
Mohammed M. Moinuddin
- IT Audit/Risk and Compliance Project Manager
- Chicago, IL
- Member Since Mar 11, 2023

Mohammed M. Moinuddin
SUMMARY
Mohammed Moinuddin is a certified SAP and Information System Auditor with experience in the IT industry which includes SAP & Non SAP Security, GRC, Compliance, SAP HR, SAP Basis, ABAP/4 and IT Internal Audit. Performed Employee Retirement Income Security, ITGC, SOC1, SOC2, SOC3, Trade, Payroll, Financial and HIPPA Audit working along with HR and External Auditors. He has managed various projects and has consistently demonstrated strong skills in planning, coordinating, problem solving, monthly reporting, project performance metrics, analytical capabilities and leading teams.
Mohammed has successfully trained and managed staffs/consultants by assigning and reviewing work to support project requirements, as well as making recommendations with regards to department wide internal strategies and policy formulation
PROFESSIONAL EXPERIENCE
Mondelez International May, 2015 to Present
Global Solution Owner Senior Manager for, Compliance, Audit. And Tax
Responsibilities:
Engage and influence Audit, Compliance and Tax Stakeholders on process and technology decisions aligned to global strategies, processes and solutions. Responsible for the complete lifecycle of security, Compliance and Audit technology. Combines up-to-date knowledge of commercially-available and open source information security tools, solutions and services with firsthand knowledge of company’s information security risks to play a leading role in recommending and assessing new security services. Manages the program of assessing information security, comliancefter risks related to vendor-supplied services
Responsible for coordinating and the implementation of SAP GRC 10.1 phase 1 & 2. Implemented SAP GRC (Access Control), (PC Process Control) and CCM as a strategic replacement for SOX compliance repository (Open pages FCM).
This phase 1 and 2 request for $1.5M of capital and $495K of expense funding is to cover costs needed to deliver the following. Also responsible for creating business case and requesting pre-alignment and approval from the stake holders for budget and SOW approvals, in addition work with procurement for creating RFP’s for vendor selection/interviews.
Implementation of 174 Continuous Controls Monitoring (CCM) business rules across all 3 SAP instances (Americas, EEMEA/MEU, Asia-Pacific) within the SAP GRC Process Controls (PC) solution, in support of the IC COE transformation. SAP GRC allows centralized and consistent monitoring across key business risks and controls and is an integral technical enhancement, required as part of the IC COE transformation program. Enhancement of SOX reporting through implementation of a consolidated report on SOX deficiencies.
Also implemented a new tool to support the Controls Self-Assessment (CSA) program, as part of the IC COE transformation, to drive efficiencies in the facilitation, reporting of CSA results and effective follow-up of Management Action Plans
Work collaboratively with peers within the Global Finance CoE and the broader IS Organization, together with the functional stakeholders and the BPE organization to develop multi-year business process & technology roadmaps along with corresponding investment portfolios
Understand deeply the capabilities of the Tax, Audit and Compliance solutions, data within these solutions and the product roadmaps understand the business strategies for Tax, Audit and Compliance and translate them into business capabilities and functional requirements. Participate in the planning and execution of IS projects aligned with Global IS and Global Tax, Audit and Compliance strategies in support of the business requirements
Plan and coordinate cutover activities of Tax, Audit and Compliance systems and major cross-functional implementations impacting. Identify process/technology improvements leading to Tax, Audit and Compliance and overall MDLZ cost reductions and service quality improvements. Plan and coordinate software upgrades/maintenance as required and communicate planned system outages to all key Tax, Audit and Compliance stakeholders
Identify root cause of issues/disruptions to daily operations of Tax, Audit and Compliance business systems
Provides support for all phases of the SAP Solution Manager Application Lifecycle Management, Implementation of SAP Solutions, Solution Monitoring, Upgrade of SAP Solutions and Change Request Management.
Internal and External Contacts:
Critical relationships with the following internal & external individuals/organizations:
• Internal
o Peers within the Global IS Finance CoE and other team members within the broader IS organization
o Tax, Audit and Compliance functional teams
• External
o External providers of applications used by the Tax, Audit and Compliance teams
o MDLZ Help Desk
Accenture Consulting (Chicago, IL) August, 2011 to May, 2015
IT Audit/Risk and Compliance Project Manager. | PFCG (Richmond, VA)
Plans the scope of assigned audits and the audit procedures to be used; prepares the audit planning memo and program. Supervises 2-3 consultants and/or guess auditors during the audit engagement. Performs the preliminary survey of operations, functions or activities and gathers information on. Business risks; evaluates the adequacy of the controls designed to manage those risks; discusses strengths and opportunities for improvement with management and develops recommendations for improvement. Informs Director of audit progress; manages the audit so that time is efficiently used, deadlines and budgets are met, and departmental quality assurance standards are maintained. Uses standard audit techniques to obtain, analyze and appraise data, transactions and records as a basis for providing an objective opinion on the performance of the business activity and the effectiveness of key risk management activities.
SAP Security Manager | Client DOW SADARA (Houston, TX)
Perform, supervise, and lead the activities related to the Company’s efforts to maintain compliance with the Sarbanes-Oxley Act, review of testing, and documentation and communication of results to company management & External auditors.
Supporting client in multiple industries and leading several projects – from Business Process Analysis and Implementation of Business and IT Controls to the delivery of complex Compliance Solutions for worldwide SAP roll-outs and Application and Business Process Outsourcing.
Lead. SAP Security Consultant | Client ConocoPhillips (Bartlesville, Oklahoma)
Large scale testing and program management work to assist Conoco Philips to split into two companies (upstream/downstream). This role will include:
· Coordinated and Created the test plans and test scripts for various SAP Security interfaces SAP PI,informatica , HR, Gentran ,EDI
· Worked on EAI downstream for Freight, Truck and Rail projects as test Coordinator and Quality Control Coordinator for various projects
· Set up the test environment in quality center for testing security scripts project
· Created the Security test scripts and uploaded to Quality Center
· Created users for each test case and assigned the access for each user to perform testing
Lead. SAP Security Consultant | Client Unilever (Newark, NJ)
· Monitor Remedy on daily basis, create security request, assign task
· Daily reporting of issue tracker status
· Review and update of SOPs and Work Instructions
· Create/maintain users groups across the landscape
· Support technical team by creating users and assign Security Roles as required
· Work on setting up of internal controls following Segregation of Duties and critical access
· Ensure Segregation of Duties compliance in all security profiles using a Custom program
Sita Consulting (Somerset, NJ) Mar 2011 to July, 2011
Lead. SAP Security Architecture | Kiewit (Omaha, Nebraska)
· SSO (single sign-on) of SAP System
· SSO Integrated with Microsoft Active Directory using Kerbos and SPNego, designed SSO Architecture
· Defined User Provisioning using NetWeaver
· Integrated SAML with SAP System
· Integration of NetWeaver Identity Manager into the Hire to Retire and with Business Objects Access Control
· SAP Security Integration with Duet Enterprise
ITBS Integrated Technologies & Business Services (Bolingbrook IL) July 2010 to Dec 2010
Senior SAP Security Consultant | SAP R3 v4.7, ECC 6.0, BI 7.0, EP 7.0, and GRC 5.2
· Senior Security Consultant helping build competency and fulfill customer demand in SAP Security & GRC
· Create customer pull—by building GRC reference architecture, mapping customer needs, and enabling customers
· Hands-on consulting to customer GRC architectural & process requirements
· Created a new step by step procedure to upgrade security from BW 3.5 to BI 7.0.
· Worked with BI functional team and developed the BI analysis authorizations
· Performed extensive SAP BW and BI Analysis
· SAP GRC Integration, rule design, configuration testing, user provisioning workflow design and configuration and SAP general computing control configuration
· Troubleshoot and resolve security issues
American Pharmaceutical Partners (Schaumburg, IL ) July 2006 to June 2010
IT Internal Audit Project Manager | SAP R3 v4.6, ECC 6.0, and GRC 5.2.
· Plan assigned audits, including proposing audit objectives, scope, specific risk assessment, and detailed audit work plan(s) to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.
· Coordinate the timing and logistics of assigned audits between company management and the audit team.
· Maintain awareness of current issues and significant changes within the IT and business environments, and related processes.
· Demonstrate effective interaction with all levels of management and external professionals.
· Perform, supervise, and lead the activities related to the Company’s efforts to maintain compliance with the Sarbanes-Oxley Act, specifically through the performance of risk assessments, revisions of documentation, performance and review of testing, and documentation and communication of results to company management. Assigned areas would include, but not be limited to IT general and application controls, and business application controls.
· Review specific audit risk assessments and detailed audit work plans to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.
· Develop and regularly update the scheduling for all audits in the audit plan. Monitor the progress of audits open, started and completed to ensure that any issues regarding the completion of the audit plan are identified and addressed on a proactive basis...
· Anticipate problems and obstacles to the timely and efficient completion of audits, and keep the Sr. Director of Internal Audit generally informed of their status. Recommend solutions to anticipated and incurred problems and obstacles impeding the timely completion of audit work.
· Through an in-depth understanding of applicable policies, procedures, systems, and state and federal regulations, perform and review audit work to ensure the assessment of the effectiveness and efficiency of internal controls is adequate and, along with conclusions, is sufficiently supported and documented, and the departmental and professional standards, including but not limited to IIA and CobiT Standards as well as the COSO Internal Control – Integrated Framework, are adequately upheld.
· Perform and review audit work to review, verify and evaluate the adequacy, effectiveness and efficiency of internal controls supporting operational, financial, and system processes, functions and procedures. Ensure proper utilization of appropriate records, files, manuals, data processing reports, interviews, and personal observations in the performance of such audit activities.
· Perform audit work as needed, particularly in highly complex areas and where department resources may otherwise be insufficient.
· Ensure issues and exceptions are fully identified and properly defined, and recommendations are adequately formulated to address the root cause of identified issues in a cost/beneficial manner.
· Ensure issues and recommendations are adequately and effectively communicated to management on a proactive basis during the course of each audit, particularly to verify the accuracy of findings and secure preliminary commitment to recommended actions.
· Lead or manage opening and closing meetings for assigned audits, and present IT topics and issues in meetings for all audits containing an IT scope.
· Draft clear and concise audit reports with proper utilization of the staff, including executive summaries, issues, and recommendations.
· Review audit reports, ensuring clarity, conciseness, and overall quality prior to Sr. Director review.
· In collaboration with the Sr. Director of Internal Audit, review final management responses for adequacy and completeness.
· Perform and delegate/supervise appropriate follow-up audit work to continuously and timely follow-up on audit issues and properly update the status of outstanding reported issues. Ensure that adequate communication is provided to management on a proactive basis regarding the status of issues and results of such follow-up work to both the Sr. Director of Internal Audit and company management, properly identifying and handling any concerns over company management’s attention to the issues. Monitor the progress of management’s activities to determine if issues receive proper attention, and communicate and elevate concerns.
· Perform and delegate/supervise audit procedures for assigned areas to assist external auditors with quarterly and year-end audit testing.
· Provide regular Access Management report and periodic communication to external auditors regarding summary of work performed and results of audits and projects.
American Pharmaceutical Partners (Schaumburg, IL) December 2002 to July 2006
Lead SAP Security/Basis Administrator | SAP R3 v4.6, ECC 6.0, and GRC 5.2.
· Lead security design and implementations for SAP R/3, BW and EP systems.
· Lead technical support for meeting security objectives, evaluate, design and implement resolutions to security.
· Lead Designing mechanisms and procedures for user administration.
· Implement CUA for R/3 and BW environments
· Develop project plans, manage and motivate team members, and provide periodic management status updates. Assist with developing project costs.
· Analyze business requirements and determine the appropriate SAP security solutions to meet the requirements
· Develop and configure SAP roles using the SAP Profile generator tool
· Develop BW Roles and work on Hierarchy authorizations
· Ensure that all SAP Security work is in Compliance with GEIS Security standards and policies
· Ensure Segregation of Duties compliance in all security profiles using a Custom program
· Senior Security Admin helping build competency and fulfill customer demand in SAP Security & GRC
· Hands-on support to customer GRC architectural & process requirements
· Coordinating and work on SAP Security implementation, upgrade proposals
· Provide day-to-day security support. Assign new user ids and administer security rights to approved system accesses. Perform security problem resolution.
· Assist with the development, maintenance and enforcement of security standards, procedures.
· Developed ABAP Tools for simplifying Security related activities
· Provided technical, operational, and security design controls and analysis to the SAP system for system access and user authorization security.
· Acted as a liaison between the SAP Process team, SAP Functional and IT technical teams.
· Trained the Production Support Team on Security procedures.
· Developed and maintained related information security policies, procedures
· Created positions and roles to secure the environment and enable end-users to perform their duties as defined by the process teams.
· Defined, documented and architect SAP Security Roles and Profiles.
· Involved in maintenance of SAP Roles and Profiles.
· Troubleshot and resolved security issues.
· Maintenance of Users and Authorizations, Locking and Unlocking Transactions.
· Locked system for changes.
· Installed SAP on Standby server
· Applied patches
· Configured Printer for printing of SAP Scripts and List printing
· Configure SAP Instance for communicating with exchange mail server
· Managed buffers and changing the Instance profile parameters as and when required
· Monitored the R/3 System
· Analyzed & deleted lock entries
· Managed the transport requests
· Set up Client Copies as required
Deloitte Consulting/ICS (Chicago, IL) Sep 1998 to Dec 2002
Senior SAP Security and Basis Consultant | SAP R3 v3.1H to v4.7.
As a security and basis consultant provide technical services for security and basis task in an ERP (SAP) environment. Provide 24X7 on call support as required. Managing and leading a team which includes developing team roles, responsibilities, and accountability. Consulting services provided to the following Clients:
· SC Johnson (Milwaukee) | SAP Security/Basis Administrator
· Bayer Pharmaceutical (Germany) | SAP Basis Administrator
· Clorox (Oakland, California) | SAP Security/Basis Administrator
· Whirlpool (Benton Harbor, Michigan) | SAP Security/Basis Administrator
· TRW (Indiana) | SAP ABAP Programmer
· Rockwell Collins (Iowa, Defense) | SAP ABAP Programmer
Motorola (Rolling Meadows, IL) April 1998 to Sep 1998
SAP Security/Basis Administrator
Responsible for implementing SAP for all the sales offices of the Company. This was a SD/FI/MM implementation using the ASAP methodology. The scope of the project was to convert from the legacy system to a SAP system incorporating the SD, FI & MM functionalities of the sales offices. As a security person designed and created profiles based on “Transaction vs. Roles” matrices; developed and tested authorizations using profile generator in the areas of FI, SD and MM. Administration activities such as initialization of CTS, user creation, spool configuration for local and remote printing, client maintenance (client copies / client exports-imports / client deletion). Profile configuration (Start / Default / Instance profile management). Utilized the SAPDBA tool to perform table space extensions, database re-organization, to backup the database using ‘brbackup’ and to archive redo logs using ‘brarchive’. Automated the off-line backup of database and NT backup of system using ‘AT’ command. Interacted closely with upper management to discuss project goals and strategies, resources, progress and deadlines.
Unocal 76 Marketing & Refining (Schaumburg, IL) June 1987 to Feb 1998
Programmer Analyst
Coordinated the implementation of new or revised mainframe computer applications between application development and data center services to ensure successful production processing. Directly responsible for the daily production job's processing in support of our objective to provide efficient and reliable services. Responsibilities included updating various production files to reflect the changes in production programs, procedure libraries and job dependencies. Maintained accurate records of daily activities of the scheduling control area. Monitored the processing of daily production jobs. Resolved and restarted abends in the appropriate steps which involved in-depth MVS/JCL knowledge.
EDUCATION
Bachelors in Computer Science and Business Management
TRAINING
ABAP/4 Certified from SAP America
ADM940 SAP Security Administration
ADM950 SAP Security Advance System Administration
SAP GRC300 –Risk Analysis and Remediation
SAP workload Analysis from SAP America
SAP Technical Administration in BW21C from SAP America
SAP-Live Cache Administration (BC555) from SAP America: Live Cache concepts, Architecture, Administration, Monitoring, Backup and Restore
SAP-APO 3.0 system Administration (BC355) from SAP America: Overview, Core Interface, CIF Monitoring, Optimizers, Authorizations, Disaster Recovery
Delta 46 Basis 3.x to 4.6 from SAP-America
ASAP methodology course
COBOL, DB/2, CICS, MVS
Oracle 7.3 and Developer 2000 covering Sql and Sql “Plus V 3.1”, “Pl/sql V 2.1, Oracle Reports V 2.5” from Concourse Limited, India