
Michael B. Mease
- SAP Security Manager
- Dayton, OH
- Member Since Mar 11, 2023
Michael B. Mease
|
Objective |
To apply my skill in the area of SAP Security to add value to an organizations SAP Security investment. Provide experience to ensure the security of the organizations critical data and infrastructure. Work to ensure compliance with government regulations. Develop security solutions that enhance the organizations utilization of critical system applications.
|
|
|||||
|
Experience |
05/30/2010 – Present Amkor Technology Chandler, AZ Manager II SAP Security Manage the global team of SAP Security administrators and engineers and ensure a high standard of support was provided for the SAP application infrastructure. Performed project initiation to determine the project worthiness and cost benefit analysis. Provided project management for SAP Security related projects and managed resources for cross team projects. Performed yearly performance reviews, managed merit increases and employee coaching. Worked with business leaders to determine security requirements. Upgraded the GRC 5.3 Access Controls environment to GRC 10.0. Implemented improved functionality of the GRC10.0 environment.
9/25/2006 – 05/30/2010 Amkor Technology Chandler, AZ SAP Security Staff Engineer Develop SAP Security design for current and new global SAP implementation. The design must follow best practice methodologies. Co-ordinate with Senior business owners and functional team leads to implement GRC controls for Segregation of Duties, Emergency user provisioning, Workflow and automated user provisioning and Role Management. Work with internal and external audit teams to ensure proper policy and SoX compliance.
Provide project leadership for a team of SAP Security Analyst to implement and support an international multiple SAP Security environments.
9/18/2005 – 9/23/2006 The Scotts Miracle-Gro Company Marysville OH, Senior SAP Security Analyst Design and support security solutions for the SAP R/3, BW, HR and CRM application environment. Work with business teams to implement security solutions that allow users appropriate access to the data while not exposing the corporation to unnecessary risk. Work with audit teams to implement controls to ensure an ongoing compliance with the Sarbanes Oxley initiatives. Work with the Virsa and Approva tools to provide necessary reporting and management for the SAP application environments
3/2000 – 9/16/2005 MeadWestvaco Dayton, Senior Security\SAP Analyst Worked with the SAP Basis and Functional teams to design and implement a security strategy for controlled use of the R/3, BW, SEM/BCS and APO SAP application environments. Worked with the Sarbanes-Oxley internal and external audit teams to review identified gaps. Develop and implement the solutions needed to remediate these Sarbanes-Oxley gap issues.
Utilized standard SAP transactions to implement, design, troubleshoot and support the SAP security environment. Some of the transactions utilized are PFCG, SU01, SU02, SU03, SU24, SUIM, ST01, SU10, SE16 and many others.
Responsible for the management of the z/OS RACF configuration. Implemented RACF security profiles to enforce security access and control policies. Developed procedures for security administration and helpdesk support. Created appropriate JCL to allow for the distributed auditing/monitoring of user access to corporate secret data. Create RACF profiles to allow for the creation of new SAP DB2 environments and the secured access to appropriate ICLIs.
Provided primary development and support for password policy, standards and administration for the MeadWestvaco corporation. Policies and synchronization was supported through the implementation of the P-Synch software.
|
||||||
|
|
3/1997 - 3/2000 MeadWestvaco Dayton, Ohio Operations Analyst/Lead
Perform all mid level management function for the Computer Operations team. Activities included all staffing functions, budget maintenance, and staff supply management, work as a team member for new systems and applications introduced into production, facilities management and change coordinator.
3/1995 - 3/1997 MeadWestvaco Dayton, Ohio Weekend Shift Lead
Perform activities of the Lead Systems Operator and assist the Operations Manager with weekend support and management issues. Provide 1.5 level supports for end user.
|
||||||
|
|
|
||||||
|
Projects |
3/2003 MeadWestvaco Corporation Implement BW Security Created a proof of concept security solution for the Business Warehouse (BW) implementation. Worked with BW functional team to design the structure for Info Consumer, Analyst and Administrators. Performed training for BW Security Administrators.
5/2004 MeadWestvaco Corporation Sarbanes-Oxley remediation Perform primary remediation efforts for many Security defined gaps. Implanted several control functions to ensure compliance while also redesigning legacy security structures to conform to Sarbanes-Oxley.
09/2006 Amkor Technology Sarbanes-Oxley remediation Implement security design changes, SoD mitigation and SoD remediation to successfully pass Sarbanes Oxley audit for 2006. Started with 10K plus SoD conflicts and reduced to 1,200 by DEC 31st and passed audit. Design enhancements have allowed Amkor to reduce total Segregation of Duties to less than 400.
06/2007 Amkor Technology SAP ECC 6.0 Security Implementation
Implement Security Design for a new SAP ECC 6.0 implementation. Design include developing Role Creation standards, Role assignment workflow process, GRC Compliance Calibrator configuration for SoD compliance, FireFighter implementation and support, mass user role and user creation utilizing scripting tools. Implement SAP BI 7.0 Security design, Implement SAP SRM Security roles and design for SRM module.
Upgrade the GRC 5.3 Access Control environment to GRC 10.0. The GRC 5.3 was a Java based application and GRC 10.0 moved to a ABAP system utilizing the Netweaver functionality for user interface. Design workflows using the MSMP rules and the BRF Framework. Migrated GRC 5.3 ruleset to GRC 10.0, implemented auto provisioning and automated log review for Emergency Access Management. Provided necessary training to global controllers, role owners and requestors.
|
||||||
|
Education |
6/1992 Sinclair Community College Dayton, Oh. Associates of Applied Science – CIS; Graduated with Honors
MGT414 SANS+S Training Program GRC10 SAP Education CISCO Networking Classes 1-4 BizRights Functional Training SAP GRC310 Access Enforcer and Role Expert SAPEP Introduction to SAP Portal SAP EP200 Portal Administration SAP Authorization Made Easy |
||||||
|
|
|