Raj Gopal Verma

  • Lead SAP GRC Consultant
  • San Francisco, CA
  • Member Since May 07, 2023

Candidates About

 

Raj Gopal Verma

SAP Security GRC Consultant

·         Senior SAP Security and GRC consultant with 10 years of SAP Security and 6 Years of GRC experience.

·         SAP security practices and SAP GRC 10.X Access Control Suite (AC), Process control (PC), Risk Management (RM).

·         Experienced in all phases of full life cycle implementation including analysis, design development, blue print phase, configuration, Cut-over phase, Testing, Training, GO-Live and Post implementation support.

·         Experience in GRC Implementation, Automation, upgrades experience with GRC SAP Central User Administration (CUA) integration with SAP ECC 6.0.

·         Post implementation of SAP Security domain and 4 GRC AC implementations and upgrades.

·         Experience in design, testing, auditing, security roles and profiles, user account management, troubleshooting SAP security solutions in all SAP systems R/3, ECC, HR, FI/CO, SD, BI/BW 7.4/7.3, BOBJ CRM and SAP Portals.

·         Performed and monitored transaction codes SU01, SU10, SU24, SU21, PFUD, SUIM, SU53, SU56, ST01, SE54, STMS, SCC1, SE09/SE10, RZ10, SM18, SM19, SM20, SE16 and SM30 in SAP Security. Used CATT Scripts for creating mass users.

·         Knowledge of Design & development of security solutions in SAP ECC & SAP HANA

·         Experience in running eCATT scripts and LSMW for mass changes in security

·         Implemented SAP Security related task such as Security Audits, SOX (Sarbanes Oxley) Compliance, User maintenance, Activity group/Role maintenance using profile generator (PFCG), Upgrade from various versions, Production support.

·         Great knowledge in analyzing and processing SOD issues using the GRC 5.3/ 10.0/ 10.1 Access Control, Process Control tools such as RAR/ARA (Access Risk Analysis), SPM/EAM (Emergency Access Management), CUP/ARM (Access Request Management), ERM/BRM (Business Role Management) components with an excellent understanding of Sarbanes- Oxley Act.

·         Experience in Configure and Maintain CUA (Central User Administration) landscape.

·         Good knowledge of Enterprise Portal Security and implementing Single Sign on (SSO)

·         Designed, Developed, tested and implemented of Enterprise Portal User IDs, Roles, iViews

·         Expert in documenting all implementation activities like Configuration, Training and any other project related tasks were properly done at various phases of the implementation.

·         Knowledge in integrating work across relevant areas, develop the business and services to enhance customer satisfaction and productivity, manage risks appropriately, manage information, and provide exceptional service to internal and external customers.

·         Knowledge to interface effectively and collaborate with clients, management, and other work units.

·         Experienced with configuring MSMP workflows and creation of rules using BRF+ framework.

·         Setting up of Role based security through (Profile Generator (PFCG)) for R/3 ECC 6.0/7.x, on various modules.

·         Expertise on HPALM/HPQC for test plan/test labs.

·         Experience on Greenlight RCM(Regulatory compliance Management) and Greenlight RESQ

 

 

 

 

 

 

 

 

 

·         CISA Certification

·         GRC 10.0 Certification

 

 

 

 

Skills                                                       :  SAP Security, SAP GRC, GRC 4.0 to 10, SAP GRC Access    Control (AC), Process Control (PC), Risk Management (RM), IDM- GRC Integration

SAP Functional                                    :  SAP GRC Access Control 5.3/10.0/10.1, GRC Process      control     10.0/10.1,   Risk Management 10.0/10.1,SAP Security, Role Design, SOX

SAP                                                       : User Exits, Badi, Data dictionary, Lock objects,         Modularization, ABAP WebDynpro, Debugging Job scheduling,  BAPI , RFC, ABAP SAP Technical Skills, SAP WebDynpro ABAP

Database                                               :  Oracle 12c/11g/10g, MS SQL Server 2012/2008/2005

Operating System                                 : UNIX (Solaris, AIX, HP-UX), Linux (Red hat) and Windows 2003/2008

 

 

 

Client                          : Pacific Gas & Electric       

Duration                     : Jan 2015 – till now

Environment               : SAP GRC Process control/Access control/Risk Management 10.1

Role                             : Lead SAP GRC Consultant

 

Responsibilities:

·         Master data configurations like Organization/Process/Sub process/control/Regulation/Roles etc.

·         Implementing SOX/NERC-CIP control and automated control using SAP Query and BEX query

·         SCE Security admin activity like role design, implementing roles and authorization for on boarding and off boarding process, user/role provisioning, security issue troubleshooting

·         Designing of Business rules, Data source to Design and configure Automated rules(Continuous control monitoring) for e.g. NERC-CIP Revocation using BEX query, Criminal report(Same user should not do park and post for the same document type) using ABAP query, Configuration.

·         Automated rule designing through BRF+ and through custom program development.

·         Configuring/maintain master data like Organization/Process/sub-process and its entity role assignment, Assessments(Test control effectiveness, Sign-off), Multiple regulatory compliance

·          

 

·         Integration of Process control with eDMRM, Greenlight RCM(Regulatory compliance management system)

·         Requirement Gathering, Blue print document preparation

·         Create and maintain test cases/test labs in HPQC

·         Working on Greenlight RESQ and Greenlight RCM

·         Interaction with various SCE SOX business team and NERC-CIP regulation

·         Process control Security design, Workflow configuration (Reminders and escalation)

·         Performed post installation activities

·         Maintain SCE ECMS tool for compliance and integrating it with GRC Process controls

·         Implementing position based request through SAP GRC, HR trigger, Qualification checks

·         ARQ implementation for SAP as well as non-SAP system using Greenlight RTDS.

·         Custom rule book design, BRF+ Configuration.

·         Supporting ECC security, CRM security, BI security roles and maintain them based on position.

 

 

Client                          : Verizon          

Duration                     : Oct 2013 – Nov 2014

Environment              : SAP GRC Process control/Access control/Risk Management 10.1

Role                            : Lead SAP Security GRC Consultant

 

Responsibilities:

·         Implemented SAP Security with Role Design, Build and Maintenance

·         Worked on the functional consultants to facilitate testing of the developed roles as part of the Integration Testing Cycle

·         Worked on the CA IdM team to providing inputs on the integration required for Automatic user provisioning

·         Utilized Profile Generator to create, modify and customize User Authorizations, and Authorization Profiles in ECC

·         Worked extensively on restriction of Tables and Programs, grouping them into Auth groups and custom Transaction codes

·         Generated reports using SUIM and security tables

·         Creating, changing, locking/unlocking and password resetting of users and created User Groups for easy administration and groups

·         Effectively analysed systems trace (ST01) and User Information System (SU53) and tracked missing authorizations for user access problems and inserted missing authorizations

·         Specified the Auth Objects that are to be Maintained and modified for Various Custom Transactions using SU24

·         Distribute and managed user administration using SAP CUA

·         Built new Roles using customized CATT scripts for its various versions of Roles/Jobs in SAP R/3, SAP BW

·         End to end Implementation & Performance Optimization of SAP GRC 10.1 for Access Control, Process Control & Risk Management systems in client Landscape across the globe

 

·         Perform post installation activities for Access Risk Analysis (ARA), Access Request (ARQ), Business Role Management (BRM) & Emergency Access Management (EAM)

·         SPRO General Setting & Reporting Settings

·         Automat Business rules development

·         Implementing SOX control and automated control using SAP Query and BEX query

·         Designed Role Based Access Control for users on SAP

·         Integration of SAP GRC AC 10.0 & SAP IDM 7.2

·         Stakeholder Management, Vendor Management, FF Owner – SOX Compliance through SAP GRC 10.1

·         Contributed to process improvements for PI interface maintenance and Production support

·         Creation & implementation of SOD Matrix, SOX & Change Management Auditing

·         BAU Support for Interfaces of P2P, HR and Finance Processes across the Client landscape – RCA of Incidents and Resolution.

 

Client                          : General Electric     

Duration                     : June 2011 – Sep 2014

Environment              : ECC 6.0, GRC 10.1, BI, FI, MM, SD

Role                            : Sr. SAP Security GRC Consultant

 

Responsibilities:

·         Performed Security designing roles for all modules of ECC 6.0 such as FI, CO, MM, and SD.

·         Performed Role Maintenance, Transaction codes, Profiles, Authorization objects, Authorization groups, Single Roles, Composite Roles, User Maintenance and Derived Roles

·         Analyzed each role and mapped them to transaction codes according to business process.

·         Created and generated roles, profiles, authorization objects, object classes and assigned to user master record.

·         Worked on giving custom BI authorizations S_RFC, S_RS_AUTH, S_RS_COMP, S_RS_COMP1.

·         Used Transport Management System (STMS) for Transporting the generated roles and profiles.

·         Experience in BW and BI Analysis Authorization (RSSM/ RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems using RSECPROT.

·         Created BW analysis authorization and maintained roles based on created analysis authorization.

·         Extensively used the following transactions on daily basis – SU01, PFCG, SU53, SU56, SU24, SUIM, SUGR, SE16 and ST01 for providing technical support to users.

·         Performing BO (Business Objects) security at users and groups level, Universe level, Folder access level in Central Management Console (CMC).

·         Also performing security at Environment level between browser to web server and web server to BOE .

·         Experience in HR security in providing authorizations in PA, ESS, MSS and payroll.

·         Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

·         Configured Profile Generator and performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.

·         Performed reconciliation of User Master record & roles using PFUD and SUPC.

·         Providing Temporary Access to all the Users with proper approval from the respective Business Process Owners in all Productions and Non-Productions Environments.

·         Worked with process experts for SOD conflicts and assigned appropriate roles to the users. Also, supported audit team for generating audit reports.

·         Meeting the Key Stake holders and Business team for ongoing SAP Role based provisioning and also for requirement gathering, analysis, designing Functional and Technical Documents workflow requirements, approval requirements and flow of request and data across multiple systems, serving as an Subject Matter Expert for SAP security.

·         Configured MSMP workflows in Access Control Suite and activating the delivered business configuration (BC) set for Access Control Multi-Stage Multi-Path (MSMP) workflow configuration.

·         Involved in post installation and Configuration of GRC activities.

·         Configured all the four components ARA, ARM, BRM and EAM during GRC implementation.

·         Performed Risk analysis for role level and user level.

·         Created modified, locked users through ARM component and performed risk analysis.

·         Created RFC connection between GRC and Backend systems.

 

Client                          :  Mckesson Corporation

Duration                     :  Feb 2010 – May 2014

Environment              : SAP GRC AC 10.0 (ARA, ARM, EAM), SAP NetWeaver 2004s, SAP    ECC 6.0, Profile Generator (PFCG)

Role                            : Sr. SAP GRC Consultant

 

Responsibilities:

·         Configure and Implement GRC Access Control Suite 10.0

·         Perform post installation tasks such as Client copy validation, Activated the GRC AC applications in clients, Checked and activated ICF services, activated BC sets and generated standard SAP profiles

·         Creat system connectors for SAP and Non-SAP systems based on requirements and added the connectors to various integration scenarios

·         Worked for GRC Access Controls 10.0 configuration in SPRO and DEMO for BPOs, Key Stakeholders, super users etc.

·         configuration, Design and implementation of Risk Analysis (ARA), User Provisioning (ARM) and FireFighter (EAM).

·         Create of Mitigating Controls as per the business requirements

·         Configure MSMP workflows and creation of rules using BRF+ framework

·         Analyses and configured GRC 10 (AC) Global Rule Set per clients' processes/standards

·         Experience in creating and assigning Fire Fighter IDs and extracting Fire Fighter logs

·         Create business partners in CRM and assigned them to the relevant positions in the organizations

·         Created PFCG roles for the business roles in CRM and mapped them to the position

·         Configure MSMP workflows and created rules using BRF+ framework

·         Configured User Data source and defined authentication system for requestors using ARM

·         Extensive interaction with Business Organization Managers to understand User and Role Mitigations and Critical Transactions

·         Involve in Monthly User Access Review activity with the internal auditors

·         Involve in SOX testing and Audit with the compliance team and provided the required reports from SAP. Also provided the evidence for the requested changes

·         Lead the Role Redesign project on ECC to address large number of SoDs conflict within SAP security roles, as identified due to the GRC 10 implementation

·         Define and documented SOP's for Security and GRC for day to day operations

·         Review, validate, test and transported the generated rule set to QA and PRD

 

Client                          : Shire Pharmaceuticals

Duration                     : Feb 2008 – Jan 2010

Environment              : ECC 5.0, BI 7.0, GRC 5.3

Role                            : Sr. SAP Security and GRC Consultant.

 

Responsibilities:

·         Experienced in planning, designing, documenting and implementing security related standard procedures for the user administration, roles and profile generation. Created single roles composite roles and derived roles as per organizational structure in R/3systems using PFCG.

·         Provide detail reporting on Segregation of Duties (SoD) and critical access violations at both user level and role level

·         Conducted Role and User Analysis, Risk Analysis and Mitigating risks and roles as required.

·         Monitor User maintenance on day-to-day basis and role maintenance on requirement basis.

·         Set up security roles and user accounts for over 800 End Users for primary Go Live.

·         Monitored User maintenance on day-to-day basis and role maintenance on requirement basis.

·         Identify the missing authorizations using SU53/ST01 trace and maintaining them in suitable role and SU56 in order to find security problem.

·         Successful in transported the generated roles and profiles using SAP transport management system (STMS) and handled single& mass generation of roles and transport of roles

·         Work with the Business Process Owners to restrict sensitive transactions and security authorizations, and ensured segregation of duties (SOD) over all fields of business areas.

·         Troubleshoot performance issues & adjustment of SAP profiles.

·         Lock critical transactions using SM01.

 

Client                          : Linfox Logistics Ltd

Duration                     : Jan 2006 – Dec 2007

Environment              : SAP R/3, ECC 6.0, CRM, FICO, HR, GRC 10.0, BI 7.0

Role                            : SAP Security consultant

 

Responsibilities:

·         Create Users based on request.

·         Assign additional roles to the existing users.

·         Reset Passwords for users and intimating password policy.

·         Created Base Roles and Company Specific Roles based upon request

·         Created Composite roles based upon request.

·         Addition, Removal of Transaction Codes, authorisations, authorisation objects by modifying existing roles based upon change request.

·         Performed Transportation of newly created roles/ modified roles.

·         Performed User comparison in PFCG,

·         Optimizing the authorization checks by utilizing the SU53 and system traces (ST01)

·         Lock and change the validity date for the expired users.

·         Working with tables like AGR*, USH*, USR*.

·         Building the Roles using the transaction codes and implementing these Roles for the client organizational levels creating derived Roles and authorization profiles for the various plants located at different geographical locations.

·         Successful transported the generated roles and profiles using SAP transport management system (STMS) and handled normal & mass generation of roles and transport of roles.

·         Participated in Internal and External security audits.

·         Worked with business, functional leads and Basis to identify critical & immediate roles.

·         Troubleshoot user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug/troubleshoot an authorization error.

·         Troubleshoot missing authorization using SU53 and run trace ST01.

·         Monitor and handle Background Jobs like PFUD for updating User Master Records in all Production and Non Production environment on daily basis in all systems.

 

Client                          : DHL

Duration                     : Feb 2006 –Nov 2006

Environment              : SAP ECC 5.0, SAP R/3 4.6/4.7, CLARITY, Profile Generator, EARS Remedy Tool, Cisco VPN Client, Windows XP/2000

Role                            : SAP Security consultant

 

Responsibilities:

·         Developed Analysis Authorizations using RSECADMIN and added them in the PFCG roles.

·         Involved in Role building, Unit, Integration & User Acceptance testing, Production Support and developed, resolving the defects

·         Extensive knowledge in creating, maintaining roles, transporting roles, security upgrades (SU25), Authorization Objects and Authorization Groups

·         Implemented and worked with Central User Administration (CUA) for single point of control to user and profiles

·         Worked closely with Audit team for SAP Security Audit and generated Audit Information System logs.

·         Installation of the. ECC 6.0, R3 4.6 and 4.7.

·         Apply patches using SPAM for BASIS, ABAP, and HR modules

·         Configured Transport Management System for ECC landscape (DEV, QAS and PRD)using STMS

·         Client Administration including client create / copy / export / import / delete

·         Background Job administration- Creation, modification, deletion, monitoring and trouble shooting.

·         Configuration of R/3 for remote connection with SAP

·         Browsing Service Market Place for latest Updates in SAP and applying latest Support Pack’s & OSS Notes as per the requirement

·         Implemented and used extensively SAP Note Assistant SNOTE

·         Created system messages when planned downtime is scheduled

·         Database and Server monitoring, system back up scheduling through Monitoring Transactions such as SM50, SM51, DB12, DB13 etc.