SUMMARY

• Over 8 years of experience in SAP NetWeaver Basis/Security Administration & SOX Compliance.
• Led and involved in multiple SAP Security Design/Implementation and Upgrade projects following ASAP methodology on SAP R/3, ECC, BW/BI, GRC, SRM/EBP, SCM/APO, XI/PI, MDM, CRM, Enterprise Portals and Solution Manager systems.
• Experienced in SAP Security upgrades: to ECC 6.0 from SAP R/3 4.6C, to BI 7.0 from BW3.5 and to GRC 5.X from VIRSA Suite
• Implemented security procedures for user creation, maintenance and migration in client - specific user administration model and Central User Administration (CUA).
• Executed GRC Access Control Suite 5.X implementations (CUP, RAR, ERM, SPM) formerly known as VIRSA Compliance Suite (Compliance Calibrator, Access Enforcer, Fire Fighter)
• Championed Role redesign initiatives following Best practice methodology and Audit requirements.
• Experienced in Basis Administration functions including Support Stacks, Spool Administration, Background Jobs, Transport Management, Workload analysis, CCMS, System Monitoring and Performance Tuning.
• Led Stress/Volume Testing Project for upgraded ECC 6.0 environments. Used Automated Testing tools like Load Runner and QTP
• Contributed & prepared consulting responses to client RFP’s (Request for Proposal) by performing extensive requirements gathering and mapping requirements to potential solutions.
• Experienced and well versed in compliance requirements of multiple industry verticals such as Pharmaceutical & Life Sciences (GMP), Hi-tech, Telecom, Retail & Manufacturing
• Have proficiency in the development, documentation and implementation of regulatory, information security, and business continuity solutions for the distributed environment.
• Posses strong technical, analytical, and interpersonal communication skills to provide quality service and proven results

TECHNICAL SKILLS

SAP Applications: SAP R/3 Rel 4.X, ECC 5.0/6.0, BW 3.5, BI 7.0, GRC 5.X, SRM 4.0, SCM 4.0, CRM 2007

SAP NetWeaver 04/04s: WAS ABAP & J2EE Engine (620/640/700), EP 5.0/6.0

Languages: C++, Java, SQL

Databases: Oracle 9i/8i, SQL Server, MS-Access

Operating Systems: HP-UX, AIX, Sun Solaris, Red Hat Linux & Win2000/NT4/XP

Testing Tools: Load Runner, Test Director, Rational Suite, QTP

PROFESSIONAL EXPERIENCE

Confidential, South San Francisco, CA

SAP Security / GRC Consultant Lead

Responsibilities:

• Leading GRC 5.3 RAR Integration Initiative: Integration of Local SAP ERP Systems with Global GRC RAR
• Configuring technical connections, designing custom rule sets specific to local ERP systems.
• Integration with CUP for Risk analysis for user & role provisioning.
• GRC 5.3 Enhancements: Changed Configuration to remove Self service Approver Delegation in CUP
• Configuring Role defaults feature for access requests in CUP
• Configured Escape routs in CUP workflows.
• Support and administer SPM and CUP
• Created new Roles in SAP R/3 & new Analysis Auth Objects and roles in SAP BI 7 to meet requirements of the newly transitioned Business processes
• Documentation: Updating Design Documents, Knowledge base libraries, Control frameworks documents with the changes implemented in SAP GRC
• Leading Unique ID/ Password Project: Resolving multiple Id conflicts for users across the organizations which were a result due to recent merger

Environment: SAP R/3 4.7EE, ECC 6.0, BI 7.0, SRM4.0, SCM 4.10, GRC 5.3, SOL MAN 4.0, PI 2004

Confidential, Fort Lauderdale, FL

SAP Security Lead

Responsibilities:

• Proposed and developed Landscape Strategy, User Management Strategy, Standard Operating Procedures (SOPs), SoD Analysis and Remediation Approach based on SAP Best Practices for the GRC Suite.
• Worked with Internal Audit to formulate the IT General Controls Documentation for Security and GRC
• Performed Post Installation Configuration on the ABAP side (RTAs) and the Java side.
• Gathered and configured CUP (Access Enforcer) de-tour workflow requirements after demo of the Tool.
• Converted & migrated the existing VIRSA Compliance Calibrator 4.0 master data (Custom Rule set, Mitigations, etc.) to GRC 5.3 RAR
• Designed additional Custom Rulesets (preparing the Rule Upload files for Business process, Functions, Authorizations, Risk & Rule set).
• Designed and developed the GRC SPM (Fire Fighter) functional and Technical roles based on the inputs from business teams.
• Prepared Test plan & Test scripts to test the end to end functionality of all the components of the GRC Suite.
• Prepared and Executed Cut-Over plans for the GRC implementation.
• ECC, Solution Manger & CRM 2007 Projects: Conducted Blueprinting Workshops for gathering Security Requirements for ECC (FI and Supply Chain), Solution Manager & CRM’s E-Commerce modules
• Presented and Implemented 3 Tier Job Based Security Role Design.
• Assisted Functional and Business Teams to build Role to Transaction Mapping.
• Developed SoD free Single/Derived Roles and performed unit testing
• Documented the Testing and Training strategies related to Security Roles and GRC
• Configured CUA to new systems and clients in the Landscape.
• Extracted reports from Solution Manager for the In-Scope Transactions for the projects.
• Integrated ECC Security roles and CRM Portal for allowing users to create contracts, quotes and orders in backend ECC from CRM Portal
• Restricted access to Workcenters, Navigation and Direct Create Links in CRM2007 using UIU COMP
• Restricted access to Business Partners by Sales Area Data, Authorization Groups & BP roles
• Assisted in ARIS Business Process Modeling for the AS-IS and TO-BE processes
• BI 7.0 Upgrade: Upgraded the old BW 3.5 reporting authorization objects, roles and users to new BI7.0 system
• Formulated the Design and Implementation of Analysis Authorizations in BI 7.0
• Designed and implemented roles (Reporting, Power and Super Users roles) for new reporting areas.
• Performed InfoObject Maintenance using RSD1 (Defining authorization-relevant characteristics and attributes)
• Developed and managed Analysis Authorizations using RSECADMIN
• Worked with the Internal Auditors and Controls team to formalize Access, Configuration and SOX controls.

Environment: SAP ECC6, SRM, GTS, BW3.5, BI7.0 & GRC 5.3

Confidential, Atlanta, GA

SAP Security Lead

Responsibilities:

• Played a Key role in upgrading Security from SAP R/3 4.6C to SAP ECC 6.0
• Collaborated with Functional Teams to close the open authorizations in roles that resulted from SU25 Upgrade.
• Updated/Modified roles with the Transactions and auth.objects new in ECC6.0 in DEV and transported them to QA to perform UAT and then Production
• Resolved Authorization/Security Issues from UAT, GO-LIVE and post GO-LIVE phases
• Used the SOD analysis results to clean up the Role design and execute an entirely SOD free Role design
• Developed naming conventions for Mitigating Controls.
• Trained the IT and Business on Compliance Calibrator tool to run SoD analysis for Roles and Users.
• Designed standard operating procedures (SOP’s) for usage of FF tool.
• Built special Roles for the Firefighters with wide access to restrict the use of SAP ALL.
• Integrated the Compliance Calibrator tool into the Firefighter to automatically monitor and mitigate Critical Transaction usage.
• Was the Security point contact for all audit issues based on SOD and Assisted External Auditors by providing standard SAP reports on Critical Transactions/Authorization
• Performed user / role/ reporting authorization object maintenance for SAP SCM 4.0
• Adjusting InfoObject-level and InfoObject field-level security for the reporting users in SCM and BW.
• Designed/Developed new roles for SAP NetWeaver’s component MDM (Master data management)
• Used IBM Tivoli work scheduler for scheduling and monitoring SAP background jobs
• Lead Stress Testing Project (used Load Runner 8.1) for the new ECC6.0 environment.
• Created Load Runner automated scripts, executed Scenarios to simulate activity of 1200 concurrent Virtual users replicating Month-end close of Production
• Trained SOX Approvers from Business side on various important Security procedures.
• Trained 2 Full Time Resources on SAP ECC 6.0 Security right from the Basic fundamental levels.

Environment: SAP R/3 4.6C, ECC 6.0, SAP SCM 4.0, GRC 5.1, BW3.5 & BI 7.0

Confidential, Bellevue, WA

Sr. SAP Security Consultant

Responsibilities:

• Proposed & implemented 3 Tier Job Based, Master-derived Model as a role redesign approach for ECC 6.0
• Creation and Modification of roles using Profile Generator in Development System and transporting them to QA and Production
• Analyzed SOD conflicts with auditors and Designed, implemented, and tested plan to remove the SOD conflicts.
• Used VIRSA tool to review critical & sensitive transactions and authorizations, and implemented plan improvements to meet audit requirements.
• Used Firefighter to handle emergency situations.
• Configured Audit (AIS) and assigned AIS roles and authorizations to internal and external auditors.
• Implemented custom transaction codes for users who need access to t-code SA38/SE38 for a specific report.
• Maintained SU24 based on the company policies and used to maintain the user authorizations.
• Maintained portal users and created roles in R/3 system for upload to portal server
• Implemented HR Structural Authorization (Position Based).
• Created PD Profiles Using functional Modules using customized Evaluation Path.
• Built Security for MDT (Manager Desk Top) for Supervisors and for Proxies in HR.
• Developed BW authorizations for admin workbench and reporting.
• Defined and involved in Periodic BW Security Reviews and Assessment Process.
• Created and assigned authorization objects for reporting using RSSM
• Used SAP delivered templates and revised for BW admin workbench.
• Assigning t-code RRMX to power & end users, and RSA1 to administrators.
• Implemented authorization variable for authorization values at runtime.
• Tracing standard and custom authorization objects using RSSM and ST01.
• Worked with OSS (SAP Service Marketplace users registration, creating Messages, SAP Software Change Registration (SSCR), Notes, and Support packages download).

Environment: SAP R/3 4.7 EE, SAP NetWeaver 04(ABAP & J2EE 640, EP6.0), SRM & BW 3.5

Confidential, Charlotte, NC

SAP Security Analyst

Responsibilities:

• Facilitated design discussions and consolidated Security implementation plan for FI, BW, CRM, SEM & XI
• Support for new user creations, role requests, custom auth objects, table restrictions, etc
• Worked with business, functional leads and Basis to identify critical roles
• Implemented a web based solution similar to SOX Express for change requests logging
• Used SU24 to maintain authorizations check indicators for Transaction codes.
• Created roles in HR Module for Appraisals, Career and succession
• Resolved Payroll security issues from HR Security audit
• Cleaned up structural profiles, which had broad access.
• Secured queries at InfoCube level, InfoArea level and InfoObject level in BEx Analyzer
• Restricted S RS COMP, S RS COMP1, S RS ICUBE objects for the reporting user.
• Administered and configured Virsa Fire Fighter on Production servers, user ids and naming convention.
• Performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.
• Assisted in SOX Compliance, SAP System Audit and documentation of Processes and controls

Environment: SAP R/3 4.7 EE, EP 5.0, BW 3.5

Confidential, NC

SAP Security Consultant

Responsibilities:

• Production Support for all security related issues.
• Resolved tickets. Requests included creation of new roles, changes to the existing roles, temporary role assignments to the users and several other related issues
• Processed Employee change requests like addition of new users, changes to the existing user master records based on position changes, locking of terminated users in a CUA environment.
• Prevented SODs by proactively checking at the role creation stage itself using the simulate feature in VIRSA.
• Designed and developed test scripts for different test scenarios for SOX compliance.
• Performed Mass user creation and Mass role assignment using the CATT scripts.
• Monitored security jobs on a daily basis and rectified the errors (if existed) after analyzing the logs.

Environment: R/3 Enterprise 4.7EE, SRM 4.0 and SCM systems.

Confidential, Plymouth, MN

SAP Basis/SecurityAdministrator

Responsibilities:

• Administered and supported the SAP Production, QAS and Development systems 24x7
• Analyzed R/3, CRM, BW system’s performance, ABAP short dumps, failed updates & logs.
• Database monitoring, increasing the table space using SAPDBA.
• Configured RFC connections between the systems in landscape.
• Used STMS to administer transport systems and configure the transport routes.
• Maintained authorizations and Roles (PFCG).
• Scheduled jobs in the background to clean up spool requests, dumps, batch input sessions, background job logs.
• Hot packages, Download patches from OSS and applying OSS notes.
• Daily administrative tasks included monitoring system logs, work processes, locks and updates.

Environment: R/3 4.6C, BW 3.1C CRM 4.0, SRM 4.0 and WAS 6.20

Confidential, Houston, Texas

SAP Basis/Security Consultant

Responsibilities:

• Performed Role and User administration for all the SAP environments.
• Configured the system for Central User Administration (CUA).
• Provided Support and troubleshooting SAP performance and Workload issues.
• Monitored and analyzed the system based on early watch reports.
• Monitored the VIRSA compliance calibrator system.
• Extensively worked on VIRSA Firefighter tool.
• Scheduled and monitored background jobs.
• Documented each and every activity related to the security issue.

Environment: SAP R/3 4.6C, BW 2.0B, HPUX, Oracle 8i.

Confidential

SAP Basis/Security Admin

Responsibilities:

• Supported clients and served as liaison between client and offshore team in India.
• Performed troubleshooting and resolved several production issues
• Effectively resolved a variety of user administration issues for different user types
• Created and modified different kinds of SAP roles.
• Configured STMS to transport objects from Dev to QA and then to Prod.
• Supported internal and external security audits.
• Created and maintained SAP clients.
• Adjusted system parameters for performance optimization.

Environment: SAP R/3 4.6