
Kar P
- SAP Security Lead /Architect - SAP GRC Access Control Lead/Architect - SAP GRC Process Control Lead/Architect – SAP GRC Risk Management Architect / Lead
- Milwaukee, WI
- Member Since Mar 11, 2023

Kar P
Expertise
SAP Security - 20 years Full Life Cycles in GRC - 11 projects
SAP Security / GRC Architect - 11 years HR Structured Authorizations - 15 years
GRC - 11 years SAP CRM Security - 16 years
GRC PC 10.x - 4 years SAP CRM 7.0 Security – 6 Years
GRC PC 10.1 - 3 years SAP BW Security - 16 years
3 Full Life Cycles in GRC 10.x Process Controls SAP BI 7.0 – 9 Years
SAP Process Controls - 10 years SAP BOBJ with HANA Security – 6 Years
SAP Access Controls - 10 years SAP HANA Studio Security – 2 Years
SOD/SOX - 15 years Netweaver - 13 years
Full Life Cycle in SAP Security – 11 Projects
SUMMARY:
• He has over 30 years of IT Industry experience including over 20 years of SAP Security, SAP GRC, & SAP Basis experience, which includes SAP GRC (includes Access Control, Process Control, CfP (Compliance for Products) and EH&S), SAP Security with SAP Netweaver Identity Management, SAP Solution Manager & SAP Basis with Data Security, Authorization concepts, SOX compliance, upgrade process, applying patches with strategy, performance monitoring thru central CCMS, Central User Administration (CUA)(configuration & maintenance), OSS connections management, Transport Management (TMS), writing technical specs for custom development & creating custom authorization objects, coordinating with development team (onsite & off shore) for developing customization requirements & ensuring that security standards are maintained, writing SAP Security procedures, maintaining SAP Security parameters in the system, developing & maintaining SAP security authorizations with strong techno functional background
• Experienced in configuration of SAP GRC (includes Access Controls, Process Controls, CfP (Compliance for Products) and EH&S) and configured Process Controls for all business processes (BPs) of APO with SCM, CRM 7.0 with CRM-ACE & SPRO activities, EWM, ECC & R/3, HCM, HR, SRM and Basis & Security
• Expertised in Project Plan, Blueprint, Design, Build, Testing, Cut-over & Go-live activities of SAP Security for all SAP modules (Business & Suppport team authorization requirements) including SAP HANA Design Studio which includes Analysis Authorization, Creating Dynamic Analytic Privileges, SAP BOBJ & SAP BI query authorizations, Data management with Security authorization controls, SAP CRM 7, SAP ECC, SAP TM, SAP EWM, SAP SCM / APO, SAP HCM / HRM, SAP SRM / Buyer, SAP SUS, SAP EM, SAP NW, SAP Master Data, SAP Portal
• Expertised in Project plan, Configuration & support for GRC 10.1, 10, 5.3 & 5.2 implementation with Access Controls, Process Controls, CfP and EH&S. Expertised & Presented the benefits for implementing & stage wise GRC 10.1, 10.0, 5.3 & 5.2 implementation process. Experienced in working with BPOs, SOX audit team, Project leads for the GRC implementation process and conducted presentations and steps involved in the implementation. Experienced in conducting workshops to Business Process Owners, SOX / IT Compliance team, SAP Project functional team which includes implementation & configuration of SAP GRC Access Enforcer (AE), SAP GRC Role Expert, SAP GRC Compliance Calibrator and SAP GRC Firefighter (SAP GRC 10, 5.3 & 5.2) & (SAP GRC 10, 5.3 modules). Experienced in presenting to the project management team in detail about the Role designing & SAP best practice in the industry for role designing & naming conventions. Expertised in presenting detailed workflow requirements, Approval process requirements, stage wise process requirements for SAP GRC Access Enforcer and role approval workflow process in SAP GRC Role Expert. Experienced in presenting in detail about Emergency risk handling & audit log maintenance in Firefighter
• Experienced with Business Object Process Control 3.0 with GRC 10, 5.3 to automate the most time consuming tasks related to Sarbanes Oxley Compliance control assessments.
• Experienced in configuring Process Control to continuously monitor and report the activities in the enterprise applications and provide drill-down capabilities to facilitate analysis, pinpoint the cause of control violations and perform remediation in real time basis.
• Experienced in integrating Process Control with Risk Analysis and Remediation process, this includes documenting Process Controls as a factor of Internal control management and integrates Process Control with access controls to control the process automatically with appropriate approvals & mitigation process. This also includes tracking of issues to remediation and certify and report on the state and quality of internal controls. Using of combination of data forms, automated workflows, certification and interactive reports to enable members of internal control audit and business process teams to effectively manage compliance activities
• Experienced in applying patches in ECC 6.0 with strategy for backups of all data, downtime analysis, new updates analysis with new patches & communicating new features to the team
• Experienced in performance monitoring thru central CCMS
• Experienced in Central User Administration (CUA) configuration & maintenance
• Experienced in OSS connections management
• Experienced in Transport Management System (TMS) for Transporting of Roles & developments
Skills:
ERP SAP NetWeaver ’04, 7.0, R/3 (3.0, 3.1, 4.0B, 4.5B, 4.6B, 4.6C, 4.7 Enterprise, ECC 5.0, ECC 6.0), SAP CRM 7.0, SAP SRM 7.0, SAP HR / HCM 7.0, SAP EWM, SAP SCM, SAP EBP, SAP APO, SAP Portal, SAP BI-7.0, BW 3.5, SAP BOBJ with HANA Security, SAP SEM, SAP PI 7.0 & SAP XI, SAP Solution Manager 3.2, 4.0, 7.0 Security Administration, CUA, Blue Print, BPML, URS, SRS &SDS documentation.
SAP Tools SAP GRC 10, 5.3, 5.2, 5.1 & GRC 5.0, VRAT - Virsa Tool 3.0, 3.5, 4.0, 4.5, and SAFE (PWC Tool)
Platforms Windows NT, Windows 2000, Windows 2003 and UNIX
Languages JAVA, PL/SQL, JAVA Bean, VB, VB Script, Visual FoxPro, COBOL, C++ and D2K
Internet Technologies ASP, XML, HTML, Servlets, JAVA Script
RDBMS SQL Server 2000, Pervasive SQL, Gupta SQL, Oracle - 8i, Sybase and DB2
DBMS Visual FoxPro
Testing Tools JTest, Win runner
CM Tools Clear case, Visual Safe
Case Tools OOA/OOB
Firewall Cisco, 3Com
Networking Structured Networking, Cisco Switches, Routers
WORK EXPERIENCE:
Confidential, Milwaukee, Wiconsin July 2015 to Present
SAP Security Architect / SAP GRC Architect
• Working extensively in CRM 7.0 developing security stategy for CRM 7.0 & configuring CRM UI Web components into the role & thru SPRO configuration. Building roles in SAP with WEB UI framework & authorization requirements, coordinating with business teams (STC, MTC & OTC) collecting WEB UI requirements and coordinating with portal development team for iview developments to support WEB UI framework developed in the backend
• Working extensively with BI team to develop BI 7.0 & BOBJ roles with HANA Security with analysis authorization & hierarcy authorizations
• Working with Business Object Process Control 3.0 with GRC 10.1 to automate the most time consuming tasks related to Sarbanes Oxley Compliance control assessments
• Worked in configuring Process Control to continuously monitor and report the activities in the enterprise applications and provide drill-down capabilities to facilitate analysis, pinpoint the cause of control violations and perform remediation in real time basis
• Working extensively with technical unit testing of security design to ensure that the security quality standards are maintained with appropriate authorization controls
• Working extensively in the following SAP systems with Security & GRC requirements focused with release stages:
• NetWeaver 7.40, ECC 6.0, SAP HANA Studio, BI 7.0, BOBJ (SAP Business Objects Web Intelligence), SCM 7.0, EWM 7.0, CRM 7.0 (STC,OTC & MTC) with SPRO configuration, GTS 7.40, Portal 7, GRC 10.1, Solution Manager 7.1 for blue print documents & recording for each work stream for roles & transaction codes (L3 Level) requirements to support Security build.
• Working with development team to maintain the security standards in custom developments with appropriate authority checks in place
• Working with Solution Manager team & business process team to ensure that all technical requirements for security process is captured completely and documented as required in security controls manual
• Working extensively with Business Information Support (BIS) Team to build support roles in each systems to support - Build, Configuration, Data management, Internal & external services, User Interface (UI) components, Cutover, hypercare & Production support activities.
Patterson Companies, Inc. Eagan, MN November 2014 to July 2015
SAP Security Architect / SAP GRC Architect
(A leading Dental, Veterinary & Medical Company)
• Worked extensively in CRM 7.0 developing security stategy for CRM 7.0 & configuring CRM UI Web components into the role & thru SPRO configuration. Building roles in SAP with WEB UI framework & authorization requirements, coordinating with business teams (STC, MTC & OTC) collecting WEB UI requirements and coordinating with portal development team for iview developments to support WEB UI framework developed in the backend
• Worked extensively with BI team to develop BI 7.0 & BOBJ roles with HANA Security with analysis authorization & hierarcy authorizations
• Worked with Business Object Process Control 3.0 with GRC 10.1 to automate the most time consuming tasks related to Sarbanes Oxley Compliance control assessments
• Worked in configuring GRC Process Control 10.1 to continuously monitor and report the activities in the enterprise applications and provide drill-down capabilities to facilitate analysis, pinpoint the cause of control violations and perform remediation in real time basis
• Worked extensively with technical unit testing of security design to ensure that the security quality standards are maintained with appropriate authorization controls
• Worked extensively in the following SAP systems with Security & GRC requirements focused with release stages:
• NetWeaver 7.40, ECC 6.0, SAP HANA Studio, BI 7.0, BOBJ (SAP Business Objects Web Intelligence), SCM 7.0, EWM 7.0, CRM 7.0 (STC,OTC & MTC) with SPRO configuration, GTS 7.40, Portal 7, GRC 10.1, Solution Manager 7.1 for blue print documents & recording for each work stream for roles & transaction codes (L3 Level) requirements to support Security build.
• Worked with development team to maintain the security standards in custom developments with appropriate authority checks in place
• Worked with Solution Manager team & business process team to ensure that all technical requirements for security process is captured completely and documented as required in security controls manual
Becton Dickinson, Franklin Lakes, NJ Sept 2011 to November 2014
SAP Security & SAP GRC Architect & Team Lead
• Returned to this project to plan Security & GRC go-live activities for Waves. To analyze & complete documentation requirements for Work process roles, support roles, Security & GRC Strategy for cleanup & Improvement processes. To Analyze Security audit requirements for Waves includes cut-over plan, go-live activities & post go-live activities.
• Worked extensively in the following SAP systems with Security & GRC requirements focused with waves
Environment: NetWeaver 2004s, ECC 6.0, BI 7.0, BOBJ with HANA Security, SAP HANA Studio, SRM 5.0, SCM 5.1, EWM 5.1, CRM 7.0 (UTR, OTS, MTC) with CRM-ACE & SPRO, EHS (Environment, Health & Safety), HCM 6.0, GTS, PI 7.0, Portal 7, GRC 10, 5.3, CLM, MDM-SRM, MDM-CRM, Solution Manager (Solman) for blue print, CUA, Charm process, System Design Specification Documents for each work process roles from Security & GRC perspective.
Synthes Inc, West Chester, PA April 2011 to Sept 2011
Lead SAP Security Architect & SAP GRC Architect
• Worked extensively from the starting of the project. Worked thru Blueprint stage. Developed Security & GRC architecture, Business Process Document, Strategy Document with Complete plan to cover realization, Pilot-1, Wave 1 thru Wave-3.
• Worked as SAP Security Project Lead for SAP implementation projects. Security project lead for the Security design and implementation for NetWeaver 2004s, ECC 6.0, BI 7.0, BOBJ with HANA Security, SRM 5.0, SCM 5.1, EWM 5.1, CRM 7.0 (UTR, OTS, MTC) with CRM-ACE & SPRO, EHS (Environment, Health & Safety), HCM 6.0, GTS, PI 7.0, Portal 7, GRC 10, 5.3, CLM, MDM-SRM, MDM-CRM, Solution Manager (Solman) for blue print & CUA.
• Started this project from Blueprint stage and completed Blueprint, Realization Phase, Technical Unit Testing. Completed planing of activities for Functional Unit Testing, Integration Cycle-1, Integration Cycle-2, Intergration Cycle-3, Pilot& Wave-1, Wave-2 & Wave-3 with detailed plan includes rollouts, mock cutover, Data loads with security controls in place.
General Motors Company (GM), Detroit, MI January 2011 to April 2011
Lead SAP Security Architect / SAP GRC Architect
• Working as SAP Security Project Lead for SAP implementation projects. Security project lead for the Security design and implementation.
• Worked extensively with the client for the security design strategy for the blueprint & security designing in SAP with appropriate controls & localization requirements for all Process teams.
• Worked extensively with technical unit testing of security design to ensure that the security quality standards are maintained with appropriate authorization controls
• Worked with development team to maintain the security standards in custom developments with appropriate authority checks in place
• Worked with Solution Manager team & business process team to ensure that all technical requirements for security process is captured completely and documented as required in security controls manual
Becton Dickinson, Franklin Lakes, NJ March 2009 to December 31st, 2010
Lead SAP Security Architect / SAP Security Project Lead / SAP GRC Architect
• Worked as SAP Security Project Lead for SAP implementation projects. Security project lead for the Security design and implementation for NetWeaver 2004s, ECC 6.0, BI 7.0, BOBJ with HANA Security, SRM 5.0, SCM 5.1, EWM 5.1, CRM 7.0 (UTR, OTS, MTC) with CRM-ACE & SPRO, EHS (Environment, Health & Safety), HCM 6.0, GTS, PI 7.0, Portal 7, GRC 10, 5.3, CLM, MDM-SRM, MDM-CRM, Solution Manager (Solman) for blue print & CUA.
• Started this project from Blueprint stage and completed Blueprint, Development, Configuration, Integration Cycle-1, Integration Cycle-2, Intergration Cycle-3 & IC3 clean up work. Planning & Preparing for Wave-1, Wave-2 & Wave-3 with detailed plan includes rollouts, mock cutover, Data loads with security controls in place.
• Worked with Business Object Process Control 3.0 with GRC 10, 5.3 to automate the most time consuming tasks related to Sarbanes Oxley Compliance control assessments
• Worked in configuring Process Control to continuously monitor and report the activities in the enterprise applications and provide drill-down capabilities to facilitate analysis, pinpoint the cause of control violations and perform remediation in real time basis
• Worked in integrating Process Control with Risk Analysis and Remediation process, this includes documenting Process Controls as a factor of Internal control management and integrates Process Control with access controls to control the process automatically with appropriate approvals & mitigation process. This also includes tracking of issues to remediation and certify and report on the state and quality of internal controls. Using of combination of data forms, automated workflows, certification and interactive reports to enable members of internal control audit and business process teams to effectively manage compliance activities
• Participated in SAP Audit towards RAR rule book with Segregation of Duties, Critical Actions & Permissions, Mitigation Controls, remediation process.
• Worked extensively in CRM 7.0 developing security stategy for CRM 7.0 & configuring CRM UI Web components thru SPRO & CRM/ACE, building roles in SAP with WEB UI framework & authorization requirements, coordinating with business teams (UTR, MTC & OTS) collecting WEB UI requirements and coordinating with portal development team for iview developments to support WEB UI framework developed in the backend
• Worked extensively in SAP Identity Management in managing User authorizations using IAM to all the instances in SAP landscape & also configuring and user authorization concepts in SAP Solution Manager.
Worked extensively with BI team in BI 7.0 role builds with controls around building reports with defined authorization:
• Around Info Provider level
• Around Characterstics level
• On Characterstics value level
• On Key figure level
• On Hierarchy node level
Stanley Works, New Britain, CT January 2008 to February 2009
Lead SAP GRC Project / GRC Architect / SAP Security Architect
• Worked on Project plan for GRC 10, 5.3 implementation & configuration. Presented the benefits for implementing & stage wise GRC 10, 5.3 implementation process(Access Control & Process Control).
• Worked with BPOs, SOX audit team, Process Control Owners & Project leads for the GRC implementation process, Configuration & support.
• Conducted presentations and steps involved in the implementation & configuration. Conducted workshops to Business Process Owners, SOX / IT Compliance team, SAP Project functional team.
• This implementation include SAP GRC Compliant User Provisioning (Access Enforcer ), SAP GRC Enterprise Role Management (Role Expert), SAP GRC Risk Analysis & Remediation Process (Compliance Calibrator) and SAP GRC Super User Privilage Management (Firefighter).
• Presented to the project team in detail about the Role designing & SAP best practice in the industry for role designing & naming conventions.
• Analyzed and designed in detail workflow requirements, Approval process requirements, stage wise process requirements for SAP GRC Compliant User Provisioning and role approval workflow process in SAP GRC Enterprise Role Management. Presented in detail about Emergency risk handling & audit log maintenance in Firefighter.
• Worked extensively in SAP Netweaver Identity Management in managing User authorizations (using IAM) to all the instances in SAP landscape & also configuring and user authorization concepts in SAP Solution Manager.
• Configured SAP GRC with CfP (Compliance for Products) and configured for the business processes (BPs) of APO with SCM, CRM with CRM-ACE & SPRO, ECC & R/3, HR, SRM and Basis & Security.
• Worked extensively in SAP Identity Management in managing User authorizations (using IAM) to all the instances in SAP landscape & also configuring and user authorization concepts in SAP Solution Manager.
• I have worked extensively with Business Object Process Control 3.0 with GRC 10, 5.3 to automate the most time consuming tasks related to Sarbanes Oxley Compliance control assessments
• Worked extensively in configuring Process Control to continuously monitor and report the activities in the enterprise applications and provide drill-down capabilities to facilitate analysis, pinpoint the cause of control violations and perform remediation in real time basis.
• Worked on GRC implementation for R/3, HR / HCM, CRM, SRM, EPB, BI, & Solution Manager Worked extensively in integrating Process Control with Risk Analysis and Remediation process, this includes documenting Process Controls as a factor of Internal control management and integrates Process Control with access controls to control the process automatically with appropriate approvals & mitigation process. This also includes tracking of issues to remediation and certify and report on the state and quality of internal controls. Using of combination of data forms, automated workflows, certification and interactive reports to enable members of internal control audit and business process teams to effectively manage compliance activities
Worked extensively with security requirements in all the modules including FI, SD, MM, AM, Support team roles, BW 3.5, BI 7.0 & BOBJ with HANA Security.
Jones Apparel Group, Bristol, PA June 2006 to January 2008
Lead SAP Security Architect
Environment: R/3 ECC 5.0, Netweaver 7.0, Solution Manager 3.2 & 4.0, BI 7.0, BW 3.5, PI 7.0, XI, SAP GRC, Access Enforcer, Role Expert & Compiance Calibrator 10, 5.3 & 5.2, SAP FireFighter)
• Worked as GRC project lead with full project cycle planning from start to finish
• SAP ECC 5.0, NetWeaver ’04 & 7.0 including SAP Netweaver Identity management & SAP Solution Manager, CRM 4.0, BI-7.0, BW, PI 7.0, XI, Solution Manager 4.0 & 3.2 Security Architecture, Analysis & Administration
• Worked extensively in SAP Netweaver Identity Management in managing User authorizations (using IAM) to all the instances in SAP landscape & also configuring and user authorization concepts in SAP Solution Manager
• Configured SAP GRC with CfP (Compliance for Products) and configured for the business processes (BPs) of APO with SCM, CRM, ECC & R/3, HR, SRM and Basis & Security.
• Involved in full life cycle for security development for ECC, BW, XI & solution manager 3.2 (NetWeaver suite ’04) for Apparel group and NetWeaver 7.0, BI 7.0, PI 7.0 & solution manager 4.0 for Nine West group
• Worked extensively in developing CRM role requirements
• Worked extensively with HR team in HCM 6.0 role builds with authorization profiles defined with an authorized objects & structural authorization. Built controls in HCM authorization objects & table maintenance objects with appropriate tables maintenance controls & info types. Built extended protection around HCM Master data & applicant data. Built customizing activity setup in Organizational keys and establishing controls on access on their own master data in SAP HCM module. Handled data protection for objects of Organizational Management, Training and Event Management in SAP HCM module. Worked extensively building controls around HCM reports in HCM module & also integrated with BI reporting with appropriate building of Business Content Info Providers (infocubes & ODS).
• Worked extensively in studying BW security upgrade requirements (from BW 3.5 to BI 7.0)
• Worked extensively in Security upgrade for BW 3.5 to BI 7.0.
• Completed successfully BW 3.5 to BI 7.0 security upgrade
• Worked extensively BW 3.5 & BI 7.0.
• Worked extensively with BW 3.5 & BI role creation activities with specific folder roles, authorization roles (with authorization objects, info objects & info cubes), workbook roles & Query roles.
• Worked extensively with RSECADMIN (BI 7.0) for the Management of Analsis Authorization which includes Create & Maintenance of technical characters to define authorization relevent info objects, authorization on Hierarchy level, authorization on special characterstics which includes Activity, Info provider & Validity.
• Worked extensively with BI team in BI 7.0 role builds with controls around building reports with defined authorization:
o Around Info Provider level
o Around Characterstics level
o On Characterstics value level
o On Key figure level
o On Hierarchy node level
• Worked extensively in SAP GRC / Role Expert / Access Enforcer, Access Control 10, 5.3 & 5.2
• Worked extensively in SAP Process Controls for each module in SAP. Worked extensively with internal control team, Audit team & Process leads to establish controls in each process.
• Worked with Business Object Process Control 3.0 with GRC 10, 5.3 & 5.2 for Sarbanes Oxley Compliance control assessments
• Worked in configuring Process Control to continuously monitor and report the activities in the enterprise applications and provide drill-down capabilities to facilitate analysis, pinpoint the cause of control violations and perform remediation in real time basis
• Worked in integrating Process Control with Risk Analysis and Remediation process, this includes documenting Process Controls as a factor of Internal control management and integrates Process Control with access controls to control the process automatically with appropriate approvals & mitigation process. This also includes tracking of issues to remediation and certify and report on the state and quality of internal controls. Using of combination of data forms, automated workflows, certification and interactive reports to enable members of internal control audit and business process teams to effectively manage compliance activities
• Worked with SAP Firecall ids to set Firefighter Owners, Firefighters, Firefighter security, Firefighter configuration & maintaining Firefighters expiry as per the user request & SAP security manual
• Worked in maintaining SAP Security parameters in all the SAP instances
• Worked in developing & maintaining SAP security authorizations with strong techno functional background
Computer Associates Inc (CA Inc), Islandia, Long Island, NY January 2006 to June 2006
GRC Project Lead / Lead Sap security Analyst / Architect
Environment: R/3 ECC 5.0, 4.7 Enterprise, CRM, SRM, BW, SCM, APO, HR, XI)
• Worked as GRC project lead with full project cycle planning from start to finish
• Worked extensively in SAP Process Controls for each module in SAP. Worked extensively with internal control team, Audit team & Process leads to establish controls in each process.