Summary

Experienced technical and functional SAP Security Consultant specializing in SAP security
Global design and implementations with the next methodology: ASAP, SAP User - Centered Design (UCD), Centralized and De-Centralize Business Model, 3 Tier Approach Model, Position Based Model, Task Oriented Model, RBAC Model - IDM (SAP and none SAP Systems integrations), BW/HR Structural Authorizations Architectural Model
SAP security global design and implementations, security strategies and policy for:
SAP Portal (EP) UME, XI/PI, MDM, Global CUA build, Solution Manager, SRM,CRM 2007 (7.0, 7.1), ACE , Business Role (WEB UI), BI, BOBJ, SAP R3, Enterprise Portal, Global Trade Services, ERP, ECC, ESS/MSS, PSCD, HR, HCM, TREX, SCM, PS, APO, ERP, PLM, SCM, SAP Human Resource Management Systems (HRMS), MDM, MII, LPO, E -Sourcing, Portal (SRM, CRM, BI, MDM)
ACE-Automatic Controls Environment, Guardian- Manual Controls Environment, Approva BizRights,Virsa, GRC Access control, Process control and Risk control, RAR, ERM, SPM, CUP, Access Risk Analysis (ARA), Emergency Access Management (EAM), Business Role Management (BRM), Access Request Management (ARM), Business Rules Management Systems), MSPM, GRC_MSMP_CONFIGURATION
CRM2007, Access Control Engine (ACE), Business Roles (Web UI), Technical Roles (ABAP)
ACE General Parameters, Ace activation and Super Object Type set, Work Package Definition
Business Role (Web UI) - Creating Role Configuration Keys,Transaction Launcher, Menu Navigator, Logical Link for Transaction, Actors creation, Rules and Rights creation, ACE Design Report
Utilities: B2C Call Center and B2B Work Center, Public Sector
Proposal preparation on client site with security analysis on real systems and real data
Proficient in use BI, BW Analysis Authorizations tools as ( RSECADMIN, RSD1, RSA1,RSRT)
Log changes to analysis authorizations and other authorization-related activities: RSUDOLOG, RSECVAL_CL, RSECHIE_CL, RSECUSERAUTH_CL, RSECTXT_CL, RSECTXT_CL
NetWeaver SAP Identity Manager , TAM
Event-driven SAP ERP HCM integration with SAP IDM
Path work flow based on request type and user attributes
Position based Security via Indirect Org Assignments (infotype 0001)
Context Sensitive HR solution, Structural authorization (infotype 0017)
The HR: Master Data with Context authorization object (P_ORGINCON)
Extended integration with SAP's GRC solution (SAP Business Objects Access Control)
More then 8 years in Segregation of Duties and Audit Compliance Standards, Audit Compliance Standards
Development of tailored security and controls techniques in conjunction with system upgrade (i.e. ERP) and the design or re-engineering of business processes (i.e. shared services environment)
SAP framework for SAP Global security upgrade
SAP Global security and authorization support, development and design

Companies worked for as SAP Security Consultant and SAP Security Lead for Global projects:
Tampa Electrical Company,SaskPower, Applied Materials, NBC UNIVERSAL, Municipality of Anchorage, Saudi Aramco, General Motors, ConAgra Foods, Becton, Dickinson and Company (BD), Graphic Packaging, ConocoPhillips, Colgate, DeloitteUS, Allegheny Energy, Inc., NASA, Whirlpool, Eastman, Adobe, CMC, BNSF, Chevron-Philips, Department of Personal State of Washington, FEMSA (Coca Cola Mexico and Latin Americas), JoAnne, CMC, Convergys Corp., State of Florida, Fifth Third Bank, AT&T, Whirlpool, DuPont, Johnson & Johnson (DEMO), Pfizer, Solectron Corporation, Guidant, Lucent, Medtronic, Bridgestone Tires, PWC, CAMECO, KGH, British Columbia Government (PSCD) IBM ISM, IBM Internal Project, SAP America - RM@FS Authorization Lead and SAP AG internal projects as security course P_ADM_SEC_70 and others

Professional Experience
Confidential,Confidential,Florida June 2012 to July 2012
SAP Security Consultant
HCM, BOBJ, BW , BW-BPS, SRM , ECC, PORTAL,
“Go life” and after ”Go Life” Support, BOBJ re-design,
Front End and Back End BOBJ integration
GRC, Access Risk Analysis (ARA), Emergency Access Management (EAM), Business Role Management (BRM), Access Request Management (ARM)

Confidential,Anchorage, AK February 2012 to April 2012
Principal Consultant - Sap Security
Municipality of Anchorage
HCM PROJECT
Structural Authorization, Indirect Assignment, Strategy, Policy
SRM, PORTAL, BI, ECC, HCM, ESS/MSS

Confidential,Multiple Projects September 2010 to February 2012
Managing Consultant - Application Architect SAP Security

Confidential,Global HCM Project
Lead of HCM Security ( 36 Countries)
ESS/MSS, Portal, Eureka, ECC, HCM, ESS/MSS, XI/PI
Global HCM Project in 36 countries

Confidential,Global Projects
Back Point 1, Back Point 2 ( 170 Countries)
ECC, HCM, SRM, CRM, EWM, WEB UI (Business role), BI, BI-BPS, Portal, ESS/MSS, XI/PI

Confidential,Transition Project
Lead of SAP Security
Global implementation (46 Countries)
HCM, ESS/MSS, R/3, GTS, APO, BW-BPS, BI, CRM, SNC, MDM, MII, LPO, ESourcing, Portal (SRM, CRM, BI, MDM), Solution Manager, GRC, SLD, Business Process Management (BPM), GRC

Confidential,Development
Lead of SAP Security
Global implementation (36 Countries)
R/3, GTS, APO, BW, BI, CRM, SNC, MDM, Portal, HCM, ESS/MSS

Applied Materials -Total Upgrade, Security Lead (20+ Countries)
ECC, CRM, SRM, BI, GRC upgrade 5.1 to 5.3, GTS, Portal, XI/PI

General Motors
Projects Description/Scope:
Business Scenario Overview
General Motors will offer leasing in Canada for Cadillac and Buick vehicles. The program will be administered by FLinx. GM will provide risk sharing in the form of a first loss guarantee.
GM is implementing the VIN-by-VIN Revenue Recognition Accounting System in SAP-ECC6. Three GM scenarios will be included in Phase 1:

• Collateralized Borrowing (CB) for GM US
• Limited Risk Leasing (LRL) - specifically Canada Leasing - for GM CA
• Multi-Element Arrangement (ME) for GM US and GM CA

Responsibilities/Deliverable/ Achievements:
ECC 6, BI,CRM, SolMan, SRM, BI_BPS, BOBJ,PORTAL, Ldap, Sun IDM, XI/PI
Sap Security Approach- high level design
R3 Security Strategy and Architecture
Portal Security Strategy
BI, CRM, SRM Security Strategy, HCM
Sap Security Integration
Business processes, data elements, documents and user position assignments
Portal, BI, CRM, R3 roles and integration
Testing, Cut Over and "Go life"

IBM Internal Project Blue Harmony Project (174 countries))
Project is consolidating its extensive global collection of individual SAP applications and versions into a single
global instance that will deliver greater resilience and flexibility to IBM's operations in 170 countries
around the world

Responsibilities/Deliverable/ Achievements:
ECC 6, CRM2007, BI – Cognos, Portal
SAP Security Strategy and Architecture
BI Cognos Reconciliation
GRC reports and BI Cognos reconciliation
Internet Portal and BI Cognos integrations
Ldap Bi Cognos Groups and Roles
Integration with ECC6, CRM2007

Confidential,May 2010 to September 2010
SAP Security Consultant
Sub-Contract with Canada Corp and CSI in Sap Security Field (Clearance)
Montreal, Canada
Project Description/Scope: Extended Warehouse Management (EWM)
Responsibilities/Deliverable/ Achievements:
Solution Manager, Remediation SOD (segregation of duties), Re-design roles, ERP, Approva BizRights

Confidential, October 2009 to April 2010
Lead SAP SECURITY Consultant
Subcontractor from IBM ISM/MODIS
ECC 6, BI,CRM, Sol Man, SRM, PORTAL, Tivoli IDM
HCM Remediation Project
Roles and Infrastructure re-design
Migration from ECC 5 to ECC 6
BW 3.5 migration to BI 7.0
XI/PI, Virsa

Responsibilities/Deliverable/ Achievements
Integration TIVOLI Identity Manager, UME and corporate LDAP
RBAC - Role Based Access Control Model development
Overview Role Based Access Control, Consideration of Role Based Access Control, The Role modeling challenge, Role Based Access Models Overview, Statement of the Problem
Access Control Principles, The Implementation and Conversion Program, Migration Plan
Implementing the Pilot Program, Role Based Access Control security AIX management overview,
RBAC in Oracle (RDMS), Role Based Access Model for SAP, Policy-Based Authorization
Business Processes, Business Policies, The RBAC pattern as an extension of the Authorization pattern,
Role-Based Access Control (RBAC) Pattern, Implementing and Modeling Roles in ITIM
Separation of Duty in Role Based Access Control System Pattern

Confidential,April 2007 to April 2009
SAP SECURITY Consultant
Permanent
Industry: Multiple
Projects Description/Scope: Multiple/Security
Role: Team Lead (Security)
Competency Areas:
SSO-Concepts (Certificates, SAP Logon Tickets)
Kerberos and Public-Key Cryptography
Business Continuity Planning
Security Management Practice
Security Infrastructure Architecture
Compliance
Enterprise SOA Security in SAP Systems
Authorization groups functional tables, custom development authorization solutions
Implementing and reviewing SAP Authorization Concept
Integrating ABAP User-Management with Organizational Management
Central User Storage Techniques
Build Framework: Security Audit tools & Change Documents (SCDO)
Maxware, IDM and LDAP in a company environment
GRC Suite: Compliance Calibraitor.5.X, Role Expert, Virsa, Fire F, Maxware
SAP UME administration and J2EE roles
Handling PFCG (check indicators, SU24, transport & upload roles)
Configure and implement cryptographic technologies in SAP System
Responsibilities/Deliverables/ Achievements:
Upgrade ECC 5.0 to ECC 6.0
Security Policy and Strategy
BI 7.0 Strategy and Tactics, Analysis Authorization, BI-BPS, BOBJ
HLD for HR - BI Dynamic Authorization Model
Conversion from Structural Authorization to BI analysis authorization.
New GL (Security), ESS, MSS
CUA Landscape and Presentation
CUA creation, review, and recommendation
P_ADM_SEC _70 Security Course Development (Author)
GRC configuration and review
Authorization Concept Lead Consultant (SAP Resource Management @ Field Services) New SAP development
Security GTS 7.1 design and implementation (Global Trade Services)
Analysis Authorizations (BI) creation and implementation
PD profiles and BI structure security and authorization design
Structural authorization BI analysis and BI structure conversation
Upgrade to SAP R/3 Enterprise Release 4.70
Integration Analysis: IBM Tivoli Identity Manager ,LDAP, SAML, SAP UME, Internet Portal, Biller Direct
IBM Tivoli Access Management Integration
CRM2007 security and design
Dynamic CRM Authorization Model, ACE and business roles set up and IMG (SPRO) configuration
ACE, Web UI and ABAP roles integration from complete UCD (User Centered design SAP Methodology)
An Architectural View of SAP's Analytical CRM Capability
CRM integration with ERP, BI
SAP CRM module, SAP Biller Direct, SAP Exchange Interface ("PI/XI")
Flexible security framework that can be adapted to specific customer (business partners) needs

Confidential,Jacksonville, FL April 2006 to April 2007
Sr. SAP HR Security Consultant Duration: 13 months
Industry: Software Consulting Company, Government, Banking, Chemical, Retail, Pharmaceutical, Telecommunications, Manufacture
Project Description/Scope: SAP Global security and authorization support, development and design for
Share service (multiple projects).
Application and Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, SAP CRM, SRM, BW, BI 7.0, Portal, XI, ESS/MSS, HCM
Operation System: Windows XP
Responsibilities/Deliverables: • Security based on industry standards

• SAP framework for SAP HR Global security and authorization support and implementations.
• Development of tailored security and controls techniques in conjunction with system implementations (i.e. ERP) and the design or re-engineering of business processes (i.e. shared services environment

Achievements

• Completed SAP Global security and authorization (HR) support for 11 Global companies
• Completed SAP Global implementation for leading global provider of electronics • manufacturing services (EMS) and integrated supply chain solutions
• Virsa and Upgrade to GRC 5.0

Confidential,Victoria, BC July 2005 to January 2006
Senior Security Consultant
Industry: Software Consulting Company, Public Sector, and Government
Project Description/Scope: SAP framework for security and authorization design for Public Sector.
Application and Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, SAP CRM, SAP Biller Direct,
BW, Portal, XI, SAP FI, CO, MM, PP, SM, PSCD and others
Operation System: Windows XP
Project Development: ASAP/Value SAP, Security and Authorization
Responsibilities/Deliverables: • ASAP methodology/User Centered Designed

• Role definition depends on HR positions
• Conversion from "as is" to "to be" business processes
• Assignment of Authorization Groups to Tables (TDDATA, VD_DATA)
• Authorization groups and tables trace from applications
• Access Control- Authorization Groups (SM30, TBRG table)
• Role design "ABAP and JAVA" sites for XI
• Security Strategy for web Methods Integration Platform
• Role design, development and assignment (PFCG, SU01)
• Authorization Groups-Report-types programs (SA38, SE38, AUTHORITY_CHECK)
• Document Types in design and configuration processes (T003)
• Check indicators (SU24, SU25, SE93, and SE97)
• Authorization checks by assigning reports to authorization classes (RSCSAUTH)
• Tables for relationship for Tcode, Roles and users (Agr_Users, Agr_Texts, Agr_Tcodes, and TSCT)
• Developed CUA for all systems from XI
• Sensitive Transactions Analysis (objects level matrix)
• Segregation of Duty matrix (objects level matrix)
• Role design and security policy strategy

Achievements: Completed Security and authorization design for Public Sector project.

Senior SAP Security Consultant
Confidential,Ottawa, ON April 2005 to July 2005
Ottawa, Ontario, Canada
Industry: Government (Security Clearance)
Project Description/Scope: Re-Design SAP security and authorizations
Role: Senior SAP Security Consultant
Responsibilities/Deliverables:

• Re-Design SAP security and authorization
• Analyze current situation
• Role selection multidimensional matrix
• Role definition depends on HR position
• Re-designed and re-built security roles (PFCG)

Confidential,January 2005 to March 2005
Industry: Financial, Chemical (Security Clearance)
Project Description/Scope: • SAP audit (Automatic Control Environment)
• Application and Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, ACE-Automatic Controls
Environment, Guardian- Manual Controls Environment
• Operation System: Windows 2000, Unix, and Oracle
• Project Development:
ASAP/Value SAP, Security and Authorization, SOX, SOD- Segregation of Duties
Test, STA-Sensitive Transaction Analysis

Responsibilities/Deliverables: • SOX, SOD Analysis and advice

• Assessment of the SAP control environment to identify internal control deficiencies and recommend
• improvements
• SAP Audit (ACE)
• Business Processes- "As is"-Transactions -objects-authorizations field's Analysis, best practice and
• recommendations
• Sensitive Transaction Analysis (objects level matrix)
• Segregation of Duty matrix (objects level matrix)
• Operational Control and Computer Operations Analysis
• Physical Security and Security Polices
• Completed assessment of the SAP control environment to identify internal control deficiencies and
• recommended improvements.
• Completed SOD and SOX analysis and recommended improvements