Venkateshwa Rao

  • SAP Security & GRC Consultant
  • San Jose, CA
  • Member Since May 07, 2023

Candidates About

 

                Venkateshwa Rao                                                                                      

Career Summary:

·         6+ Years of experienced in working on Implementation, Go-Live, Post Go-Live, Production Support, Security Re-design, and segregation of duties (SOD) remediation projects in R3, EP, HR, BW/BI,BOBJ,BPC,SM, CRM, SEM  and HANA etc

·         Robust background in architecture, requirements gathering, design, re-design, development, and 
maintenance for SAP applications security

·         Full range expertise in project management aspects such as planning, assessment, remediation, 
task management, business impact, change management and communication

·         GRC 5.3/10.0 implementations defining and driving governance, risk and compliance for big enterprises

·         Collaborated extensively with SOX, Internal Audit, and External Audit teams for SAP systems 
compliance activities

·         Handled security workshops and acted as the focal point for SAP security and compliance 
actives

·         Worked on Biz rights (Approva tool) for SOX violations and GRC 10.0 Access Controls proposal as part of Internal Controls.

·         Strong knowledge on sap hana implementation.

·         Interfaced extensively with clients to gain insight and develop solutions to meet customer 
business needs across the entire SAP landscape

·          Designed and implemented Central User Administration (CUA)

·         Expertise in System Auditing from Security point of view and usage of Security Workbench Tool for Mass User and Role Administration activities.

·         Worked with NW Identity management(IDM) 7.2

·         Experienced in adhering to the Change Management Processes for transporting roles, tables, 
security objects, GRC configuration, and maintaining the change documents

·         Extensive experience with resolving ticket issues and troubleshooting security authorization 
problems while adhering to Service Level Agreements (SLA)

·         Experienced in providing security authorizations and GRC training 

·          SAP Basis Activity includes Daily Health Checks, OSS Notes Implementation, New Developer Key Access, Configure the RFC connections, Spool Administration, Scheduling and Monitoring Background Jobs

 

Education

Bachelors in Computer Sciences from Acharya Nagarjuna University, India

 

Technical Skills:

 

SAP Skills                    : SAP Security & GRC, SAP HANA Implementation.

ERP Package                : ECC 6.0 / 5.0, BW 3.5/7.3,BI 7.0/7.1, GRC 10.0/10.1,HANA

Tools                           : Digital Forms, Incident Management, BMC Remedy and Certido.

GUI                             : SAP GUI

Database                      : Oracle, MS SQL

Operating System         : Windows 7, Windows Vista/XP

 

 

Professional Experience:

 

McKesson, CA                                                                                        Feb 2015 –Present

Role :  SAP Security & GRC Consultant

 

Responsibilities:

 

• Main responsibility included working closely with the technical and functional leads to create and maintain security roles, discuss status reports, and policies related to the SAP R/3 systems.

• Handled Security designing roles for modules of SAP R/3 such as FI, MM and PP.

• Involved in all aspects of SAP security from setting up naming conventions for roles, profiles, and test ids, while working closely with various functional teams to collect role requirements.  

• Worked on Authorization objects, Activities/values/authorization groups, Roles, Role derivations, Activity groups, Composite Activity groups and User id assignments.

• Analyzed roles and mapped them to transaction codes according to business process.

• Created and generated profiles, authorization objects, object classes, roles and assigned to user master record.

• Used Transport Management System (TMS) for Transporting the generated roles and profiles.

• Extensively used the following transactions on daily basis - SU01, PFCG, SU53, SU24, SM59, SUIM and ST01 for providing technical support to users.

• Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

• Configured Profile Generator and performed transports and mass transports of roles and used CATT scripts for mass users and assigning roles.

• Performed reconciliation of User Master record & roles using PFUD and SUPC.

• Worked with process experts for SOD conflicts and assigned appropriate roles to the users. Also, supported audit team for generating audit reports.

• Involved in GRC 10.0 end to end implementation.

• Performed Risk analysis for roles and user level.

• Created, modified, locked users through ARM component and performed risk analysis

• Extracted the FF log reports and sent to controllers.

• Performed Role Sync, User Sync and FF Log Sync successfully.

• Created RFC connection between GRC and Backend systems.

 

Environment: SAP R/3, ECC 6.0, GRC 10.0/10.1

 

 

CELGENE - Township of Warren, NJ                                                            Oct'2014 to Aug'15

SAP Security & GRC Consultant

 

Responsibilities:

 

• Project Planning for SAP system authorization, Compliance & Production support including individual task allocation and dependencies.

• Supporting GRC Access Control application including ARA, EAM, ARM and BRM.

• Developed and analyzed periodic Audit steps & quarterly User Access Review for the same.

• Support through Access DB (Incident Management).

• Assisted HR security implementation & support and Auto-Provisioning from GRC.

• Administered entire CUA landscape monitoring & improving performance.

• Well analyzed Segregation of Duties (SOD) with in the region of ECC and HR for provisioning and

de-Provisioning users using GRC Access Request Management.

• Responsible for creating multiple Composite and Master-Derived roles.

• Excellent understanding of risks involved & risk control recommendations of business processes.

• Extensively used MS Excel to present and track status/ audit reports.

• Participated in Internal and External security audits.

• Proposed & implemented Master-derived role approach as security redesign.

• Facilitated numerous design discussions and consolidated a re-design implementation plan.

• Support for new user creations, role requests, custom auth objects, table restrictions, etc.

• Worked with business, functional leads and Basis to identify critical roles.

• Worked with business to discuss SOD issues and suggested removal violations.

• Responsible for coordinating, communicating, teamwork within the team and end users.

 

Environment: ECC 6.0, BI 7.0, GRC 10.0

 

Evolgence - Hyderabad, India                                                   Jun'10 to Aug'14

SAP Security & GRC consultant

 

Responsibilities:

 

• Worked on creating and updating Roles as per the Basis team requirements.

• Identified and fixed the manual changes in SU24 for specific transactions.

• Recommended a matrix with role definitions that relate to the company functional roles and responsibilities.

• Role Download/ Upload, Mass Generation/ Mass Transport.

• Identified fixes for production issues related to security and tested them in DEV and QA for transport to PROD environments.

• Maintaining (Create, Delete, Change, Copy) SINGLE, COMPOSITE and DERIVE Role in Customer

 Namespace.

• Set up the Profile Generator to create authorization profiles (PFCG).

• Created roles by using Profile Generator and assigned them to users and organizational units (PFCG).

• Creation and modification of Roles and profiles as per the requirement using PFCG.

• Massively transported roles from Development to Production System (PFCG).

• Analyzed user's outputs and corrected security deficiencies (SU53 & SU56).

• Locked all the critical transactions (SM01).

• Unlock users and reset passwords for the data team members.

• Coordinated in completing the SAP security audit requirements checklist.

• Involved in GRC 10.0 end to end implementation.

• Performed Risk analysis for roles and user level.

• Created, modified, locked users through ARM component and performed risk analysis

 

 

Environment: R/3 4.6C, BW3.5, GRC 10.0