
SRIRAM NARAHARI
- LEAD SAP Security / SAP GRC CONSULTANT
- New York City, NY
- Member Since May 11, 2023
Sriram Narahari
(Lead SAP SECURITY, Certified SAP GRC Consultant & Independent auditor)
Around 10 years of experience in IT Security area and I have proven success in design, implementation and support of SAP Security & GRC process. I am working as GLOBAL Support lead & Internal auditor for SAP Security & Controls in Johnson & Johnson. My current role included’ s SAP Security production support for regions NA, LATAM, NRSR, ASPAC and managing team of 15 support resources located in USA, Canada, Brazil & India. I have good knowledge of SAP modules: - ECC, GRC, HANA, BI/BW, BOBJ, CRM, MDG, BODS, SRM, Fiori & APO. I have prominent level of experience in SAP GRC Access Control implementation I worked with up-market and mid-market companies and achieved a consistent track record of having exceeded client and senior management expectations during global software delivery, implementations, Support and Audit life cycles. I have experience in a wide range of domains like Health Care, Utilities, Manufacturing, Mining, Supply chain etc. and has been involved in projects worldwide (Australia, United Kingdom, India & USA). I also have experience to work with internal/external Audits, GxP Controls, FDA Standards, Sarbanes Oxley and SoD compliance requirements and has excellent knowledge transfer skills (documents, presentations, training).
Certifications:
à SAP Exam ID: C_GRCAC_10 – SAP Business objects Access Control 10.0 (Validation ID s0013125502)
(Certified by SAP UK & Ireland)
education
à Masters of Technology (MTech- Computer Science & Technology), Andhra University, INDIA
à Post Graduate Diploma in Management, GITAM University, INDIA
SYNOPSES
• Experience is Audit Remediation Projects which includes IT role, System & Communication User ID, Critical & SoD Review, SAP Standard ID’s, Rule set update/change, Security Configuration settings remediation’s
• SAP Certified GRC Access control 10.0/10.1 Consultant with 5 End to End implementation experience (module includes Access Risk Analysis, Access Request Management, Emergency Access Management, Business Role Management, User Access Review, Role certification etc.) – (Clients implemented Sap GRC solution – GE Lighting, Philips Healthcare, National Grid (UK), Wipro ESS, Okie Tedi Mining (OTML)),
• Experienced in Integration of SAP GRC with different SAP & Non-SAP systems which includes Active Directory, SAP IdM, Oracle IdM, Web UIR, Winshuttle, HANA, FIORI, S/4 HANA etc. – these modules automated for auto provisioning & risk assessment
• Experience in Role design and implementing security authorization standards based in the industry sector requirements
• Extensive and Hands on Experience in GRC, Automation, upgrade experience with GRC CUP, RAR, ERM, SPM, SAP CUA (Central User Administration) integration with SAP ECC 6.0. with an excellent understanding of Sarbanes-Oxley Act (Section 302 and Section 404).
• Lead and manage end to end project Implementations in the areas of SAP GRC, Security
• Experience in Monthly, Quarterly, Yearly (both internal & External) SAP Audit & Security compliance reviews
• Experience in working under Agile methodology (Scrum Agile framework)
Professional Experience
Johnson & Johnson (WIPRO LTD) USA February 2016 – Present
Role: GLOBAL Project Lead, SAP Security & Controls
Responsibilities:
SAP Security Support – SAP ECC, MDG, APO, CRM, NFE, XI, GTS, SLT, BW / BI, HANA, BOBJ, BODS & EP
à Communicates with the IT and business users globally to facilitate questions, resolve issues, and request feedback on access issues.
à Provide day to day security administration support including user admin changes, role modifications using the Profile Generator and troubleshooting authorization errors in ECC, MDG, APO, CRM, NFE, GTS, SLT, BW/BI, HANA, BOBJ, BODS & Portal
à Principal contact for SAP security internal and external SOX audits. Prepare responses and provide technical evidence to challenge audit findings.
à Review IT support access, identify and document additional controls around sensitive basis transactions in preparation for audit reviews.
à Lead functional security component in preparing for, executing and remediating audits
à Review, Sign off & design remediation strategy for security periodic review controls
à Front-line support for production end-user defect resolution and monitoring of SAP application access and security violations
à Lead Weekly, Monthly & Quarterly meetings with Customer & business power users to discuss support status
and challenges.
à Lead Daily “Huddle” call with resources across the GLOBE on Incident Management & change management status.
Automation – Apart from regular business / IT enhancements as Security support service provider lead, initiated automation activity and delivered solutions mentioned below
à Initiated Automation activity and delivered automation solutions for audit report extractions (multiple instances), User MRC/Department transfer custom program, Active Directory to SAP synchronization custom program, User Termination custom program, Artificial intelligence solutions for RF Gun password reset, ZSE16N group addition, BOBJ/BODS password reset
à Client Initiated automation’s - Provided Security design & RFC setup for tools like Live Compare, SNP, Libelle & Primary exporter
Agile Methodology – All Security support enhancements executed in Agile methodology – Scrum agile framework is used to execute the enhancements & JIRA Software is being used here.
Philips (WIPRO LTD) INDIA July 2015 – January 2016
Role: Lead SAP GRC Consultant
Responsibilities:
Project GEMINI: Under Project Gemini, Philips separated in 2015 into two lean and agile organizations - Lighting solutions & Health Tech - Royal Philips (former Philips Healthcare, Consumer Lifestyle and IG&S) & Philips Lighting (Former Philips Lighting sector, without Lumileds business (BEN).)
Involved in design of all waves transition process in SAP GRC Standpoint & On role design for new ORG introduce by GEMINI
Philips Lighting Solutions – (New System Implementation) SAP GRC – Access Control 10.1
à Configured BC Sets, Global Parameters, Created Connector and associated with Connector type,
à Migrated existing rule reset to “New Philips Lighting Solution” system from existing “Philips Lighting +Health tech System”
à Configured Mitigation Controls, Mitigation Monitors, sync the jobs related to Auth., users and profiles from Backend systems to GRC and Configured end to end Risk Analysis for Business users in ARA.
à Configured Emergency Access Management by working closely with Business users and Functional team. Created Fire Fighter user id’s after identifying Fire fighter owners and Fire Fighter Controllers
à Configured Access Request Management (ARM) based for automated user provisioning and Configured MSMP Workflows and BRF+.
à Designed Test Scrips for testing & Fixed all the issues detected during testing
à Updated the master data based on the existing system Lighting solutions data
TSLA (Technical Service Level Agreement) Phase
à Work with Business to ensure Role approvers for existing organizations (ORU’s) have been reviewed for any employee movements are reflected.
à Assign new role owners / approvers for existing ORU’s
à Fire Fighter approvers / controllers are updated during ICS EAM Governance Model verification
Philips Health Tech – (Deactivating Existing LS connectors) SAP GRC – Access Control 10.1
à Archived the audit log data – including Firefighter Log, Request status, User & Role provisioning data, Mitigation assignment
à Updated GRC Master data for Role, Role mapping, Role Owners, Mitigation control owners & controller, Firefighter owner & controller
à Deactivated Lighting solutions connector in BRF+ & MSMP
à Deactivated Lighting solutions connector in Rule set
à Deactivated Connector and connector groups
à Updated synchronization jobs as per the schedule defined.
Okie Tedi Mining(OTML) Australia JAN 2015 – July 2015
Role: Lead SAP Security/GRC Consultant
Ok Tedi Mining Limited (OTML) is a State-owned company that operates an open-pit copper, gold and silver mine located in the Star Mountains of Western Province, Papua New Guinea (PNG).
SAP Strongim Future Program - To replace their existing ERP business systems to ensure streamlined operations and align to agreed industry standards. In addition to the ERP business systems, SAP Governance, risk and compliance (GRC) Access Control (AC) 10.1 module will be implemented to streamline the areas of SAP - User Management, Role Management, Privilege access management and SoD management.
SAP Security Role Design & SAP GRC Access Control 10.1 implementation
à Worked with Functional team & BCM to gather role design requirements for Record to Report (R2R), Human Capital Management (HCM) including Payroll and Employee Self Services and Manager Self Services, Procure to Pay (P2P), Manage Physical Assets (MPA), Production Integration (PrI), Safety, Health, Environment and Community (SHEC), Information Technology(ICT)
à Perform role development and fixed all the issues reported during business simulation, System testing & UAT
à Worked closely with Business Process Advisors (BPA) to defined the custom Segregation of Duties (SoD) & Critical Action ruleset
à Created SAP HR Connector, HR Triggers, Field Mapping.
à Customized Business Ruleset Framework (BRF+) based on the client Requirment for HR trigger setup
à Setup Request types based on the Action _ID
à Worked with internal, external audit & business process owners to design Workflow for New Access, Modify Access, Termination & Firefighter access based on HR triggers
à Conducted workshops with the Business process owners to gather the requirements related to Rule sets, Created Mitigation controls by classing mitigation monitors and Mitigation Control id owners.
à Configured Business process design, performed RICEFW Functional Design and performed end to end training for Business users
Post Go Live support:
à Documented OTML procedures manuals and configuration documents for SAP GRC implementation
à Provided Cheat sheet for IT/Support team users
à Designed End User Manuals for – Access Request creation to HR team, AR Approval/ Rejection steps, Firefighter log review, Firefighter request creation, Firefighter Usage
à Initiate system sign-off handing over project documentation
à Provided KT on usage of GRC management views for management & Support teams
à Provide hand holding to OTML IT/Support Team for resolving issues
Onsite consultant and managed 3 offshore resources who are part of implementation
Appreciated by Client Security process owner on the role design part due to the low volume of Incidents/SR created during the hyper- care
Worked with SAP team to fix few of the initial SAP product (SAP GRC 10.1) bugs that were identified during implementation.
National Grid United Kingdom March 2014 – December 2014
Role: SAP GRC Functional and Technical Consultant
SOX Automation & SAP GRC Upgrade Project - The project will upgrade current SAP Governance, Risk and Compliance Access Control (SAP GRC AC) version 5.3 at National Grid to the latest stable version 10. The upgrade will be accompanied by implementation of high-level of automation; Address existing performance issues; Reduce manual processes to manage access risk; Asset health improvement initiative
à Worked with relevant stakeholders and prepared High-level project plan, RACI model, Communication model & Project phases
à Conducted workshops to defined Functional specification document, Functional Design Document, Deployment approach, Build plan, Technical Design specification & Test Strategy document
à Worked with Basis to provide functional requirements for Sizing Development, Quality & production instances
à During Phase – 1 - Implemented modules Emergency Access Management (EAM), Access Request Management (only for EAM request) & Access Risk Analysis (ARA)
à ARA – Migrated Ruleset from GRC 5.3 to 10.0
à Compare the ruleset with GRC 5.3 and GRC 10.0, and fixed all the issues occurred during Migration
à Organized weekly meeting with clients to provide the status on project progress, huddles & dependency’s
à Worked with Performance team to connect to performance system’s & executed performance test before the phase 1 Go-Live
à During Phase -2 Implemented ARM (End to End) & Business Role Management
à Conducted workshops with BCM, Business & my SAP shared service team to find business role mapping to technical PFCG composite role and to identify Business role owners
à Prepared master data and uploaded in SAP GRC
à Scheduled GRC related background jobs based on the frequency provided
à Written test scripts to test the controls in accordance with National Grid’s testing standards for any enhancements on SAP GRC products
à Involved in fixing issues that are identified during Unit Testing, Systems testing and UAT
à Delivered Service Transition Handover Document to my SAP share service support team during the hyper care
Customized SAP GRC product – worked with ABAPer to perform around 50 customizations, which includes - 'SAP User ID' generation button made available by default for New User request; Disable ‘Remove’, 'Existing Assignments' and 'Simulate' buttons by default & Auto-Population of User 'Existing Assignments' in the Access request for position movement & termination; LDAP/AD Group assignment through SAP GRC (in case SAP ID is different from Network ID)
Appreciated by External Audit Firm on the automation of manual controls.
Appreciated by other Vendors & SAP on the level of customization perform
General Electric India March 2012 – March 2014
Role: SAP SECURITY/GRC – Consultant
SAP Implementation – GE Lighting
à Responsible for Complete end-to-end implementation & deliverables of GRC Access Control 10.0
à Handling client meeting and Gathering business requirements
à Designing additional Custom Rulesets (preparing the Rule Upload files for Business process, Functions, Authorizations, Risk & Rule set).
à Implement the SOD Risk Management Process using Risk Recognition, Risk Analysis, Remediation and continuous compliance
à Role Design and development
à Prepared SECATT scripts and used LSMW for mass changes for users and roles.
à Transports of roles, customized authorization, Tables (USORG & USVAR).
à Review programs and transactions for security authorization check requirements.
à Perform system trace (ST01) for authorization issues when it makes sense to do so to resolve authorization issues and Authorization group issues.
à Troubleshoot security/authorization related problems using SU53, ST01 and SUIM
à Working with tables like AGR*, USH*, USR*.
Wipro ESS India Sept 2011 – march 2012
Role: SAP SECURITY/GRC – Consultant
à SAP Security role design based on industry specific best practice
à Configuring SAP GRC Access control & Process control v10.0
à GRC PC/AC workflow support and configuration i.e. modify / create workflows.
à User Security and Authorization support for GRC PC/AC
à GRC PC/AC reporting
à Mitigation Control for PC, GRC AC and PC integration
à Create and manage policies.
à Schedule policy surveys and assessments, support for Self-Assessment
Robotutor Solutions Pvt Ltd India August 2008 - September 2011
Position Held: Security Analyst
à Involved in Analysis, Design, Implementation & Support for web security issues of the Application.
à Troubleshooting & Bug Fixing tasks, according to the change requests assigned
à Perform code analysis to avoid XSS attacks, injections (SQL, Path, Command, Code), Session hijacking, & Remote file inclusion
à Implemented PHP default Authentication & Session Management
à Websites pertaining to B2B Service, socio-commerce, online recruitment & matrimony supported
à Software tools - PHP5, MYSQL, Ajax, Java Script, Code igniter
Wipro BPO India MAY 2008 - AUGUST 2008
Position Held: Tech. Support Executive
à Research and identify solutions to software and hardware issues
à Diagnose and troubleshoot technical issues, including account setup and network configuration
à Follow up with clients to ensure their IT systems are fully functional after troubleshooting
à Prepare accurate and timely reports