Sumit Limbu

  • SAP Security & GRC Consultant
  • Alexandria, VA
  • Member Since May 10, 2023

Candidates About

 

Sumit Limbu

Professional Experience:

·         SAP Security and GRC Specialist with 11Yrs of experience in SAP Implementation, Upgrades and Operations Support on SAP HANA, ECC, BW and Portals.

·         Extensively worked on Analysis, Design, Development, Configuration and Customization of Security Solutions for various industries in multiple SAP Security Lifecycles (Analysis & Conception, Quality Assurance & Tests and Cutover).

·         Rich experience in integration of SAP Security Solutions for various SAP landscapes, such as – ECC 6.0 including EhP6/Ehp7, HCM ESS/MSS, HR, BI/BW 7.3 (Analysis Authorizations), SAP Basis, Enterprise Portal Security, GRC AC 10.1, 5.3, HANA Administration, CRM etc.

·         Implemented Lean/Six Sigma processes to optimize the run services and improve productivity savings.

·         Performed the role of SQA (Software Quality Assurance), QMP (Quality Management Plan) and Continuous Improvement plan within the SAP project landscape.

·         Also performed the role of Configuration Manager and was entrusted with maintenance of all project artifacts.

·         Experience in SAP S4 HANA Security design User administration, Role administration, Authorizations and Privileges

·         Identified and defined all privileges types (System/Object/Package/Application/Analytical) at user level

·         Extensive hands on Experience in SAP GRC Access Control and Process Control 10.1 Suite in Implementation, Automation, upgrade experience and also with GRC AC 5.3 Suite (CUP, RAR, ERM, SPM).

·         Worked on SAP GRC Access control and Process control to automated tools for managing an internal security model, remediate compliance issues, and monitor potential business risks within an SAP system.

·         Worked on SAP Procure to Pay (P2P) Process Analyzer to track procure to pay transactions, and identify ex-ceptions to business rules, on a continual basis.

·         Created an Audit Risk Rating to find the set of auditable entities and risk factors.

·         Have extensively worked on configuring MSMP & BRF Plus rules in GRC Access Control 10.1. Designed and implemented workflows for business scenarios for User management, Emergency access management & Risk management.

·         Experience in implementing SAP CUA (Central User Administration) functionality within customer landscape.

·         Successfully executed around 10 annual Security Audits with external and internal Audit teams and initiated immediate remediation plans.

·         Strong knowledge of multi system landscape architecture and integration aspects in implementation of complex security framework and SAP Role matrix using the SAP Authorization Concept in Profile Generator tool (PFCG).

·         Experience in preparing project documentation & templates – Business Blueprint, Process definition, Role Definition, Business Requirement and SOD Matrix etc.

·         Thorough understanding of Sarbanes-Oxley (SOX) Act (Section 302 and Section 404) and also experience in Segregation of Duties (SOD) and Audit Compliance Standards.

·         Excellent knowledge in profile-based security, structural authorizations, Computer Aided Test Tool (ECATT/SECATT).

·         Involved in BOBJ Security Administration.

·         Expert in User Tracing and Troubleshooting User Authorization issues using SU53 and ST01.

·         Experienced in producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*).

·         Extensively worked on HR Authorization Objects like P_ORGIN, P_ORGXX, P_ORGINCON, and P_PERNR etc.

·         Worked on BI 7.3 Security in creating, maintaining Analysis Authorizations using RSECADMIN tool.

·         Experienced in managing teams with full responsibility of maintaining high level of Response & Resolution SLA for clients.

·         Experience on Creating EC2 instances on AWS Cloud platform and experience on AWS Console

·         Hands on experience on System/Instance Status Checks to detect problems that may impair with the instances.

·         Monitored Cloud Watch alarms & metrics.

 

Skills:

SAP                                                       S4 HANA, SAP Basis, SAP GRC AC & PC 10.1, GRC 5.3, SAP Security Authorizations, User & Role Administration, CUA, Data Migration, SOD.

 

Data Base                                         Hana, Oracle, DB2, SQL Server, MySQL, Sybase, Knowledge on AWS SysOps

 

Service Management                Service Now, BMC Remedy, HPQC, HP-ALM

 

Professional Certifications, Trainings / Seminars Attended

·         SAP Associate Level Certification in SAP GRC 10 (C_GRCAC_10)

·         “Lean Six Sigma Certified 7 Star” for demonstrating proficiency in Genpact Lean Methodology

·         Sun Certified System Administrator for Solaris 10 OS, Part 1

 

Projects Experience:

SAP Security & GRC Consultant                                                                                         Dec 2016 Till Date

Washington Gas - Alexandria, VA

 

Armstrong is a leader in the design and manufacture of floors and ceilings. Armstrong provides a portfolio of residential and commercial products and services to help customers to deliver the exceptional interiors they envision for themselves and their clients.

 

Responsibilities:

·         Worked on the role design for ECC and CRM (ICWEB) maintaining authorization restrictions as per the role matrix after finalizing the requirements with Business Process Owners and OCM.

·         Single handed supported the testing cycles of ITC1, ITC2, ITC3 throughout the UAT while resolving the defects on the same time for all testing cycles using tool HP ALM and using Service Now (SNOW) for Production Support.

·         Prepared the test scripts for all the roles to be tested for ECC and CRM and other documentation like End User Training Documents for GRC.

·         Prepared the test scripts for all the roles to be tested for ECC and CRM and other documentation like End User Training Documents for GRC.

·         Worked with the Business Process owners to identify the role owners, Fire Fighter ID Owners, Controllers and then maintained them in GRC.

·         Implemented CUA on Solution Manager (Solman) for Non - Prods and Training Environments and managed user administration through CUA.

·         Also Worked on SAP Order to Cash (OTC) Process Analyzer to continuously monitor controls in SAP order to cash process, from sales order entry through shipping, invoicing and payment.

·         Activated BC Sets for ARA, EAM, ARM, & BRM.

·         Worked on GRC 10.1 post-installation activities & maintained security parameters for EAM, ARA & ARM tools.

·         Configured MSMP workflows for different user provisioning scenarios i.e. New, Change, Lock and Unlock user accounts. Created complex BRF plus rules and workflows to meet the user management scenarios.

·         Maintained Rule Set, Function ID & Risk ID with Risk Owners and generated rules for the Risk IDs.

·         Defined process and ownership of the Risks and Functions.

·         Configured Parameters for EAM & Mapping of Owners, Controller and FF Ids etc.

·         Running and publishing various SOX reports like, UAR, Critical Actions, SOD, Critical Permissions, Firefighter Log Review, 90/360 days Inactivity, and SAP Security Parameters. Also worked on Security Patch Review, Table Log Review, DDIC Activity, SAP_ALL, SAP_NEW Access, access to modify logs.

·         Analyzed existing roles and recommending the changes required

·         Analyzed SAP BI Security platform and created/maintained Analysis Authorizations using RSECADMIN tool for all BI business modules.

·         Identified BI authorization related problems using RSECADMIN and Tcodes RSD1, RSA1.

·         Provided assistance to technical teams and developers to ensure consistency with company data security policies and requirements.

·         Identified and scheduled the batch jobs for user, role and authorization sync.

·         Worked on SAP Audit tools (SM20, SM19 and SM18).

·         Worked with various functional and audit teams to setup the SODs and defining Rules and Risk IDs.

·         Prepared Roles and SOD matrix to comply with companys and SOX policies guidelines

 

Technologies:                               GRC 10.1, S4 HANA, BI 7.3

Tools:                                                 SAP GUI 720, BEX, Analyzer, Solution Manager CHaRM, ITSM

Key Achievements:    Received appreciations and awarded for the contribution towards my recommended process improvement ideas and deliverables.

 

SAP Security & GRC Lead                                                                                                       Jul 2014 – Dec 2016 

Cognizant Technology Solutions, USA Corp - Stamford, CT

 

Genpact Limited is a multinational business process outsourcing and information technology services company, domiciled in Bermuda with executive headquarters in New York.

                                          

Responsibilities:

·         SAP Security production support activities which includes user, role administration, fixing missing authorizations.

·         Brough down the SOD risks from high number to low numbers by thorough analysis at user/role level and by performing role level remediation. This has been achieved by coordination with SAP functional owners & Business owners

·         GRC ruleset has been customized as per Client/Business requirements.

·         Firefighter (Emergency access management) has been implemented at Purdue for multiple SAP modules to grant emergency access in Production systems for audit trail.

·         GRC Password self-service has been configured by integrating with Active directory.

·         Successfully rolled out SAP Security up-gradation of solution manager from 7 to 7.1. Part of it, SAP Security roles have been built for approving Change requests at developer, Change manager, IT manager, ISQA, Basis level with in Charm (Solution manager).

·         Primary point of contact for External E&Y Audit at onsite and facilitated the audit for SAP Security module and all other modules.

·         Assists with the management of improvement initiatives from a structural, functional and organizational change management perspective.

·         Provided trainings on Company QMS (Quality Management System) and CMMI concepts.

·         Conducted unit, user acceptance and system integration tests. Documented defects in HPQC, resolve the defects, document the test results, gather test signoffs, prepare cutover and go-live strategy, create user guidance documents for user interface with SAP and GRC systems, create work SOPs and work instructions for support teams, provide post go-live support.

·         Conducting meetings with business and functional teams to finalize rule sets, workflows and master data for user and role provisioning, role authorization and position matrix.

·         Implemented Emergency Access Management for handling fire fighter IDs, configured automatic workflows for managing emergency ID assignment and review of the firefighter logs, build firefighter IDs  in remote systems, identify FF owners and reviewers and schedule batch jobs for log generation.

·         Work with compliance managers/leads to review the reports and facilitating in eliminating SOD risks and creating and maintaining mitigation controls.

·         Extracting and analyzing various system reports (UAR, Critical actions, SOD reports, Security parameter settings, etc.) to make sure the SAP systems are compliant.

·         Understanding existing HR Structure &Authorization system setup by closely monitoring activities in HR system.

·         Designing HR Authorization concept which best suites the clients need. Analyzing and adjusting ESS/MSS roles.

·         Have worked extensively on BI Security creating, maintaining Analysis Authorizations using RSECADMIN tool.

·         Troubleshooting BI authorization related problems using RSECADMIN and Tcodes RSD1, RSA1.

·         Cleaning up of roles and profiles, which are not in use.

·         Extracting, analyzing and providing various reports to Business stake holders Weekly, Monthly, Quarterly, Semi-Annually and Annually.

 

Technologies:                               -              GRC 10.0, GRC AC 5.3 HANA, BW 7.0.

Tools:                                                 SAP GUI 720, BEX, Analyzer, Solution Manager CHARM, Service Now.

Key Achievements:                    Lean Six Sigma Certified 7 Star for demonstrating proficiency in Lean Methodology and successfully applying the learning’s to drive Continuous Improvements.

 

 

SAP Security/GRC Consultant                                                                                            Jun 2013 – July 2014

BNSF Railways, Fort Worth, Texas, USA

 

Head quartered in Fort Worth, Texas. BNSF Railway operates one of the largest railroad networks in North America. This network covers the western two-thirds of the United States. BNSF Plays a vital role in the U.S. Economy, hauling the product consumers user every day and the raw materials manufactures need to make those products.

 

Responsibilities:

·         Worked with the business area owners and business analysts to gather security requirements, assist in designing and building appropriate role-based security for the SAP environments including role definition and job/position mapping.

·         Integration of different components of GRC Access Control ARM, ARA, EAM.

·         Carry out configuration tasks in development which also includes post installation configuration steps and steps for implementing GRC as per design documents

·         Centralized Emergency Access Management, Provision & Manage Users, Design & Manage Roles.

·         Integration GRC Access Control for User Authentication & User Details repository (LDAP)

·         Preparing various documents and templates Business Blueprint, Process definition, Monitoring worldwide demands, Role Definition, Role Matrix, Business Requirement, SOD Matrix etc.

·         Analyzing existing authorization objects and recommending the various other authorization objects to make use of as per need.

·         Analyzing and adjusting ESS/MSS roles.

·         Created, generated profiles, Authorizations, object classes, objects, and roles and assigned to user master.

·         Extensively used Automatic Profile Generator (PFCG) to create roles/profiles.

·         Used SU24 for maintenance of authorization objects/keys in transaction base.

·         Transported profiles between clients and within R/3 system landscape, performed transports and mass transports of roles.

·         Management, User administration monitoring, User Tracing and Troubleshooting User Authorization issues using SU53, ST01 & SUIM.

·         Worked on remediation and assist in elimination of Segregation of Duties (SOD) conflicts inherent within the International paper SAP security Model.

 

Technologies:                               SAP 4.6, ECC 6.0, GRC 5.3, upgrade GRC 10.0

Tools:                                                 SAP GUI, GRC 10.0, Ticketing tools (BMC Remedy).

 

SAP Security/GRC Consultant                                                                                            Jun 2012 – May 2013

DELL, Texas

 

Dell Information Technology is a world-class IT organization that employs 5000+ across the globe. Company is focused on driving business transformation, superior customer satisfaction, and revenue growth through innovation and cutting-edge technology that leverages traditional ERP, as well as cloud, analytics, mobile, and social solutions.

 

Responsibilities:

·         User master Record creation/ modification using SU01, including complex design restrictions.

·         Mass user creation using SU10.

·         Role creation/ modification using Profile Generator (PFCG) including complex design restrictions.

·         Expertise in resolving Authorization issues by analyzing Authorization Checks.

·         Troubleshooting user access through authorization error analysis (SU53, SU56) and System Trace (ST01).

·         Worked on audit logs using SM18, SM19 and SM20.

·         Restriction of Org and Non-org authorization values in Master and Derived roles

·         Maintained authorization groups for all the required tables in the table TDDAT

·         Proficient in working with the tables USR*, AGR* and USH*.

·         Performed risk analysis at User level and Role level and to mitigate risks for the users using Risk Analysis and Remediation (RAR) tool.

·         Automated workflow for user maintenance using auto provisioning tool Compliant User Provisioning (CUP).

·         Assigned firefighter controller to the firefighter ID and mapped to distribute Fire Fighter logs to owners.

 

Technologies: ECC 6.0, GRC 5.3 and Virsa tools.

Tools: SAP GUI, Ticketing tools (BMC Remedy).

 

SAP Security/GRC Consultant                                                                                            Mar 2009 – Jun 2012

 

Sudarshan Chemical Industries Limited

 

Sudarshan Chemical Industries Limited, its color and effect pigment business is the flagship of the group. Its extensive range of products includes organic and inorganic pigments, mica-based effect pigments, chemical intermediates and pesticides.

 

Responsibilities:        

<span style="font-size:11pt;font-family:Symbol;