SUMMARY:

• Overall Twelve plus years of experience in IT Industry, with subject to SAP security including SAP GRC Access Controls (formerly known as Virsa Systems), SAP Security & Network Security & Oracle Applications Release. Extensively worked with Sarbanes - Oxley (SOX) Compliance Segregation of Duties (SOD)
• Implemented and configured SAP GRC Access Controls applications versions v5.1 and v5.2 such as the Access Enforcer, Compliance Calibrator, Firefighter and Role Expert tool.
• Working experience in Role remediation and user remediation of segregation of Duties (SOD) within SAP implementation, GRC-Virsa Systems 5.X tools(Compliance Calibrator, Access Enforcer, Fire Fighter and Role Expert)
• Other work areas involved role, profile creation/maintenance, user administration, access control using authorization objects, user reconciliation, CATT scripts.
• Working experience in CC (Compliance Calibrator), creating function ID/ Risk ID, Generating rule, Analyzing SOD violation, Mitigation, Alert monitoring.
• Extensively used Fire Fighter 5.2 forcreating Fire Fighter IDs, designing and assigning Fire Fighter roles and monitoring Fire Fighter logs activities.
• Experience with security design, development, administration, Testing and production support of R/3 environment for HR upgrade with general and Structural Authorization
• Other work areas involved role, profile creation/maintenance, user administration, access control using authorization objects, user reconciliation, eCATT scripts.
• Experience as SAP Security Administrator integrating SAP technologies
• Performed regular project progress assessments and produced status reports to the client, highlighting any risks and presenting a plan for proactive risk reduction.
• Developed SAP security profiles and authorizations.
• Configuration of SAP Security parameters and privileges.
• Performed Unit Testing, Integration testing and FIT on Roles using Mercury (Test Director) tool.
• Monitors SAP access compliance and violations.
• Worked with SAP Central User Administration (CUA) and maintained user master records
• Creating users through UME for SAP Netweaver
• Collaborated with other team members and business representatives to ensure that security settings met the requirements of the business and aligned with the defined controls and standards
• Prepared the transaction grouping strategy based on general access, general functional/display report access and specific functional access
• Secured day to day background jobs based on user logon date, password change, role assignment, authorization changes and changes to master records
• Designed security related to tables for roles and role definition, transactions assigned to role, user role assignment, organizational values assigned to roles, authorizations in role with field values.

TECHNICAL SKILLS:

SAP Security Experience:

• SAP business processes
• Transactions
• LSMW/BDC/CATT/eCATT Scripts
• Remediate Segregation of Duties (SOD) within SAP implementation
• VIRSA Systems Compliance Calibrator 4.X,5.X
• Fire Fighter
• Profile Generator (PFCG)
• Policies & Procedures
• Authorization objects
• User reconciliation
• BW/BI Administration workbench 3.1
• BW Info cubes
• CRM & SRM
• Update and transfer rules
• User Administration
• Profile creation
• Role Creation & design

Professional Experience:

Confidential,Minneapolis, Mumbai

Snr. SAP Global Security/ GRC / Networking Analyst

Environment: - SAP BI 7.0, ECC6.0, SD, MM, FI, HR, GRC 5.3 Access Control

Roles and Responsibilities:

• Design, test, implement and maintenance of R/3 and BI Roles using PFCG as per global design of the roles.
• Analyzing authorization related problems and proposing solutions (Using SU53, SU56, and ST01). Supporting functional modules (Internal Controls), HR Human Resource, BASIS) with security changes.
• Resolved issues faced after Go-Live in SAP GRC Access Controls 5.3 products such as Access Enforcer, Compliance Calibrator, Firefighter.
• Extensively interacted with the functional teams in the process of creation of roles Matrix for SD/MM the modules.
• Worked closely with internal audit and external audit when designing the role matrix.
• Worked on SAP Check Indicator Defaults, Field values, and maintained check indicators for Transaction codes using (SU24).
• Extensively worked on Authorization objects, fields, authorizations, and authorization profiles.
• Developed control and strategy with focus on SOX.
• Working with respective functional heads for SOD tools & security changes based on SOX violations at T-code level & object level.
• Assigning transactions in roles as per business requirements and setting up authorization fields.
• Performed troubleshooting existing user roles, security objects and authorizations to resolve security conflicts, supporting users, setting up new accounts, password resets.
• Facilitate the customization of SOD Rule sets that meet unique Internal and External stakeholder’s requirements which are specific to a client or strategic business needs.
• Point of Contact for Access Enforcer(CUP) and Compliance Calibrator(RAR) Message Escalations, Max Attention Support.
• Involved in recommending strategies for integrating business with GRC Suite and its benefits.
• Designing and documenting security administration policies and procedure for the production environment.
• Troubleshoot security/authorization related problems using user information system (SUIM) and Display Authorization Data (SU53).
• Defined critical transactions to be used for Fire Fighter Access.
• Create FAQs and ‘OPL’ documents for SAP applications Firefighter, Compliance Calibrator, Role Expert, and Access Enforcer.
• Did Portal Integration for Access Enforcer by creating portal roles for different categories of users.
• Experienced with Netweaver for handling user maintenance through UME.
• Using Compliance Calibrator to test, simulate and document security and SOD conflicts. Trained customer of the existing reports and functionality contained within AE and CC.
• User Maintenance/User creation, deletion, modification on PRD, QAS, & DEV Server. Create & manage the scheduling of batch jobs working with T-Codes SU53 and SUIM for giving authorizations.
• Participate in requirement gathering, assessment, design and configuration for SAP security around the product domain.
• Developed Security concept for handling SOD conflicts for each user.

Confidential,

San Jose, CA

SAP Security Consultant

Environment: - SAP BI 7.0, ECC6.0, SD, MM, FI, HR. GRC 5.2 (Access Controls)

Roles and Responsibilities:

• Extensively used Profile Generator (PFCG) to create (Reference roles, Single roles, Composite roles, Derived roles and Value roles for various modules such as FI, MM, and SD.
• Used Remedy and Sharepoint for defects tracking, testing & tracking changes
• Extensively worked on Authorization objects, fields, authorizations, and authorization profiles.
• Developed control and strategy with focus on SOX.
• Working with respective functional heads for SOD tools & security changes based on SOX violations at Tcode level & object level.
• Prepared the transaction grouping strategy based on general access, general functional/display report access and specific functional access.
• Experienced with Netweaver for handling user maintenance through UME.
• Evaluated the su24 based authorization maintenance procedure and made enhancements to include custom programs, tables and transaction codes.
• Reviewed critical and sensitive authorizations and implemented improvements to meet audit requirements.
• Facilitate the customization of SOD Rule sets that meet unique Internal and External stakeholder’s requirements which are specific to a client or strategic business needs.
• Point of Contact for Access Enforcer(CUP) and Compliance Calibrator(RAR) Message Escalations, Max Attention Support.
• Suggested alternatives for SOD remediation during and after the Go Live for naming conventions, role swaps for users with conflicts and configuration changes to keep track of project progress.
• Defined critical transactions to be used for Fire Fighter Access.
• Create FAQs and ‘How To’ documents for SAP applications Firefighter, Compliance Calibrator and Access Enforcer.
• Installation and maintenance of support instances of Compliance Calibrator(RAR).
• Involved in recommending strategies for integrating business with GRC Suite and its benefits.
• Resolved BI Authorization issues using RSECADMIN logs and worked with BI developers to modify the reports as per business requirements and including authorization variables in report.
• Assigning transactions in roles as per business requirements and setting up authorization fields.
• Optimized the Roles and Analysis Authorization for maintenance purposes.
• Performed troubleshooting existing user roles, security objects and authorizations to resolve security conflicts, supporting users, setting up new accounts, password resets.
• Designing and documenting security administration policies and procedure for the production environment.
• Configure roles and authorizations in HR using PFCG, PA30, PE03 OOAC, Auth-Objects (P Origin, P PERNR, PLOG)
• Troubleshoot security/authorization related problems using user information system (SUIM) and Display Authorization Data (SU53).
• Used System Trace (ST01) to record authorization checks in different sessions.
• Set up structural authorizations for HR module which involved activating, creating and assigning structural authorization for administrator.
• Used Transport Management System (SE01 and SE10) to perform transports between clients within R/3 system.
• Scheduled security background jobs that generate reports

Confidential,Indianapolis, IN

SAP Security Consultant

Environment: - SAP BI 7.0, GTS7.0,ECC6.0,XI 7.0,SRM,CRM,NetWeaver, Solution Manager, Enterprise Portal, Access Control Suite 5.3

Roles and Responsibilities:

BW Security Upgrade:

Driving Point:

• SAP BI 7.0 has a whole new concept of security model.

Objective:

• Upgrade BW from BW 3.5 to BI 7.0.

Tasks:

• As a part of the project I have upgraded the BW system to BI 7.0 from BW 3.5 & created the analysis authorizations.
• Conversion of the roles to the new model was a big task with 110+ cubes present.
• Design of BI7 security (Securing info-objects, info-cubes, info-areas using analysis authorizations)
• Trained the other clients in the new security model.
• Worked with the functional teams and updated all the roles to the new Security model.
• Used SAP best practices like setting the following InfoObjects as “authorization-relevant” and using them in Analysis Authorizations 0TCAACVT, 0TCAIPROV, 0TCAVALID.

User Security Conversion Projects: (Every Release)

Driving point:

• During releases new roles come in or old roles get retired or both.

Objective:

• Change users security over night during cut-over.

Tasks:

• Working with the sites to get the security requirements.
• Plan how the changes will be done. Prepare the load files.
• Made several User security conversions for releases.

SAP Access Control Suite 5.3 Implementation:

Driving Point:

Implementation of SAP GRC Compliance applications versions v5.3 such as the CUP(Compliant User Provisioning),RAR( Risk Analysis and Remediation ), SUPM(Superuser Privilege Management)

and ERM (Enterprise Role Management)

Objective:

• Identify the risks, remove or mitigate the risks.
• Did Portal Integration for CUP (AKA Access Enforcer ) by creating portal roles for different categories of users.
• Simulate adding roles and transactions to users to find SOD prior to adding authorization. Using Risk Terminator, create real-time analysis of possible conflicts when adding a transaction or authorization objects to an existing role.
• Customizing SPM AKA Fire Fighter, creating Fire Fighter User, designing and assigning Fire Fighter roles, Fire Fighter logs activities, Critical operation Alerts and etc.
• Customizing RAR ( AKA Compliance Calibrator), creating function ID/ Risk ID, Generating rule, Analyzing SOD violation, Mitigation, Alert monitoring, Reporting to top management and correcting measures.
• Role remediation and user remediation under Segregation of Duties (SOD) within SAP implementation using VIRSA Systems/ SAP GRC Access Control Tools (Compliance calibrator Fire fighter, Access Enforcer, IDM (Identity Management)

Tasks:

• Executed the project in waves because of the huge number of roles and end users.
• Used Compliance Calibrator tool to identify the risks and remove them by making changes in the role groups.
• Made controlled modifications to rule set to reflect company’s true risks
• Risks that could not be removed were mitigated with mitigating controls in Place.
• Managing the workflows for Access Enforcer and Compliance Calibrator for user provisioning and mitigation control creation respectively.
• Resolved issues faced after Go-Live in SAP GRC Access Controls 5.3 products such as Access Enforcer, Compliance Calibrator, Firefighter and Role Expert.
• Worked on enabling efficient and secure management of Identity Information through Identity Center, Identity Store in IDM
• Developed control and strategy with focus on SOX.
• Working with respective functional heads for SOD tools & security changes based on SOX violations at T-code level & object level.
• Defining workflow logic within the application for User Provisioning and affective SOD analysis using compliance calibrator.
• Worked on integration of Access Enforcer with Compliance Calibrator and Fire Fighter.

Responsibilities taken as a Security Analyst include:

• Design, test, implement and maintenance of R/3 and BI Roles using PFCG as per global design of the roles.
• Analyzing authorization related problems and proposing solutions (Using SU53, SU56, and ST01). Supporting functional modules (V& C Valuation and Control, SRM, CRM, HR Human Resource, BASIS) with security changes.
• Using RSSM (Upto BW 3.5) and RSECADMIN (BI 7.0) to make security changes and create security objects in BW/BI.
• Participating in release planning. Responsible for release activities like managing security changes and transports, preparing test IDs for testing (around 8000), running SU25, User security Changes and support during cutover and go-live.
• Planning, Controlling and prioritizing production changes to role groups by discussing the changes along with the other security members through a committee, SRC (Security Review Committee).
• Putting standard procedures or processes (SOPs, Standard Operating Procedures) in place to get the quality of work and reduce errors.
• Taking care of User security and RFCs during copy-backs of the systems.
• Auditing the Critical user security.
• Working with the Audit team during Auditing for audit log setup and reporting(SM18,SM19,SM20)
• Develop mass update and other aiding tools.
• Use Quality Center for defects tracking, testing & tracking changes.
• Applying SNOTES (SAP Notes) for the security fixes.
• Co-ordination with offshore team for the deliverables.
• Created Custom Authorization Object using SU21, Protected programs and tables using authorization groups. Used SU24 and maintained check indicators for TCodes.
• Extensively worked with Transport Management System (STMS, SCC1, SE09, and SE10) to transport the changes across R/3 landscape, Used RZ10 for setting up System parameters like log-out, password length, expiration and impermissible passwords.

Confidential, NJ

SAP Security Consultant

Environment: - SAP BI 7.0, SRM, CRM,GTS7.0,ECC6.0,XI 7.0,NetWeaver, Solution Manager, Enterprise Portal, Access Control Suite 5.2.

Roles and Responsibilities:

Implementation Activities (RELEASE-1)

• Responsible for Security role development like creation of Roles(including Single role, Composite role, Parent & child role) creation of Users, Maintained Authorization Objects, and Assigning Roles to Users as per Documents provided by the Management.
• Participated in Security Testing and UAT for Mexico/Bermuda client users and help in resolving the defects using Mercury for ticketing purpose.
• Work with QVC Team in adding additional TCodes or Organizational values (derived roles) to the roles as a part of Security Testing and UAT Testing in Mercury before going live.
• Created job roles for Mexico and Bermuda as per the relevant test ids and also participated in security roles testing.
• Collaborated with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards.

Post GOLIVE support Activities (RELEASE-1)

• Hands on experience on production Support for Mexico/ Bermuda (LA HUB) plant for post GOLIVE support for COMET MERCK.
• Supported production issues on ECC, BI & Portal, GTS, CRM, SRM modules which were the part of RELEASE-1.
• Worked on security tickets using REMEDY tool.

Administration

• Maintained Users Master Records by creating User Ids, assigning roles, copying, renaming, reset password, etc. using SU01.
• Performed mass user activities using SU10.
• Extensively used Fire Fighter forcreating Fire Fighter IDs, designing and assigning Fire Fighter roles and monitoring Fire Fighter logs activities.
• Used VIRSA Compliance Calibrator tool to identify the risks and remove them by making changes in the role groups.
• Made controlled modifications to rule set to reflect company’s true risks
• Risks that could not be removed were mitigated with mitigating controls in Place.
• Managing the workflows for Access Enforcer and Compliance Calibrator for user provisioning and mitigation control creation respectively.
• Working experience in CC (Compliance Calibrator), creating function ID/ Risk ID, Generating rule, Analyzing SOD violation, Mitigation, Alert monitoring
• Create FAQs and SOP’s(Standard and Procedures) documents for SAP applications Firefighter, Compliance Calibrator, Role Expert, and Access Enforcer.
• Extensively used ECATT scripts for mass user creation, locking and unlocking users, assigning roles to users etc.
• Created Parent/Child role for Mexico/Bermuda from the Global role template for ECC,CRM, SRM, GTS in the initial implementation phase.
• Worked with profile generator (PFCG) in creating roles, profiles, composite roles and derived roles.
• Followed the established standards and naming conventions as dictated for the Clients security schema.
• Developed and provided knowledge transfer to client personnel on security authorization concept and security design/implementation.
• Worked on SAP Check Indicator Defaults and Field values using transaction SU24 and maintained check indicators for Transaction codes during testing.
• Transported Roles using the change request method and also the Download/Upload method for transporting the roles to systems not in the transport landscape.
• Transported the generated roles and profiles using Transport Management System.
• Worked on Job role user switch for more than 400 users for BI, SCM, ECC all gold clients.
• Worked with table authorizations to control access to tables and created custom table authorization groups using SE54.
• Worked with SE93 to create custom transaction codes to control access to tables.
• Assigned authorization groups to programs using RSCSAUTH and RSABAUTH to control access to programs.
• Trouble shoot user project related issues for Solution Manager for viewing folder details.
• Setting up Portal security by linking R/3 LDAP/AD to upload portal User List
• Performed User master maintenance through Central User Administration (CUA).
• Effectively analyzed trace files using ST01 and authorizations for users (SU53) and tracked missed authorizations for user’s access problems and inserted missing authorizations manually.
• Download User/Role tables (USR02, AGR* etc) using SE16 into Excel and sort (Slice/dice) data as needed.

BI 7.0

• Created roles for restricting access to Infocubes, ODS objects, Queries and Workbooks.
• Created custom objects to secure the roles by Company Code, Plant and Cost Center
• Involved in testing of the roles along with the BW team members.
• Troubleshoot authorizations related problems using RSECADMIN.
• Designed the security around the InfoArea level rather than drilling down too much at the report or the InfoCube level (with some exceptions of functional areas like Finance and Pricing).

Confidential,Mumbai, India

Security Analyst & Technical Consultant

Project Name: AOL Inc. (USA) & EarthLink Inc (USA) ..

Responsibilities include but are not limited to:

• Provides technical support via phone and/or other means of communication and resolve customer problems in a professional and prompt manner.
• Communicates technical information, concepts, and solutions in a professional and friendly manner.
• Ability to establish, maintain and improve customer relationships.
• Provide customer support by resolving escalated issues and troubleshooting.
• Analyze and develope workarounds to difficult problems for timely solutions Input accurate data in all required systems, including offered solutions. Log customer calls as required.
• Performs research and testing as needed to resolve customer needs.
• Created and compiled technical resource information to used by internal & external customers.
• Completed training for specific products and documents all training and recovery procedures for internal and external customer and team use.
• Attend ongoing training sessions on new products or areas, as well as effectively utilize current training resources.
• Effectively gathers and analyze relevant information.
• Ran security reports for critical transactions and objects.
• Supported users at different levels for the security issues in different modules.
• Collected Business requirements from different business owners and BI functional teams.
• Involved in the identification of Key controls and Risks.
• Perform reconciliation of user master record and roles using PFUD and SUPC.
• Adding new transactions representing additional functionality to the roles
• Cleaning and adapting the roles (Merging, Renaming and Testing all the new roles with the functional and key-users)
• Ensuring that all existing reports, transactions and authorizations still function as expected in the new release of SAP.
• Creation of Authorization Groups to restrict the R/3 table access and program access and review and correction of sensitive authorizations (S TABU DIS, S USER TCD etc.), including assignment of authorization for sensitive tables.
• Review and adjust the validation process (add transaction, unlock user, assign roles, etc)
• Assist users with access problems and questions using SUIM and SU53.
• Involving project teams and key-users in the upgrade process
• Resolve user’s daily problems (lock, unlock, and reinitialize passwords, no access to a transaction.)
• Responsibilities included running security reports for critical transactions and objects and for passive users.
• Implemented and established standards for custom authorization objects
• Responsible for day to day technical support and resolution of security issues
• Excels in relating with others (verbal and written) in both English .
• Excels in seeking solutions.
• Displays a strong personal commitment to sucessfully completing their work.
• Ability to make fair and consistent judgements.
• Establishes effective working relationships.
• Ability to quickly create rapport.
• Keeps well informed of program changes.
• Ability to operate a computer, telephone and associated monitoring systems.
• Ability to maintain confidentiality.
• Ability to adhere to all organizational policies and procedures.

Project Name: DELL Inc.

Software and PeripheralSupport. Answering questions on application usage and "how to" questions about Dell branded peripherals.

Installation Assistance. Provide guidance to users who need to set up new software and Dell Peripherals.

DNS SERVER & LDAP SUPPORT

• Installation & Configuration of Windows 2003 server, Active Directory, IIS, DHCP & DNS server, Migrating to Active Directory domain, AD Maintenance, Group Policy Implementation, NLB & Microsoft Cluster server.
• Installation & configuration of virtual machine using VMware Vsphere 4.
• Installation & Configuration of Microsoft Exchange 2007 email server.
• Handling database administration, security & backup of SQL server 2000 for Project management & Process management.
• Handling Network security by implementation of Watch guard firewall & antivirus.
• Handling Information security by taking backups of the servers on USB Hard drives & keeping it at remote location for data redundancy.
• Handling System & Network Administration.& Procurement of Infrastructure equipment.
• Handling Project Management skill like design, implementation, and maintenance & troubleshooting of network.
• Handling Technical support service by helpdesk facility for users facing any problem in the hardware or software of his workstation, laptops & printers.
• Software Support. Help users with a troublesome software.

Confidential, Mumbai

System Analyst

• Tuned SQL Server Databases and implemented Backup and Disaster recovery programs.
• Developed Complete client server application for Software Change Request System including two applications and Database using Visual Basic, Access and SQL Server.
• Developed a complete XML file Editing application.
• Rewrote existing applications to improve performance and usability.
• Responsible for the Design and Development of a Flexible Report Generator that allows users to create, preview and save there own reports. Output is direct to MS Word OR Active Reports.
• Designed and developed an application that creates Word documents using XML tags and the associated code to read the documents in VB.

Confidential,Mumbai

Software Developer

Project Name: CFA System of Glaxo India Ltd.

Environment: - Oracle 8i and Developer 2000.

Key Role In Project

• To make Windows NT Servers with Oracle Database
• To make connectivity of Client Machine with server
• To configure Client Machine with Oracle and D2k
• To Install Glaxo Software in server and give privileges and rights to respective client.
• To give Training to the employees of Glaxo IT Dept.
• To review and bug fixing of the software.

Project Name: IIB(Indian Institute Of Banking)

Environment: - Microsoft FrontPage, HTML

Key Role In Project

• To do Content Development of Modules of IIB
• To review the Content in IE and Netscape.

Project Name: RBI(Reserve Bank Of India)

Environment: - Oracle 8 and Developer 2000 (Forms 5.0,Reports 3.0), Designer 2000, Lotus Notes

Key Role In Project-

• Provide a relational database to store data relevant to the system.
• Provide interfaces to load data received as soft files from banks.
• Allow entry of data received in the hard format from banks.
• Process the data maintained in the database based on given technical specifications.
• Provide ad-hoc querying facilities to users, subject to requirement.

Benefits from the proposed Data Processing System-

• Elimination of manual searching and retrieval of documents by providing an Automated search and view facility.
• Improvement in the quality and speed of interaction with banks as a result of Faster processing of data collected From banks.
• Performance tuning of queries raised related to banking and parliament issues.
• Responsible for Designing and Developing User interactive Forms(screens) in Developer 2000(Forms 5.0)
• Responsible for programming in PL/SQL and Developer 2000(Forms 5.0).
• Responsible for generating complex Reports in Report Builder 3.0 of Developer 2000 and testing the application.

Confidential,Mumbai

Software Developer

Environment: C, C++, Java, DHTML

Key Responsibilities

• Designed and coded publish-and-subscribe subsystem for treasury management solution. Coded both front end (Java behind DHTML) and platform-independent back end (C++).
• Gave a talk for implementation managers on publish-and-subscribe setup, use, and troubleshooting.
• Fixed bugs in C++ and Java code: program crashes, memory leaks, performance bugs and a problematic third-party COM component.
• Took the initiative to learn Perl to write a script to change the code to improve its performance. The script saved many hours of tedious coding.
• Used Rational Rose (a visual modeling tool) to design server-side components. Coded and unit tested the components using Visual C++ and Tuxedo, a transaction middleware framework.
• Evaluated Sun’s Visual Workshop C++ compiler, and tested a build of our prototype on Solaris and helped with basic UNIX system administration.
• Designed and programmed Windows programs using C++, Microsoft Foundation Classes and additional foundation classes.
• Responsible for project scheduling and evaluation of possible new features for the rewritten programs.
• Prepared and presented a technical overview of the architecture of the rewritten transaction programs .
• Developed code to test interfaces such as synchro, Resolver and LRT.
• Prepared system details which include collecting the data for each sub systems and Wiring