Candidates About

 

Hari Chaitanya Putumbaca                                                                                                                                

Professional Summary

·   5+ Years (Sep 2012 to Till Date) of Experience as SAP Security Analyst within ECC, CRM, BW, BOBJ, BODS, CLM, GRC, SCM, SRM, APO, Ariba supporting multiple SAP Systems and Landscapes. Exposure to SAP HANA and SAP BPC Security.

·   5 Years of Siebel Server Administration on Siebel 8.x Includes OBIEE code Migration, UCM Server Administration.

·   11+ Years of Total Experience in IT (April 2007 – Till Date).

 

Summary of Technical Skill set in SAP Security and GRC

 

SAP Security for ECC, CRM, BW, BOBJ, HANA, BODS, GRC, SCM, SRM, APO, Ariba systems.

·         Create PFCG and Analysis Authorization roles within the SAP ECC 6, CRM7, GRC10, BOBJ, BODS 4.0, SCM, SRM, APO systems based on the given requirement.

·         Role-Build, Testing of roles and Transport of Roles within multi system Landscape.

·         Mass User load activities using the Excel Scripting to load multiple users for Performance Testing and other requirements.

·         Generating CRM PFCG roles from the CRM Business Roles.

·         Tracing multiple Authorization issues and fixing the CRM and Other SAP roles.

·         SAP Audit requirements track by ensuing proper tracking of all approvals, to comply with SOX.

·         Role Testing and Fixes, ITRT, UAT.

·         SU24 Changes to maintain standard authorization requirements.

·         Composite and Single Role Management for multiple systems.

·         Master Role and Derived Role Management based on ORG values.

·         Maintaining Temp Patches in Production environment to resolve issues and work on

Permanent fixes based on approvals.

·         Incident management process for Production and Non-Production to maintain the track

Of issues and to ensure Audit Compliance.

·         Maintaining proper documentation and Function Specification Document tracker before making changes to any PFCG Roles.

·         BW – PFCG Roles Setup which includes the Analysis Authorization role using the RSECADMIN

·         BW –Change, Maintain and transport the Analysis Authorization roles based on the requirements.

·         BOBJ – Role  Creation to enable Modify, Create , Refresh and View of Reports to End user and Super Users

·         BOBJ – User Authentication via Backend BW system. Sync BW Roles, Users to BO systems.

·         BOBJ – Create custom access levels. Managing User, Groups and Folder Level securities.

·         BOBJ – Knowledge on setting up the Audit Universe for the BOBJ Systems.

·         DS – BODS Data Services role setup and provide repository access in Data Services apps to the users.

·         Knowledge on Configuring UCON Unified Connectivity by UCONPHTL or UCONCOCKPIT.

Co-ordinate with BASIS to setup RZ11, RZ10 Parameter for UCON - UCON/RFC/ACTIVE = 1.

Setup the batch job SAP_UCON_MANAGEMENT to select the RFC Records needed by UCON Phase tool via SM36.

Good knowledge on Logging Phase, Evaluation Phase and Activation Phase in the UCON.

·         Knowledge on Managing the RFM Phase using UCONPHTL / UCONCOCKPIT to change the Phase.

·         CCMS Monitoring via RZ20 to monitor the Expiring Phase for the RFMs, Remote Function Modules.

·         Good understanding on how to update the S_RFC authorization objects for the required RFM / Function Modules.

Assign the RFMs to the Default CA, Communication Assembly and Transport from DEV to PROD.

·         Ability to Creating Users in SAP HANA system

·         Ability to Creating roles in SAP HANA system in SAP HANA Studio

·         User and Role management with in HANA system.

·         Understanding of SQL and Design time security

·         Knowledge on Transporting Roles within HANA systems using the Delivery units.

·         Knowledge on creating and managing Analytical Privileges in the HANA system based on business requirements.

·         Manage System, SQL and Package Privileges within roles for multiple users.

·         Managing Password Policy. Reset password for the SYSTEM users.

·         Using SAP HANA web based cockpit and SAP HANA Studio for day to day operational activities.

·         Managing the Encryption of Data volume by enabling or disabling as per requirement.

·         Enabling the Audit Policies and enabling the Auditing as per requirement from HANA Studio.

 

SAP GRC 10.0 AC

·         Setting up GRC 10.0 AC, Access Control for the R3/ECC, CRM, BW, GTS, SCM systems and enable the Access Control components ARA, ARM, EAM.

·         Create RFC Connections between the ECC, CRM and other SAP systems and the GRC system.

·         Activate and Configure the GRC AC10.0 settings by activating the BC Sets for ARA, ARM, EAM, BRM, MSMP.

·         Configuring the Access Control Component settings in the GRC system using SPRO, to maintain various Parameter values for the Parameter groups which defines the settings for the ARA, ARM, EAM and BRM modules of GRC10.0 AC. Configure required settings for the Plug-in systems which is to be connected to GRC system.

·         Maintain Connector settings and enable integration scenarios like AUTH, PROV, ROLMG, SUPMG, Connector groups and Logical Connectors for various systems and the GRC system.

·         Run Authorization and Repository sync jobs in the GRC systems for the plug-in system to import all the Authorization data, User, Roles and Profiles to the GRC system.

·         Create and maintain separate GRC roles based on the standard SAP delivered roles which are used for GRC Administration, to assign to the Role Owners, Controller and Firefighter scenarios.

·         Maintain Role Owners for the roles imported from the plug-in systems. Enable the password self-service and Visibility settings for the non-production systems.

·         Strong knowledge on creating the MSMP ( Multi Stage Multi Path ) workflows to automate the Access Request Management (ARM), Access Risk Analysis (ARA), Emergency Access Management (EAM) or the Fire Fighter.

·         Register all the Owners, Controllers, Firefighter Owners, Controllers, Risk Owners in the Access Control Owners of the NWBC of the GRC system.

·         Knowledge on Creating the BRF+ rules for the Initiator, Agent and Routing rules as required for any customization for the Escape paths and other requirements of the workflow for the Business requirements.

·         Configuring the system to enable the ARM – Access Request Management with help of the MSMP workflows. Develop and Test the Request Creation, Approval Process and any Routing/ Escape paths when required.  Setting up the Notifications at every stage of the Workflow.

·         Configuring the system to enable the Fire Fighter on the Plug-in System. Create the Fire Fighter id in the Plug-in System. Assign the fire fighter roles, Owners, Controllers and test the Fire fighter ID based concept to login via GRC system to the plug-in Systems.

·         Detailed understanding on setting up the ARA, Access Risk Analysis and enabling the required MSMP workflow based on the scenarios for approving any changes to Functions, Risks or Mitigation Controls.

·         Knowledge on Generating the Risk IDs based on the SOD design. Perform details Risk Analysis on Role Level and User Level.

·         Detail understanding on creating and assigning the Mitigation controls to a Risk violation

·         Manage EUP – End User Personalization settings for the Access Requests.

·         Perform the GRC admin Activities like Synchronizing New roles from Plug-in system to GRC system. Validating the Access Request Issues. Perform details Role Risk analysis when creating new roles in the SAP systems.

·         Maintain the required Log sync, Usage Sync jobs within the GRC systems to gather the periodical usage of Fire Fighter and other required logs for the Audit purpose.

Professional Experience

“Recent /current projects to previous”

 

1)       Client: Tech Mahindra Americas                                                                                                                               Jan 2017 – Till Date

Title: SAP Security GRC Consultant

Project: Houlihan – AMS for TMobile USA.

Project: RIS – Retail Inventory Serialization Project.

ECC 6, CRM, SCM, SRM, OER, BW: 7.0 on HANA DB

GRC – 10.1 AC (ARA, ARM, EAM)

BOBJ (BI) –4 .0

Ariba

                                       

Project Briefing:

As part of Application Managed Services project Houlihan, Tech Mahindra is responsible for Supporting the current TMobile`s SAP Systems landscape in terms of systems high availability, Governance Risk and Compliance and day to day Security operations and also multiple Enhancements projects. Within the landscape of more than 100 SAP Systems and clients, as a SAP Security and GRC Consultant I am responsible for the SAP Security Development, Test and Production support which include but not limited to below responsibilities.  

Responsibilities:

·         SAP User management includes create, modify, delete, lock and unlock of new users and existing users based on PIER tickets or requests.

·         Assign and remove roles from users based on requirements for multiple systems like Production, Project, Testing and development tracks.

·         SAP Role management which includes Create New roles, Modify of existing roles.

·         Redesign of Roles based on the requirements as part of role remediation.

·         Modify Authorizations within existing roles.

·         SAP GRC Access Control Administration (ARA, ARM, EAM).

·         Troubleshoot End User request issues part of GRC ARM, OIM provisioning issues.

·         Managing Roles and Role owners and setting up appropriate Approvers in the GRC System.

·         Managing Firefighter Roles and assignments for critical activities as part of GRC EAM.

·         Transport requests within the SAP Systems based on the approvals and change management.

·         Maintain and administer the OSS Users, Generic users and RFC Users in the SAP systems.

·         Provide proper proof of documentation and Change Requests associated to every change during the AUDIT.

·         Run periodic Segregation of Duties- SOD reports, User Access Request reports.

·         Troubleshoot Retail Store user authorization, access issues.

·         User setup in Ariba application, PI application based on requirements.

·         Analysis authorization changes for the BW system as per business requirements.

·         Applying multiple restrictions within the roles based on the Project requirements like the PLANT restrictions.

 

2)       Client:    Juniper Networks                                                                                                                                         June 2016 – Dec2016

                Title:       SAP Security Analyst                                                                                                                                   

                                                   

Project: Logistics Evolution and Productivity -LEAP

ECC 6, CRM, SCM, GTS, BW: 7.0 on HANA DB

GRC – 10.0 AC (ARA, ARM, EAM)

BOBJ (BI) –4 .0

                                       

Project Briefing:

Juniper Networks, a US based company that develops and markets the Network gear had recently undergone huge technology transformation from Oracle/Siebel to SAP for its ERP, CRM and other Business Processes. LEAP is project for the Customer Service and Logistics management in SAP to replace current functionality from existing Clarify application.

Responsibilities:

As part of the SAP Security team, responsible for the Build, Test and Support of the SAP Roles for LEAP within the ECC, CRM, SCM, GTS, BW, BO as per Juniper requirement. Upload new roles to GRC, update the GRC Ruleset, Upload new roles, new user loads and assignments.

·         Design Security roles and profiles in SAP ECC, CRM, SCM, BI, GTS, BO systems as per Juniper`s requirements.

·         Changes and Testing of Security roles in various systems like SAP ECC, CRM, SCM, BI, GTS across development and testing environments as per client requirements. Roles in scope are around 20 roles on top of existing Production environment.

·         Support the Development, SIT (System Integrated Testing), UAT (User Acceptance testing) in terms of Application Security through roles and profiles to multiple users like Technical/Functional/Business Users, as per Client Requirements.

·         Manage Security Role changes in Transports and maintain trackers for any changes and transports to comply with the Change Management and also Audit requirements.

·         SU24 changes, Custom Transaction codes validation for Authority Checks.

·         Work on Pre Cutover, Cutover, Go-live and Hyper-care activities for security roles as per client requirements.

·         GRC System readiness with uploading new roles, owners, firefighter ids, update ruleset and apply mitigations when required.

·         SNC users for the partners/ vendors

·         Provide detail documentation of the complete build of security roles related to the project to the client.

 

3)       Client:    Stone Profit Systems                                                                                                                                   May 2016 – June 2016

                Title:       Software Engineer / Security Developer                                                                                                                                

                                                   

Project: Inventory Consignment Management and Secure Client Billing

ECC 6, CRM, BW: 7.0, BOBJ (BI) –4 .0

                                       

Project Briefing:

Stone Profit Systems has been working alongside the stone industry since 2002. As part of securing their Inventory Consignment and also the billing process for their clients, Stone Profits has been working to redesign the Security model and also its ERP platform considering to implement SAP.

Responsibilities:

As part of the Security development team, worked on designing the requirements to Segregate the Business Process as per Company guidelines and create a Security model with Composite Roles within each sub process. Also design the approval process for both role changes, Role Assignments for the IT users and for the Business users.

4)       Client:    Juniper Networks                                                                                                                                     July 2010 – March 2016

                Title:       SAP Security Analyst                                                                                                                                   

                                                   

Project: Ignition – 14.2 through 14.7

ECC 6, CRM, SCM, GTS, BW: 7.0 on HANA DB

GRC – 10.0 AC (ARA, ARM, EAM)

BOBJ (BI) –4 .0

                                       

Project Briefing:

Juniper Networks, a US based company that develops and markets the Network gear had recently undergone huge technology transformation from Oracle/Siebel to SAP for its ERP, Customer Support Requests and the CRM. This is done in multiple releases with ERP functionality migrating first (part of RTR, PTP, OTC), followed by Customer Support (ITR).The last phase being MTS along with additional functionalities for the OTC, PTP, RTR modules.

Responsibilities:

As part of the SAP Security team I have built, tested the Security roles and worked on the GRC configuration for the Access Request Management for the Project Ignition which went live in multiple phases like Release 14.2, 14.3, 14.4 and 14.7 which had ERP, Customer Service and then the CRM applications phased out from Legacy to the new SAP platform at Juniper. Below are the details of the responsibilities phase wise.

 

SAP - Ignition 14.2: Live in May 2014

·         Worked on the SAP Role Build and tested multiple roles within DEV and QA systems.

·         Security Support for the DEV, QA systems for the ECC, CRM, SCM, GRC, GTS, BW, BOBJ, BODS applications and multiple clients.

·         Maintain proper version history and descriptions for each role changes.

·         Used HPQC for the Defect fixes during the FRT – Functional Role testing cycles.

·         Track the Defect details and Transports history to make sure roles are not overwritten with the team.

·         Hardening of SAP* User on new Clients handed over by the BASIS Team.

Setting up default jobs like user master compare jobs.

·         Maintaining the tracker for the Composite roles and the Singles roles within them for the ease of administration during the role build and testing.

·         Performing the sync jobs to import the Authorizations, Roles, Profiles and Users from the Plug-in system to the GRC system.

·         Create GRC connectors between GRC and multiple SAP clients/systems. Maintain the Integration scenarios like AUTH, PROV, SUPMG.

·         Verify the Configuration settings done via SPRO for ARA, ARM and EAM components for GRC AC.

·         Maintain the Role Visibility within DEV and QA systems for Technical and Functional roles in separate. Enable the Password self-service for the non-prod systems.

·         Coordinated with Business to gather information on Role, Risk, Fire-fighter Owners and controllers for the DEV and QA systems for testing. Maintain the Owners in the Access Control Owners table via NWBC. Assign required Roles to the Owners to enable them with the Owner capability.

·         Perform periodical Role Level and User level Risk Analysis to minimize the risks. Create the Mitigation controls when required after prior approval from the business and re-test the role build

·         Validate the Firefighter configuration in GRC. Create the Firefighter ids in the Plug-in systems and sync to GRC systems. Assign the Firefighter owners to FF-IDs and then assign the Controllers.

·         Maintain and Assign the Firefighter role setting in the SPRO and to the User id in the plug-in system. Login and test via GRAC_EAM tcode and test the Firefighter login via GRC system.

 

SAP - Ignition 14.4: Live in Dec 2014

·         Built and Tested CRM and BW Roles as per requirements

·         Make sure proper Functional Specification Documents (FSDs) are maintained and approved before making any role changes.

·         Manage Transport Tracker, Version history in the description for every role changes.

·         Used the HPQC for the Defects tracking. Periodical reporting of the Defects to align with the

Project plans and timelines.

·         Created CRM roles from the Business roles provided by the functional team.

·         Troubleshoot and fix the CRM role issues.

·         BW PFCG Roles created for this specific release without any data level restrictions.

·         Sync the BW roles to BO system.

·         Create BO Groups and link the BW roles to BO Groups

·         Assign the folder Level Security for the BOBJ groups

·         Upload new Roles created to the GRC system and maintain the Role Owners as per requirements.

·         Perform Risk Analysis via Role simulation or User Simulation before the sign off of the roles.

·         Create additional firefighters as per the track wise.

 

SAP - Ignition 14.7: Live in Jan 2016

·         Built and Tested ECC, CRM, GTS and BW Roles as per requirements

·         Manage Transport Tracker, Version history in the description for every role changes.

·         Used the HPQC for the Defects tracking. Periodical reporting of the Defects to align with the

Project plans and timelines.

·         Troubleshoot and fix the role issues during multiple MOCK and SIT Cycles.

·          BW PFCG Roles created with data level restrictions.

·         RSECADMIN used for creating the multiple Analysis Authorization Roles.

·         Maintain the combination of the Analysis roles and the PFCG roles for the BW systems.

·         Sync the BW roles to BO system.

·         Create BO Groups and link the BW roles to BO Groups

·         Assign the folder Level Security for the BOBJ groups

·         Mass User Load for the Production Release using Excel Scripts.

·         Assignment of Roles with Post Dated validity for new and Existing Users.

·         Coordinate with the Business teams for any Role changes and Requirements.

·         Maintain separate roles for the MOCK and SIT cycles used by the Technical and Functional teams.

·         Data Migration Support to the DEV and Functional teams.

·         Coordinate with Functional and Technical teams for the Custom Transaction code Creation and maintaining SU24 changes.

·         Upload roles to the GRC System and Maintain the Role Owners.

·         Adding Fire Fighter Controllers and Owners to the Fire Fighter IDs.

·         Performed risk Analysis where ever required for both User Level and Role level.

·         Troubleshooting Users issues on the GRC Access requests processes.