Ajit Prasad

  • SAP Security Consultant
  • Dallas, TX
  • Member Since Apr 06, 2023

Candidates About

 

Ajit Prasad

 

Professional Summary

·         A driven IT executive with extensive experience in SAP Reporting, Data Security, and SOX Compliance concepts with strong techno functional background. Worked with Top Five         consulting companies like IBM, KPMG (Bearing Point) and Computer Science Corporation Distinguished career supporting SAP deployments, system design / Role re-engineering, technical infrastructure assessment, upgrades, change management, reporting. Impeccably execute all aspect of SAP NetWeaver landscape and offer global off-hour support after implementation. Excellent in procedural documentation and development of training material for knowledge sharing. Effective and successful management of junior team members to ensure success at all levels for maximum return of resource dollars. Excellent communication & interpersonal skills.

·          

SAP Skills Summary

 

SAP Security & GRC experience: 10+ Years

 

ü     Specialized in designing and implementing Role-based security in SAP R/3, ECC, BW/BI, CRM, BObj/BOE and HANA.

ü     Solid hands-on experience in SAP development cycle, starting from business process definition, mapping to configuration, unit testing, co-ordination of transports to Production, training, go-live and post go-live support.

ü     Special skills in compliance based authorizations, identity and access management, User maintenance, internal controls and developing security measures and concepts for Sarbanes-Oxley (SOX) compliance.

ü     Expert Knowledge of the SAP Security System Architecture. Extensive experience developing, redefining and standardizing security process on user authentication and authorization.

ü     Proficient in use of Profile Generator (PFCG) Hands on knowledge of Role creation, role changes, authorizations, reviewing and assigning sensitive transactions, Performing UNIT testing on created roles. Transportation of changes across the system landscape.

ü     Expertise in controlling access to T-codes, tables and programs. Created custom t-codes, custom objects, custom object classes, program security, and table security meeting client's requirements.

ü     Generated, Maintained, Modified / Copied authorizations, authorization profiles based on existing roles and from SAP-Provided User Role Templates to create set of custom roles including Master and derived roles. Also created Composite role to meet clients’ needs

ü     Created Authorization Groups, Customized Transaction Codes and maintained Check Indicators for Authorization objects in SU24

ü     Extensively used CUA. Experience in implementation and administration of CUA for user management.

ü     Experience in analysis authorization in BI 7+, Experienced with Authorization Variables, Authorization Objects, Security on query/InfoCube /InfoObjects, Creation of Roles and Users.

ü     Experience in implementing security around HANA & BObj/BOE solution for streamlining user access.

ü     Experience in setup of BPC security for administrative and business users

ü     Experienced in implementing security for Solution Manager 7.x WorkCenters

ü     Experience working with internal / external audit teams to prevent and mitigate any compliance/regulatory issue to ensure that appropriate level of protection and adherence to the goals of the overall SAP security strategy is maintained

ü     Specialized in segregation of duties (SOD) and security analysis. Extensive experience with SAP GRC/Virsa (SAP GRC Access Control 10.0 [ARA, BRM, ARM, EAM], GRC 5.x (RAR, ERM, CUP, SPM) Virsa (Compliance Calibrator, Fire-Fighter, Role Enforcer, Access Enforcer) & Approva BizRight tools.

ü     Security configuration experience for Regulatory, Royalty and Tax Reports, Master Data Management in SAP PRA. Good understanding of implementation of SAP PRA Regulatory /Tax / Royalty reporting.

ü     Developed Security Policies, Procedures, Controls and documentation for Sarbanes-Oxley Requirements.

ü     Completed multiple cycles of implementation in SAP. Providing support to Cutover activities including GO-LIVE and post Go-live Support. Experience in large-scale re-engineering activities, supporting phased rollouts.

ü     Responsible for leading the sap security team in all aspects of security administration. Experience in managing off-shore teams. Worked on uPerform for user training and knowledge sharing.

 

ERP:                                                   SAP R/3 (ECC 7.2, 6.0, 5.0, 4.7, 4.6c), APO/SCM, BOE (BObj), CRM, PRA, BCS, EPM (BPC), GTS, SRM (EBP), HANA & Sol-Man 7.x

SOX Tools:                                         SAP GRC 10.0 AC, GRC 5.x AC, Virsa 4.x, Approva, SAFE (PWC), IBIS RBE, Panaya

Data Warehouse:                               SAP BI 7.0 ~ 3.5, APO, BCS, BPC

 Case Tools:                                         BMC SDE (Service Desk Express), Remedy, CA UniCenter, UDDB, HPQC, uPerform, Rev-Track, WinShuttle

 

Professional Experience

 

Airlines, Dallas Tx                                                                                                        Sep 14 to Present

Role: SAP Security Consultant

Security Audit Review and Role Redesign Project

·         Responsible of implementation and documentation of all officially approved, auditor recommended mandates requested by IT and corporate management

·         Reviewed security design and roles and provide recommendations for role redesign based on audit concerns.

·         Revamped the Firefighter security set up. Designed new firefighter ids, roles. Analyzed fire fighter logs and provided guidelines for usage and assigning Firefighter ids

·         Developing documentation for the client team for SAP Emergency access process and procedure.

·         Provided hands on support for Role creation, role changes, authorizations, reviewing and assigning sensitive transactions, Performing UNIT testing on created roles. Transportation of changes across the system landscape

·         Helped in consolidating over 3000 Derived Roles in SCM to based by Organizational levels such as Airports (cost center, profit center)

·         Assisted production support issues of HPQC in ECC and SCM.

·         Responsible for all User Administration tasks, creating and deleting users, assigning roles. Setting up procedures and policies for locking and unlocking users. Wrote e Catt (SECATT) script for mass user maintenance.

·         Helped client with Best Industry practice of tying Custom T-Code to Custom A-Obj.to with these A-Obj being called in the ABAP Program.

·         Act as the escalation point for problem resolution, for IT staff/ team members, from a technical standpoint.

 

Merit Energy, Dallas Tx                                                                                                 Mar 14 to Aug 14

Role: SAP Security Consultant

SAP BPC, BObj and HANA New implementation

·         Assessed current Security Setup for BW/BI 7.4, Business Objects 4.1 & HANA 1.07 and recommended solutions for improving security in the production environment.

·         Designed HANA security matrix for providing access to HANA database users.

·         Created Repository Roles in HANA for Developers/Modelers, Administrators including security administrators and reporting users.

·         Created Teams, Task profiles and Data access profiles for access to Merit’s BPC models and dimensions.

·         Added Users, assigned them to teams with task and data access profiles for legal consolidation and planning models.

·         Created and Maintained Report & Input Templates in 10.0 using EPM Editor & dynamic formatting for Planning.

·         Creating Analytic privileges for Reporting Users in SAP HANA modeler for attribute, analytic and calculative views.

·         Designed reports for business users using virtual data models in SAP HANA Live

·         Developed security framework for BOE. Created Custom Rights Access level, user groups to streamline authorization for Universes/Folders/Components in BOE.

·         Developed Queries to access data from BOE repository related to User / Universe / Webi.

·         Redesigned BI roles to restrict access to Z* Queries and folders using Analysis Authorization to specific Info Objects.

·         Prepared the Project plan for CUA implementation from Blueprinting to Realization for client for future implementation.

 

Boeing, Dallas Tx                                                                                                            Sep 13 to May 14

Role: SAP GRC Security Compliance Analyst / Analytics Consultant

SAP HANA new implementation and Role Redesign project in SAP ECC for FICO and Bw/BI

·         Lead  Role  Redesign project  for reviewing and redesigning roles in SAP ECC for FICO SD, MM, MDG

·         Reduce the number of Composite roles assigned to users to one composite and redesigned single roles in composites to eliminate redundant authorizations assignments

  • Created new Authorization Groups for table security, Customized Transaction Codes and maintained Check Indicators for Authorization objects in SU24

·         Maintained / enforced SOD rules during role redesign project using SAP GRC tools.

·         Created naming Conventions and Standards for Roles and Custom Authorization Objects

·         Assisted in production support tasks as needed.

·         Provided support for realigning IT procedures with clients Information security standards and SOX regulatory compliance.

·         Worked with the audit team for assessment of the SAP control environment to identify internal control deficiencies and recommend improvements.

·         Created customized security and functional reports in the Procurement, Inventory management, Sales and finance area.

·         Analyzed and configured BW/BI 7.0 data security environment to facilitate custom reporting and data analytics solutions.

·         Created Analysis Authorization Objects to secure reporting users. Reports secured for Company Codes, Plants, Controlling Areas, Sales Organizations and Purchasing Organizations.

·         Helped Client Analyze Data using MS Excel with Pivot Tables.

·         Developed queries for reports and created fields, built Info-sets through SQ01/2/3 SQVI

 

Emergent BioSolutions, Lancing MI,                                                                               Apr 12 to Aug 13

Role: SAP Security Lead

Upgrade project from SAP 4.7 to ECC 6.0 and assist in BPC 7.5

·         Lead for security Upgrade & Support solutions for client moving from SAP 4.7 to ECC 6.0 for modules FI-CO, QM, MM, PP, BObj/BOE & Sol-Man.

·         Compiled a project time line / plan on how to approach the task and designed a structure on which to build the Security and Authorization required by the client and to satisfy the Auditor's concerns.

  • Created reports and Input schedules in BPC 7.5 for planning.

·         Analyzed performance issue in OPEX planning application using UJSTAT and audit logs.

·         Improved the performance time of Complex Input template from 80 seconds to 15 seconds by removing unnecessary dimensions and members and reconfiguring the design

  • Guided, reviewed and changed/updated all Roles in updated SAP ECC 6.0 Box for new T-Codes/Authorization Objects that came with this Upgrade as per SU25.
  • Provided support for Cutover activities during Go-live; developing Cutover activities plan, coordinating  with different teams, technical support for locking and unlocking users, providing firefighter access, maintaining audit logs, providing Post go-live support.
  • Analyzed SAP user Incidents and provided solutions. Provided ‘Hands on’ trouble shooting support for any user authorization failures in all SAP applications. Effectively analyzed trace files and tracked missing authorizations for user access problems
  • Extensively use standard SAP Security transactions such as SU01/D/10 (Maintain User/Display only/Mass Maintenance), SUIM (User Information Systems), ST01 (System Trace), SU53/56 (Authorization fail/User Buffer), PFCG/UD (Automatic Role-Profile Generator/Comparing User Master) and SU20/21/24 (Maintain Auth fields/Auth-Object n Auth Class/Check Indicators).
  • Maintained the Firefighter IDs, privileged access and user mapping in EAM (Emergency Access Management) Tool.
  • Created WorkCentre roles and freestyle roles in UME in  SAP Enterprise Portal 7.3.
  • Recorded & published SAP Process documents using RWD uPerform.
  • Educated client with use of GRC 10 AC (Access control) tool to manage violations/mitigation in RAR to ensure SOX compliance, usage for Audit T-Codes SM18, SM19 & SM20.
  • Managed the BODs (Business Objects) Security to model more conducive with changes to Upgrade for User Groups and Folders.
  • Used Panaya a SAP UpGrade tool for making changes in ECC 6.0.
  • Managed Users on CMC (Central Management Console) BOE/ BObj and set in place controls for mitigating Security Risk.

Key Achievements:

·         Spearheaded large-scale, upgrade project with minimal downtime process.

·         Knowledge transfer to team on security authorization concept and security design/implementation. Contributed to documentation management.

 

Bell Copter (a Textron Co), Dallas TX                                                                            July 11 to Mar 12

Role: SAP GTS Security & ECC Security SME

New implementation of SAP GTS. Assisted in the BW/BI and CRM security role redesign

  • Provided NEW security solution for GTS. Lead the Role design process with complete Analysis of GTS roles to comply with SOX and prevent violation of SOD (Segregation of Duties) using PFCG, SU21 & SU24 (USOBT_C & USOBX_C) tables.
  • Conducted workshops for gathering role requirement from business for GTS. Acted as a liaison between the business, functional and technical team.

·         Developed Composite & Master/Derive roles in compliance with ITAR regulations.

·         Transported the generated roles and profiles using SAP Transport/Change Request Management System using Rev-Track tool.

·         Supported Go-live.

·         Set up Roles & authorization in MDG-M and MDG-F (Master Data Governance) to control access to Material and Finance master data

·         Restricted access to SAP tables using SE54 to build New Auth groups to prevent any Company policy or SOD violation.

·         Set up authorization & reports around MRS (Multiple Resource Scheduler) and MRP (Materials Requirement Planning) to optimize with validation for servicing of equipment.

  • Also assisted team with SD, MM and CRM Roles redesign and implemented methodology for controlling end user access to plants, cost centers.
  • Design and implement security for Workenters in Sol-Man 7.1.
  • Managed sales codes and business partners (BP) in CRM org structure PPOMA_CRM.
  • Changed CRM Business Roles for Vendors Web-UI framework (Business Role dependent view configuration / CRMC_UI_PROFILE, Org Model / Unit positioning, enhanced object assignment, Authorization Report Programs (CRMD_UI_ROLE_PREPARE, CRMD_UI_ROLE_ASSIGN).
  • Extensively used CUA (Central User Administration) to execute tasks to support User administration including handling Users (provisioning, de-provisioning) for Production and Non-Production Systems and Used IDM for provisioning User with functions to 3rd party tools.

·         Created SeCATT scripts for changes in Role groups and User Administration activities.

Key Achievements

  • Created GTS roles ensuring complete adherence to SOD compliance issues and controlling unauthorized access.
  • Resolved High Priority trouble tickets for Production System.

Novus, St. Louis, MO                                                                                                           Apr 11 to Jun 11

Role: SAP Security Consultant

New Implementation of SAP CRM 7.0, and assisted in GRC 10.0.

·         Assisted in NEW implementation of SAP CRM 7.0, addressing security planning, design, implementation and testing.

·         Assisted in SAP GRC 10.0 implementation.

·         Designed Flexible security framework that could be adapted to specific customer (business partners) needs. Created new CRM Business Roles for Vendors Web-UI framework.

·         Built customer service CRM Roles for CIC (Customer Interaction Center) via PFCG and managed/maintained Users through on BP (Business Partner) & PPOMA_CRM (Maintain Org-Structure Management) and restricted via ACE (Access Control Engine)

·         Extensively used t-code BP to create/change/display any type of Business Partner and CRMD_ORDER for business transaction processing.

·         Executed tasks in support of User Management Process including user setup, segregation of duty conflict identification, role recommendations, and streamlining access requests in SAP MM and FI-CO.

 

ULA (A Lockheed & Boeing Co), Denver, CO                                                                              Jun 10 to Mar 11

Role: SAP Security SME

Business Process Redesign Project for SOX compliance

·         Provided support for Business Process Redesign for SOX compliance. Worked with the audit team for assessment of the SAP control environment to identify internal control deficiencies and recommend improvements.

·         Point of Contact for External and Internal Auditors to provide all SAP Security related information, communicates current company policy and procedures, and provides data from SAP Systems for audit analysis.

·         Redesigned security architecture and revamped existing roles, enabling segregation of duties for all SAP users in SAP ECC 6 system as per audit mandate.

·         Developed, documented, Business Process Owner driven Role change management, testing, and assignment approval process.

·         Wrote eCatt (SeCATT) Scripts for mass role creation, changes, mass user creation, change tasks.

  • Provided production support, to end users, functional and technical users FI-CO, SCM, HCM & BI.

·         Provided Security solutions in HANA with restrictions to Roles & Privileges

  • Restricted BI Reports based on Info cube level, Info Object level and Hierarchy node level using Analysis Authorization via RSECADMIN.
  • Created & published SAP Process documents using RWD uPerform.
  • Helped the team for EPH-4 Upgrade running SU25 & adjusting Org Levels. Provided support for Cut-over activities.

Key Achievements

·         Provided a documented, audit compliant, security role change management procedure resulting in elimination of risks in production with dramatic reduction of time and resources.

 

Verizon Tele-Com, Dallas, TX                                                                                                          Jul 09 to Jun 10

Role: SAP CRM Security Lead  

New implementation in SAP CRM Lease module

·         Collected, mapped security Role requirements with Functional team and Business owners for NEW implementation of CRM Lease module.

·         Managed Users in Sol-Man for accessing CRM UIU Framework.

  • Created new CRM Business Roles for Vendors Web-UI framework. Prepared Test Plans and Test Scripts for testing the new roles and transactions.
  • Supported GO-LIVE in April 2010.
  • Built & managed Roles with Custom Auth-Objects for metrics reporting on usage
  • Maintained group Data on Excel Workbook using Pivot Tables to clean Governmental restriction for metrics reporting on usage.
  • Advised clients and developed complex technical architecture and design for GARM (Global Access Rights Management of Sensitive Government Data) initiatives.
  • Built & assisted in SAP GTS Roles as per business team requirements. Created custom t-codes, custom objects, custom object classes, program security, and table security meeting client's requirements.

Key Achievements

·         Delivered audit compliant roles for CRM work process for roll out to US & UK sites.

  • Contributed to enhance development security roles as per Information Risk Management standards, delivering excellence in technical and business synergies.
  • Paved ‘building block’ for next phase and future enterprise implementation.

Allianz Global Investments, Los Angeles, CA                                                                                 Aug 08 to Jun 09

Role: SAP Security Architect

SAP ECC 6.0, BI 7.0 & BCS Implementation and roll out

·         Provided SAP Security planning, design, implementation, testing, and support for new implementation of NW/ECC and BI landscape using SAP best practices.

·         Created workshops for Business / Functional Users for Role Mapping.

·         Created over 250 Roles using PFCG for US and Europe End Users. Addressed solutions to accommodate multiple locations across the globe utilizing Master and Derived Roles.

·         Created Custom Auth-Object (SU21), updated SU24 tables (USOBT_C & USOBX_C) and transported the workbench request.

  • Extensive use standard SAP Security transactions such as SU01/D/10 (Maintain User/Display only/Mass Maintenance), SUIM (User Information Systems), ST01 (System Trace), SU53/56 (Authorization fail/User Buffer) and PFCG/UD (Automatic Role-Profile Generator/Comparing User Master).
  • Isolated Bond groups using Pivot tables and built BW/BCS Authorization Roles.
  • Provided support for Cutover activities during Go-live; locking and unlocking users, providing firefighter access, maintaining audit logs, providing Post go-live support.

·         Created Transactions Help & Training documents for SAP Transactions with uPerform.

·         Managed Users & Security for BObj Instance with Folder, Access levels & Groups.

·         Set up Access Rights to Users and access levels to Info Objects in BI.

·         Build and tested BPC roles and provide Security appropriate authorization.

Key Achievements:

·         Designed and developed Security roles for various location site based on org level.

 

BearingPoint, Seattle, WA                                                                                                     Jan 08 to Jul 08

Role: SAP SOX and Compliance Manager

As a Bearing Point Manager, helped in SAP project implementation with a number of end clients in the Oil & gas industries, education and pharmaceutical industry. Collaborated with other members of the engagemen