
Ajit Prasad
- SAP Security Consultant
- Dallas, TX
- Member Since Apr 06, 2023
Ajit Prasad
Professional Summary
· A driven IT executive with extensive experience in SAP Reporting, Data Security, and SOX Compliance concepts with strong techno functional background. Worked with Top Five consulting companies like IBM, KPMG (Bearing Point) and Computer Science Corporation Distinguished career supporting SAP deployments, system design / Role re-engineering, technical infrastructure assessment, upgrades, change management, reporting. Impeccably execute all aspect of SAP NetWeaver landscape and offer global off-hour support after implementation. Excellent in procedural documentation and development of training material for knowledge sharing. Effective and successful management of junior team members to ensure success at all levels for maximum return of resource dollars. Excellent communication & interpersonal skills.
·
SAP Security & GRC experience: 10+ Years
ü Specialized in designing and implementing Role-based security in SAP R/3, ECC, BW/BI, CRM, BObj/BOE and HANA.
ü Solid hands-on experience in SAP development cycle, starting from business process definition, mapping to configuration, unit testing, co-ordination of transports to Production, training, go-live and post go-live support.
ü Special skills in compliance based authorizations, identity and access management, User maintenance, internal controls and developing security measures and concepts for Sarbanes-Oxley (SOX) compliance.
ü Expert Knowledge of the SAP Security System Architecture. Extensive experience developing, redefining and standardizing security process on user authentication and authorization.
ü Proficient in use of Profile Generator (PFCG) Hands on knowledge of Role creation, role changes, authorizations, reviewing and assigning sensitive transactions, Performing UNIT testing on created roles. Transportation of changes across the system landscape.
ü Expertise in controlling access to T-codes, tables and programs. Created custom t-codes, custom objects, custom object classes, program security, and table security meeting client's requirements.
ü Generated, Maintained, Modified / Copied authorizations, authorization profiles based on existing roles and from SAP-Provided User Role Templates to create set of custom roles including Master and derived roles. Also created Composite role to meet clients’ needs
ü Created Authorization Groups, Customized Transaction Codes and maintained Check Indicators for Authorization objects in SU24
ü Extensively used CUA. Experience in implementation and administration of CUA for user management.
ü Experience in analysis authorization in BI 7+, Experienced with Authorization Variables, Authorization Objects, Security on query/InfoCube /InfoObjects, Creation of Roles and Users.
ü Experience in implementing security around HANA & BObj/BOE solution for streamlining user access.
ü Experience in setup of BPC security for administrative and business users
ü Experienced in implementing security for Solution Manager 7.x WorkCenters
ü Experience working with internal / external audit teams to prevent and mitigate any compliance/regulatory issue to ensure that appropriate level of protection and adherence to the goals of the overall SAP security strategy is maintained
ü Specialized in segregation of duties (SOD) and security analysis. Extensive experience with SAP GRC/Virsa (SAP GRC Access Control 10.0 [ARA, BRM, ARM, EAM], GRC 5.x (RAR, ERM, CUP, SPM) Virsa (Compliance Calibrator, Fire-Fighter, Role Enforcer, Access Enforcer) & Approva BizRight tools.
ü Security configuration experience for Regulatory, Royalty and Tax Reports, Master Data Management in SAP PRA. Good understanding of implementation of SAP PRA Regulatory /Tax / Royalty reporting.
ü Developed Security Policies, Procedures, Controls and documentation for Sarbanes-Oxley Requirements.
ü Completed multiple cycles of implementation in SAP. Providing support to Cutover activities including GO-LIVE and post Go-live Support. Experience in large-scale re-engineering activities, supporting phased rollouts.
ü Responsible for leading the sap security team in all aspects of security administration. Experience in managing off-shore teams. Worked on uPerform for user training and knowledge sharing.
ERP: SAP R/3 (ECC 7.2, 6.0, 5.0, 4.7, 4.6c), APO/SCM, BOE (BObj), CRM, PRA, BCS, EPM (BPC), GTS, SRM (EBP), HANA & Sol-Man 7.x
SOX Tools: SAP GRC 10.0 AC, GRC 5.x AC, Virsa 4.x, Approva, SAFE (PWC), IBIS RBE, Panaya
Data Warehouse: SAP BI 7.0 ~ 3.5, APO, BCS, BPC
Case Tools: BMC SDE (Service Desk Express), Remedy, CA UniCenter, UDDB, HPQC, uPerform, Rev-Track, WinShuttle
Professional Experience
Airlines, Dallas Tx Sep 14 to Present
Role: SAP Security Consultant
Security Audit Review and Role Redesign Project
· Responsible of implementation and documentation of all officially approved, auditor recommended mandates requested by IT and corporate management
· Reviewed security design and roles and provide recommendations for role redesign based on audit concerns.
· Revamped the Firefighter security set up. Designed new firefighter ids, roles. Analyzed fire fighter logs and provided guidelines for usage and assigning Firefighter ids
· Developing documentation for the client team for SAP Emergency access process and procedure.
· Provided hands on support for Role creation, role changes, authorizations, reviewing and assigning sensitive transactions, Performing UNIT testing on created roles. Transportation of changes across the system landscape
· Helped in consolidating over 3000 Derived Roles in SCM to based by Organizational levels such as Airports (cost center, profit center)
· Assisted production support issues of HPQC in ECC and SCM.
· Responsible for all User Administration tasks, creating and deleting users, assigning roles. Setting up procedures and policies for locking and unlocking users. Wrote e Catt (SECATT) script for mass user maintenance.
· Helped client with Best Industry practice of tying Custom T-Code to Custom A-Obj.to with these A-Obj being called in the ABAP Program.
· Act as the escalation point for problem resolution, for IT staff/ team members, from a technical standpoint.
Merit Energy, Dallas Tx Mar 14 to Aug 14
Role: SAP Security Consultant
SAP BPC, BObj and HANA New implementation
· Assessed current Security Setup for BW/BI 7.4, Business Objects 4.1 & HANA 1.07 and recommended solutions for improving security in the production environment.
· Designed HANA security matrix for providing access to HANA database users.
· Created Repository Roles in HANA for Developers/Modelers, Administrators including security administrators and reporting users.
· Created Teams, Task profiles and Data access profiles for access to Merit’s BPC models and dimensions.
· Added Users, assigned them to teams with task and data access profiles for legal consolidation and planning models.
· Created and Maintained Report & Input Templates in 10.0 using EPM Editor & dynamic formatting for Planning.
· Creating Analytic privileges for Reporting Users in SAP HANA modeler for attribute, analytic and calculative views.
· Designed reports for business users using virtual data models in SAP HANA Live
· Developed security framework for BOE. Created Custom Rights Access level, user groups to streamline authorization for Universes/Folders/Components in BOE.
· Developed Queries to access data from BOE repository related to User / Universe / Webi.
· Redesigned BI roles to restrict access to Z* Queries and folders using Analysis Authorization to specific Info Objects.
· Prepared the Project plan for CUA implementation from Blueprinting to Realization for client for future implementation.
Boeing, Dallas Tx Sep 13 to May 14
Role: SAP GRC Security Compliance Analyst / Analytics Consultant
SAP HANA new implementation and Role Redesign project in SAP ECC for FICO and Bw/BI
· Lead Role Redesign project for reviewing and redesigning roles in SAP ECC for FICO SD, MM, MDG
· Reduce the number of Composite roles assigned to users to one composite and redesigned single roles in composites to eliminate redundant authorizations assignments
· Maintained / enforced SOD rules during role redesign project using SAP GRC tools.
· Created naming Conventions and Standards for Roles and Custom Authorization Objects
· Assisted in production support tasks as needed.
· Provided support for realigning IT procedures with clients Information security standards and SOX regulatory compliance.
· Worked with the audit team for assessment of the SAP control environment to identify internal control deficiencies and recommend improvements.
· Created customized security and functional reports in the Procurement, Inventory management, Sales and finance area.
· Analyzed and configured BW/BI 7.0 data security environment to facilitate custom reporting and data analytics solutions.
· Created Analysis Authorization Objects to secure reporting users. Reports secured for Company Codes, Plants, Controlling Areas, Sales Organizations and Purchasing Organizations.
· Helped Client Analyze Data using MS Excel with Pivot Tables.
· Developed queries for reports and created fields, built Info-sets through SQ01/2/3 SQVI
Emergent BioSolutions, Lancing MI, Apr 12 to Aug 13
Role: SAP Security Lead
Upgrade project from SAP 4.7 to ECC 6.0 and assist in BPC 7.5
· Lead for security Upgrade & Support solutions for client moving from SAP 4.7 to ECC 6.0 for modules FI-CO, QM, MM, PP, BObj/BOE & Sol-Man.
· Compiled a project time line / plan on how to approach the task and designed a structure on which to build the Security and Authorization required by the client and to satisfy the Auditor's concerns.
· Analyzed performance issue in OPEX planning application using UJSTAT and audit logs.
· Improved the performance time of Complex Input template from 80 seconds to 15 seconds by removing unnecessary dimensions and members and reconfiguring the design
Key Achievements:
· Spearheaded large-scale, upgrade project with minimal downtime process.
· Knowledge transfer to team on security authorization concept and security design/implementation. Contributed to documentation management.
Bell Copter (a Textron Co), Dallas TX July 11 to Mar 12
Role: SAP GTS Security & ECC Security SME
New implementation of SAP GTS. Assisted in the BW/BI and CRM security role redesign
· Developed Composite & Master/Derive roles in compliance with ITAR regulations.
· Transported the generated roles and profiles using SAP Transport/Change Request Management System using Rev-Track tool.
· Supported Go-live.
· Set up Roles & authorization in MDG-M and MDG-F (Master Data Governance) to control access to Material and Finance master data
· Restricted access to SAP tables using SE54 to build New Auth groups to prevent any Company policy or SOD violation.
· Set up authorization & reports around MRS (Multiple Resource Scheduler) and MRP (Materials Requirement Planning) to optimize with validation for servicing of equipment.
· Created SeCATT scripts for changes in Role groups and User Administration activities.
Key Achievements
Novus, St. Louis, MO Apr 11 to Jun 11
Role: SAP Security Consultant
New Implementation of SAP CRM 7.0, and assisted in GRC 10.0.
· Assisted in NEW implementation of SAP CRM 7.0, addressing security planning, design, implementation and testing.
· Assisted in SAP GRC 10.0 implementation.
· Designed Flexible security framework that could be adapted to specific customer (business partners) needs. Created new CRM Business Roles for Vendors Web-UI framework.
· Built customer service CRM Roles for CIC (Customer Interaction Center) via PFCG and managed/maintained Users through on BP (Business Partner) & PPOMA_CRM (Maintain Org-Structure Management) and restricted via ACE (Access Control Engine)
· Extensively used t-code BP to create/change/display any type of Business Partner and CRMD_ORDER for business transaction processing.
· Executed tasks in support of User Management Process including user setup, segregation of duty conflict identification, role recommendations, and streamlining access requests in SAP MM and FI-CO.
ULA (A Lockheed & Boeing Co), Denver, CO Jun 10 to Mar 11
Role: SAP Security SME
Business Process Redesign Project for SOX compliance
· Provided support for Business Process Redesign for SOX compliance. Worked with the audit team for assessment of the SAP control environment to identify internal control deficiencies and recommend improvements.
· Point of Contact for External and Internal Auditors to provide all SAP Security related information, communicates current company policy and procedures, and provides data from SAP Systems for audit analysis.
· Redesigned security architecture and revamped existing roles, enabling segregation of duties for all SAP users in SAP ECC 6 system as per audit mandate.
· Developed, documented, Business Process Owner driven Role change management, testing, and assignment approval process.
· Wrote eCatt (SeCATT) Scripts for mass role creation, changes, mass user creation, change tasks.
· Provided Security solutions in HANA with restrictions to Roles & Privileges
Key Achievements
· Provided a documented, audit compliant, security role change management procedure resulting in elimination of risks in production with dramatic reduction of time and resources.
Verizon Tele-Com, Dallas, TX Jul 09 to Jun 10
Role: SAP CRM Security Lead
New implementation in SAP CRM Lease module
· Collected, mapped security Role requirements with Functional team and Business owners for NEW implementation of CRM Lease module.
· Managed Users in Sol-Man for accessing CRM UIU Framework.
Key Achievements
· Delivered audit compliant roles for CRM work process for roll out to US & UK sites.
Allianz Global Investments, Los Angeles, CA Aug 08 to Jun 09
Role: SAP Security Architect
SAP ECC 6.0, BI 7.0 & BCS Implementation and roll out
· Provided SAP Security planning, design, implementation, testing, and support for new implementation of NW/ECC and BI landscape using SAP best practices.
· Created workshops for Business / Functional Users for Role Mapping.
· Created over 250 Roles using PFCG for US and Europe End Users. Addressed solutions to accommodate multiple locations across the globe utilizing Master and Derived Roles.
· Created Custom Auth-Object (SU21), updated SU24 tables (USOBT_C & USOBX_C) and transported the workbench request.
· Created Transactions Help & Training documents for SAP Transactions with uPerform.
· Managed Users & Security for BObj Instance with Folder, Access levels & Groups.
· Set up Access Rights to Users and access levels to Info Objects in BI.
· Build and tested BPC roles and provide Security appropriate authorization.
Key Achievements:
· Designed and developed Security roles for various location site based on org level.
BearingPoint, Seattle, WA Jan 08 to Jul 08
Role: SAP SOX and Compliance Manager
As a Bearing Point Manager, helped in SAP project implementation with a number of end clients in the Oil & gas industries, education and pharmaceutical industry. Collaborated with other members of the engagemen