SUMMARY

Objective – To obtain an SAP Security position where I can grow technically and professionally

Skill Summary:

• Strong knowledge of SAP Security architecture and role based authorization concepts

including derived roles. Experienced in role design and definition.

• Experienced in SAP security design, implementation, and administration across the NetWeaver Platform, SAP ECC, APO, BW/BI, BCS, SEM, SCM, SRM, EBP, HCM(HR), EP (Portal) 7.0, Java CE, Solution Manager 7.0, xMII and PI (XI) environments.
• Experience in Risk Analysis and Remediation of role and ID SOD violations. This includes using GRC Firefighter (VFAT) and GRC Compliance Calibrator (ZVRAT) formerly known as Virsa.

Other Work Attributes:
· I understand the importance of building business relationships.
· I am able to communicate effectively with users to quickly resolve issues.
· I am a self starter capable of producing on my own or within a team.
· I have well developed communication, writing, typing, and problem solving skills.

Education:
· Completed SAP courses SAPEP, EP200, and BW365.

Experience:

Confidential, SAP Security consultant - 7/2009 – Present

• Support of SAP ECC, CRM, BI, GRC, Java CE, and Portals systems.
• Working on Java/Portals security for the IBM Blue Harmony Project. Design, build, and transport of Portal roles, and all ID administration.
• Create OSS IDs for support team.

Confidential,SAP Security consultant– 2/2009 – 7/2009

• Supported SAP ECC, BI, EP, HCM, SRM, GRC Firefighter, GRC Compliance Calibrator, and Solution Manager Environments.
• Monitored Security ticket queue and resolved requests according to SLAs.
• Created and maintained SAP IDs and roles.
• Used GRC Compliance Calibrator to check for SODs on IDs/roles. Remediated SOD violations.
• Researched authorization issues using SUIM, SU53, RSECADMIN, ST01, SE16, SM30, etc., for tickets, and resolved them.
• Used SU24 to associate objects and their field values with transactions to reduce role maintenance.
• Created transports for roles and moved them using Charm requests in Solution Manager.
• Assigned roles to HR positions for position based security.
• Updated SOX Control rules.

Confidential,SAP Security Analyst II - 6/2007 – 2/2009

• Supported SAP R/3, ECC, BW/BI, HCM, EP (Portals), xMII, PI, SCM, SRM/EBP, APO, Solution Manager, CUA, and RevTrac Environments.
• Created and maintained security for the xMII module. Upgraded the xMII system security from version 11.5 to 12.0. Also connected the xMII system to the company LDAP for authentication purposes and role authorization.
• Handled all security for the OneSAP project. This project involved moving all SAP Security from a 4.6 system to a 4.7 system. This work included creating new versions of all roles, debugging role issues during testing, creating new IDs for 2,000 end user and 700 Kiosk IDs, creating scripts to mass email login information, assigning the roles to IDs, and supporting Go Live.
• Upgraded SRM/EBP, APO, xMII and BW Portal systems.
• Upgraded the Rev-Trac security in the Solution Manager system. This included adding new tcodes and authorization objects to the Rev-Trac roles, creating RFC IDs and assigning Rev-Trac specific profiles to the RFC IDs, assigning the upgraded Rev-Trac roles to IDs, and supporting Go Live.
• Worked with business teams to determine security authorizations that would be needed for roles to make them SOX compliant.
• Helped to determine mitigating controls when it was not possible to remove SODs from roles or change role assignments to user IDs.
• Configured system settings in SCC4.
• Used VB and Quicktest Pro scripts to do mass maintenance including assigning email addresses, adding parameters to IDs, removing/adding role assignments, emailing end users, and changing passwords for IDs.
• Used SU24 to associate objects and their field values with transactions to reduce role maintenance.
• Created transports for roles. Moved transports using STMS and SCC1.
• Created and maintained SAP IDs and roles.
• Mentored my teammates in SAP Security concepts.
• Used transaction PFUD to set up a daily job to do User Master Record comparisons.
• Researched authorization issues using SUIM, SU53, RSSM, ST01, SE16, SM30, etc.
• Supported BW Pcard security.
• Resolved issues with SAP IDM IDs.

Confidential,SAP Security consultant – 4/2007 - 5/2007

• Supported SAP ECC environment – Tickets resolved according to SLAs.
• Created and maintained IDs and roles.
• Created SECATT scripts to maintain security.

Confidential,SAP Security consultant – 12/2006 – 3/2007

• Supported the SAP ECC, BW, CRM, and the Portal environments.
• Implemented security for Portals reporting. This included creating BW roles, creating structural authorizations in CRM and assigning them to user IDs using OOSP and OOSB. Created IDs in Portal, and resolved security issues in Portal through traces to CRM and BW environments.
• Supported Go Live of Warehouse Management System (WMS).
• Worked on implementation of SOX regulations. Worked with business teams to determine security authorizations that would be needed for each position in the company.
• Created job roles for positions that were SOX compliant.
• Created documentation for SAP Security policies and procedures.
• Determined SAP license count.
• Created role and ID related reports based on SAP tables.
• Created and maintained IDs and roles.
• Used transaction PFUD to set up a daily job to do User Master Record comparisons.
• Used SU24 to associate objects and their field values with transactions to reduce role maintenance.
• Researched authorization issues using SUIM, SU53, RSSM, ST01, SE16, SM30, etc.
• Created scripts to maintain security.

Confidential,SAP Security Analyst - 12/2005 – 12/2006

• Implemented all SAP security for this full implementation for ECC, BW, SEM, BCS, EP, and XI environments.
• Worked with all Business teams to determine security authorizations needed for each role.
• Worked on implementation of SOD rules.
• Used GRC 5.1 to evaluate roles and user ID authorizations for SOX compliance. Set up the batch jobs to import authorization data from SAP to the GRC Compliance Calibrator tool.
• Helped to determine mitigating controls when it was not possible to remove SOD violations from roles or change role assignments to user IDs.
• Built and maintained Workflow security.
• Created security for the myLearning module in the Portal and ECC systems.
• Created security for the Real Estate (RE-FX) module.
• Monitored Security ticket queue and resolved requests according to SLAs.
• Created scripts to create and maintain security in all SAP environments.
• Created and maintained IDs for ECC, XI, EP, BW, SEM, and BCS environments.
• Determined system parameters for SAP security.
• Created role and ID related reports based on SAP tables.
• Traced and researched authorization issues.
• Used SU24 to associate objects and their field values with transactions to reduce role maintenance.
• Created transports for roles. Moved transports using STMS and SCC1.
• Created authorization objects for infoobjects in BW to restrict role access.
• Supported Go Live of this implementation of SAP.

Confidential,SAP Security consultant - 4/2005 –11/2005

• Monitored Security ticket queue and resolved requests according to SLAs.
• Created scripts to create and maintain security in all SAP environments.
• Created and maintained IDs and roles for the R/3 system.
• Used CUA to administer user IDs.
• Created role and ID related reports based on SAP tables.
• Traced and researched authorization issues.
• Used SU24 to associate objects and their field values with transactions to reduce role maintenance.
• Used transaction PFUD to set up a daily job to do User Master Record comparisons.
• Created transports for roles. Moved transports using STMS and SCC1.
• Supported Go Live of recent SAP R/3 implementation.

Confidential,SAP Security consultant - 12/2002 – 3/2005

• Monitored Security ticket queue and resolved requests according to SLAs.
• Created scripts to create and maintain security in all SAP environments.
• Created and maintained IDs for R/3.
• Created and maintained roles for R/3 using PFCG.
• Created role and ID related reports based on SAP tables.
• Traced and researched authorization issues.
• Used SU24 to associate objects and their field values with transactions to reduce role maintenance.
• Used transaction PFUD to set up a daily job to do User Master Record comparisons.
• Created transports for roles. Moved transports using STMS and SCC1.
• Upgraded an SAP R/3 system’s security from 4.5 to 4.7
• Assigned SAP License types to user IDs and created SAP License reports using transaction USMM.
• Created and maintained Security documentation for policies and procedures based on SAP Security best practices.
• Used CUA to administer user IDs.
• Supported Go Lives of SAP implementations for business units.