved in the clean up process of the composite roles.
• Handled upgrade from 4.6c to ECC 6.0.
• Created roles on Enterprise Portals to restrict users to their respective content.
• Implemented SSO with SAP Logon Tickets.

Environment: SAP R/3 4.7; ECC 6.0; BW 3.5 CRM 5.0; EP 6.0;

Confidential, New York, NY

SAP Security Consultant

Responsibilities:

• SAP R/3 Security administrator over all the systems in the landscapes.
• Worked with SAP R/3 modules of FI CO MM SD.
• Blueprinting, Design and Development of SAP HR Security for over 1000+ users including 7,000 ESS users in different countries and Business Units.
• Migrated SAP 4.6c Activity based authorizations to Roles based Authorizations in ECC 5.0. Eliminated complex single and multiple profiles.
• Designed and Developed HR Authorizations using Infotype based Security. HR Authorizations included Organization Key and Personnel Area. Worked extensively with HR Authorizations objects such as P ORGIN, P PERNR, P ABAP, PLOG including Context sensitive Authorizations.
• Configured Structural Authorizations using the Organization Structure and custom created structural profiles were assigned to the SAP User IDs
• Assigned Authorization Roles to Positions. Changes in the Organization Structure are thus automated. Turned on the required Authorization Switches to activate the Authorization checks.
• Maintained Communication Infotype 0105 and subtype 0001 to map system username with Employee Personnel Number.
• Worked with Business Owners on access requirements, came up with an effective role design methodology. Created Job roles and Function roles accordingly, assigned them appropriately.
• Used CATT scripts for creating mass users and assigning roles to the user ids.
• Used Compliance Calibrator by VIRSA to define SOD violations.
• Used Compliance Calibrator tool extensively for handling SOD conflicts for each user and roles.

Environment: SAP R/3 4.6C, BW, HR, CRM 5.0, SQL Server, ABAP/4, Java.

Confidential, Boise, ID

SAP Security Consultant

Responsibilities:

• SAP R/3 Security administrator over all the systems in the landscapes.
• Worked with SAP R/3 modules of FI CO MM SD.
• Worked on HR Structural Authorizations and Position based authorizations.
• Worked extensively to clean the roles that have single transaction in a role.
• Was the key person to transport all the roles across the system including Development, QA and Production systems.
• Instrumental in setting up organizational and object level security for all Global Roles.
• Worked with Audit team during System Audit.
• Documented the changes that are made to the roles.
• Took active part in resolving the security issues during testing and Go-Live.
• Extensively worked on authorization groups for tables & programs. Worked on custom t-codes, area menu and basis-objects.
• Created custom auth objects in BW and included them in BW roles.
• Made info objects authorization relevant.

Environment: SAP R/3, 4.7, SAP CRM, SCM, BW, HR Security, MS, Office, MS Project

Confidential, DE

SAP Security Consultant

Responsibilities:

• Providing SAP R/3 Security Support for SAP R/3 3.1i, 4.6C
• Generated role matrices
• Creating end user roles as per the Organizational structure
• Creating user role using Automatic Profile Generator
• Created and modified Single roles, Composite roles and Derived roles
• Creating and maintaining user authorizations, roles and profiles
• Performed SAP security administration utilizing the Profile Generator to create, edit and delete roles & authorizations
• Supported users at different levels for the security issues in all functional modules
• Analyzed Business scope, user roles and developed user / role matrix for the better understanding of Security authorization plan
• Conducted a detailed study for SAP Security methodology for Security implementation in Head office and Plant
• Developed the Business workflow and Organization chart for the project
• User Administration for more than 8,000 users
• Worked with process experts on Segregation of Duties (SOD) issues.
• Created new activity groups as per Segregation of Duties requirements
• Interacted and had discussions with all levels of users for defining and developing user roles
• Developed procedure manual for the Security of the system, database, user authorizations, backup & recovery
• Worked closely with Audit team for SAP Security Audit and generated Audit Information Systems logs
• Troubleshoot security related problems

Environment: SAP R/3, 3.1, 4.6C, Oracle, MS Office, MS Project