| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate
Summary:
Results oriented IT Professional overall 12 years of SAP Security and 6 Years of GRC experience with strong understanding.
Worked in all phases of full life cycle implementation Project in SAP which includes SAP security and SAP GRC 10.X Access Control Suite (AC) practices such as Project Analysis, design development, Blue print phase, Realization phase, Final preparation Cut-over phase, Testing, Training, GO-Live and Post implementation support.
Experience in understanding Segregation of Duties (SOD) and Audit Compliance Standards.
Experience in internal and external auditing, security roles and profiles, user account management, troubleshooting SAP security solutions in all SAP systems R/3, ECC, HR/HCM, SF-EC, FI/CO, SD, BI/BW 7.4/7.3.
Experience in SAP Security Administration for ECC BW 3.5/BI7.0 security, Enterprise Portal, CRM, HCM and Success Factor Core Employee Central Modules.
Success factors Experience in Employee Central Core, Payroll (PY), Personnel Administration (PA), Organization Management (OM), Time Management (TM), and Portal ESS and MSS. etc.
Expert Knowledge in SAP Success Factors Cloud based talent management modules such as Recruiting, Onboarding, Performance, Succession, Goals Management, and Employee Core Central.
Expert knowledge in integrating the solution with Success Factors such as HRIS & solutions.
Involved in the installation and Configuration of SAP GRC Access Control 10.1/10.0.
Scheduling and working on reports of background jobs as well as foreground jobs during the risk analysis in SAP GRC AC suite, SAP Green light AVM.
Providing detail reporting on Segregation of Duties (SoD) and critical access violations at both user level and role level.
Involved in configuring and customizing the Multi-Stage Multi-path (MSMP) workflows especially when working with ARM and EAM components.
Performed Role and User Analysis, Risk Analysis and Mitigating risks and roles as required.
Design preventative, mitigating and remediating controls to ensure the appropriate level of protection and adherence to the goals of the overall SAP security strategy.
Excellent knowledge in profile-based security, Central User Administration (CUA), Computer Aided Test Tool(ECATT/SECATT), Segregation of Duties(SOD), SAP Governance Risk and Compliance (GRC).
Performed BW/BI security for Administrative users (creating authorization objects and restricting users at info object level) and reporting users (analysis authorizations).
EDUCATION AND CERTIFICATION:
Masters in Information Systems -SAP
Certified in SAP Security, GRC 10.x and Basis/NetWeaver
EMPLOYMENT TRACK
GTECH International Game Technology, Providence, RI Nov 2015 to till date
Sr. SAP Security and GRC Consultant
Telephone and Data Systems Inc., Madison, WI Aug 2013 to Oct 2015
Sr. Sap Security and GRC Consultant
Commercial Metals Company (CMC), Irving, TX May 2011 to June2013
Sr. Sap Security and GRC Consultant
Department of Human services, DHS July2009 to March 2011
SAP Security and GRC Administrator
Linfox Logistics Ltd., July 2007 to June 2009
SAP Security consultant
Woolworths the Fresh food people April 2004 to June 2007
SAP Security Administrator
TECHNICAL EXPERTISE
SAP Security and GRC 10.x, Basis/ NetWeaver
SAP environments SAP R/3, ECC6, SF_EC, GRC 10.1/10.0, Fire Fighter, FI/CO, HCM/HR IDOCS, WCEM2.0 and CRM 7.0 BW/BI 7.4/7.3, EP, PI 7.1 and Solution manager 7.1/7.0
Database Oracle 12c/11g/10g, MS SQL Server 2012/2008/2005
Operating System UNIX (Solaris, AIX, HP-UX), Linux (Red hat) and Windows 2003/2008
Tools HP Service Manager, Remedy, Clarify, OVSSD
PROFESSIONAL EXPERIENCE:
GTECH International Game Technology, Providence, RI Nov 2015 to till date
Sr. SAP Security and GRC Consultant
Environment: ECC 6.0, FICO, HCM, SF-EC, GRC 10.1, BI 7.4/7.3
GTECH Corporation, is a company based in Providence, Rhode Island, United States. GTECH is an International Game Technology, delivers best-in-class products and services too legal, regulated public and commercial gaming operators across 100 countries on six continents. IGT has brought together a SAP team of proven leaders to create a powerful lottery and gaming enterprise, providing expertise and value to all of our customers around the globe.
Responsibilities
Handled Security designing roles for all modules of ECC 6.0 such as FI/CO, MM, HCM, SF-EC, BI, SD and PP.
Worked on Role Maintenance, Transaction codes, Profiles, Authorization objects, Authorization groups, Single Roles, Composite Roles, Derived Roles and User Maintenance.
Created and generated roles, profiles, authorization objects, object classes and assigned to user master record.
Working SAP and Success Factors teams on access approval, changes and future system development.
Configuration development as per the client requirements in Various Modules of SAP HCM.
Manage the Success Factors system administration for the company s Employee Central modules which include recruiting, onboarding, performance, succession, and goals management.
Maintain all system data elements including enterprise-wide and divisional administrative security roles and supporting content e.g., profiles, forms, onboarding portals, assessments.
Create RBPs roles and configuration of the Success Factors system to support business processes in partnership with HR business contacts and other system administrators.
Experience in HR security in providing authorizations in PA, ESS, MSS and payroll.
Worked on giving custom BI authorizations S_RFC, S_RS_AUTH, S_RS_COMP, S_RS_COMP1.
Created BW analysis authorization and maintained roles based on created analysis authorization.
Performing BO (Business Objects) security at users and groups level, Universe level, Folder access
Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
Configured Profile Generator and performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.
Providing Temporary Access to all the Users with proper approval from the respective Business Process Owners in all Productions and Non-Productions Environments.
Worked with process experts for SOD conflicts and assigned appropriate roles to the users. Also, supported audit team for generating audit reports.
Configured all the four components ARA, ARM, BRM and EAM during GRC implementation.
Configured MSMP workflows in Access Control Suite and activating the delivered business configuration (BC) set for Access Control Multi-Stage Multi-Path (MSMP) workflow configuration.
Involved in post installation and Configuration of GRC activities.
Performed Risk analysis for role level and user level.
Created modified, locked users through ARM component and performed risk analysis.
Telephone and Data Systems Inc., Madison, WI Aug 2013 to OCT 2015
Sr. Sap Security and GRC Consultant
Environment: SAP R/3, ECC 6.0, HCM, GRC 10.0, BI 7.3
TDS provides wireless products and services; cable and wire line broadband, TV and voice services; hosted and managed services to approximately 6 million customers nationwide. At TDS, I am part of maintain provisional settings and end user personalization settings for access requests, Implemented MSMP Workflows and BRF+ rules. Configured workflows for GRC related ARM, ARA, BRM and EAM components.
Responsibilities
Experience in implementation and configuration of GRC Access Control 10.0 Access Risk Management (ARM) and Remediation, Access Request Management (ARA), Emergency Access Management (EAM), Business Role Management (BRM) and User Access Review (UAR).
Involved in Blueprint and Redesign existing security roles to maintain SOX Compliance.
Worked with business to redesign the roles without any SOD risks in roles and defined roles based on different business functions in compliance with SOX.
Implementation experience and good understanding of MSMP Workflows and BRF+ rules.
Created FF-IDs for functional people and regularly monitored FF log reports.
Worked on ARA and BRM to do the role analysis to find out the conflicts in the roles.
Redesign GRC Rule-set, identified new risks, functions and removed false positives in GRC rule set.
HR triggering for employee on-boarding, role provisioning, termination, transfer processes in LDAP, SAP ABAP and portal systems customized rule sets, Business role management and building interfaces to 3rd party tools.
Worked with business to build custom GRC rule sets for SAP Insurance Landscape (not provided by SAP standard rule sets).
Based on the company's SOD Risk Matrix, all the roles have been done SOD checks at both role level and user level using GRC ARA and also implemented mitigation controls.
Designed, documented and implemented the GRC Stay Clean procedures such as Rule set change, User and Role Creation and Change process and other SAP Security Processes.
Schedule background jobs in GRC for regular data synchronizations, Rule generations.
Worked on mass change of mitigation assignments.
Worked on workflow of User Access Review and SOD Access review reporting used Compliance Calibrator (Risk Analysis and Remediation) to automate all SOD related activities like defining, monitoring and remediation of SOD conflicts and mitigating controls.
Created Mitigation Controls and assigned it to users according to the company procedures.
Worked on risk analysis for the transaction codes in GRC 10.x using ARA and looking for any SOD conflicts.
Updated the rules by creating new risk id for conflicting functions and transported through the landscape of GRC Access Risk Management (ARM).
Worked on Emergency Access Management (EAM) for Technical, Functional, and Audit team and implemented fire fighter to capture every action of users.
Involved in Implementing Structural Authorization and Extensively usage of OOPS - Turn on PD PA Switch OOAC - Turn on Structural Authorizations Main Switches, PPOM_OLD - Creating Organizational Plan, PA40 - Creating Personnel Master Record OOSP - Creating structural authorization profiles.
Experienced in SPRO General Settings, Reporting Settings, Organizational hierarchy creation & maintenance Process, sub-process and control hierarchy creation, Creation of risk analysis & assessment techniques Workflow creation/ troubleshooting for risk proposal, activity validation, control design assessment, self-assessment, control test effectiveness, sign off etc.
Commercial Metals Company (CMC), Irving, TX May 2011 to June2013
Sr. Sap Security and GRC Consultant
Environment: SAP R/3, ECC 6.0, HCM, GRC 10.0, BI 7.0
Commercial Metals Company is a global, low-cost metals recycling, manufacturing, fabricating and trading enterprise. With corporate headquarters in Irving, Texas, CMC operates more than 200 local recycling centers. At CMC I was responsible for onshore SAP Security and GRC Team for the SAP Implementation project. An end to end project implementation started with initial blueprinting and design phase. The scope includes Designing and implementing SAP Security for the entire project landscape
Responsibilities:
Fully configured SAP s Access Control 10 Access Risk Analysis (ARA), Access Request Management (ARM), Emergency Access Management (EAM) and Business Role Management (BRM) modules
GRC implementation and automation experience with GRC ARA, ARM, EAM, BRM and SAP CUA (Central User Administration) integration with SAP GRC.
Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues.
Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations.
Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles.
Performed remediation and mitigation against various risks associated with roles and users.
Experience in creating and assigning FF ID s and extracting Fire Fighter logs.
Configured distribution list in ARM, by creating an LDAP connector, created distribution group and add DL group to DL Approvers.
Created distribution list users in LDAP and UME, assigned distribution list to Roles.
Created SAP HR Connector, HR Triggers, Field Mapping.
Build and Customize rule sets to match the business needs and processes
Configured Workflow, actions and rules.
Configured HR trigger provisioning and scheduled background jobs.
Configured User Data source and defined authentication system for requestors using ARM.
Strong capability in using ARM to use the work flow functionality to ensure a comprehensive and compliant change management process for risk control and maintenance.
Experience in using ARM to configure workflow for User Access Review and User SoD Review.
Created Single, Derived and Composite Roles in R/3.
Tracing the functionality after development phase and then designing the Roles/Composites, following SOD analysis and approval process to meet the timely deadlines.
Performed user maintenance tasks, User creation, deletion, lock down, activation, password management tasks and ran various user administration reports.
Troubleshoot security/authorization related problems using SU53, ST01 and SUIM.
Department of Human services, DHS July2009 to March 2011
SAP Security and GRC Administrator
Environment: SAP R/3, ECC 6.0, CRM, PSCD, FICO, HR, GRC 10.0, BI 7.0, SRM, SCM
Responsibilities:
Producing SoD Analytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profiles using RAR.
Mitigation and remediation of users and roles for SOX using User/Role Analysis in RAR.
Good working knowledge of AGR* tables
Determining and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID.
Worked with AGR_1251, AGR_1252, AGR_AGRS, AGR_USERS tables.
User administration involving creation/deletion/locking/modifying users.
Configuration of System parameters.
Assigning missing authorizations as per the user s requirement.
Worked with User Information System, creating and changing users and assigning users to roles.
Generated and maintained authorizations and authorization profiles based on existing roles.
Installed and deployed Central User Administration (CUA)
Used CUA to maintain users (Creation, deletion, locking etc.)
Managing user login parameters and password parameters.
Linfox Logistics Ltd., July 2007 to June 2009
SAP Security consultant
Environment: SAP R/3, ECC 6.0, CRM, FICO, HR, GRC 10.0, BI 7.0
Responsibilities:
Creating Users based on request.
Assigning additional roles to the existing users.
Resetting Passwords for users and intimating password policy.
Created Base Roles and Company Specific Roles based upon request
Created Composite roles based upon request.
Addition, Removal of Transaction Codes, authorisations, authorisation objects by modifying existing roles based upon change request.
Performed User comparison in PFCG,
Optimising the authorization checks by utilising the SU53 and system traces (ST01)
Locking and changing the validity date for the expired users.
Working with tables like AGR*, USH*, USR*.
Participated in Internal and External security audits.
Woolworths the Fresh food people April 2004 to June 2007
SAP Security Administrator
Environment: SAP R/3, ECC 6.0, CRM, FICO, HR, GRC 10.0, BI 7.0
Responsibilities:
Technical analyst for SAP security in production & non-production environments.
Segregation of Duties and Audit Compliance Standards
Critical authorization objects such as S_TABU_DIS, S_PROGRAM, and S_DEVELOP Worked with security related tables such as GR_TCODES, AGR_USER, AGR_DEFINE
Experienced with implementing CUA functionality within customer landscapes
Authorizations insights implementation and SOD analysis.
Day to day technical support and resolution of Security issues.
Working with system profiles and various parameters to ensure the servers are up and running.
Configured Profile Generator and transported settings to all clients, setup security for the developers.
Role transport to multiple landscapes, TR release through SE09/SE10/SE01.
Report generation using SUIM and also to analyze the missing authorization based issue.
Working with tables like AGR* for data collection and verification
SAP Certification Trainings:
SAP Certification Training from SAP for the Courses mentioned below:
a) GRC300 (SAP Business Objects Access Control)
b) GRC100 (GRC Principles and harmonization)
c) ADM900 (SAP System Security - The Fundamentals)
d) ADM 940(ABAP AS Authorization Concept)
RELOCATION:
Willing to relocate and start immediately anywhere in USA
REFERENCES:
Available upon request
|
