Candidates About

                                                             

 

         Technical Summary:

·         8+ Years of extensive experience as an ERP consultant

·         Experience with R/3 releases versions:

o   ECC6.0:  modules MM, PP, SD, FI, CO

o   familiarity of BI, BOBJ and CRM

·         Skilled in using CUA

o    Expert user administration through the use of SU01, SU10

o    Expert in role development using profile generator (PFCG)

o    Extensive experience with best practices using SU24

o    Experienced in upgrades using SU25

o    Experienced and strong with Security audits, SOX Section 404 compliance

o   Expert in GRC 10 Access Controls (ARA, ARM and EAM)

o   Extensively used ARA to simulate and analyzed open risks.

o   Ensured all SOD violations were resolved through either: mitigation, remediation or identifying a

false positive.

o   Assisted GRC team with the create/adjust rule set to meet the needs of the business.

o   Utilized Mitigation tab to update existing mitigating controls.

o    Assisted in running reports in of SAP GRC Component Compliance Calibrator

o    Worked closely with functional consultants for evaluation of requirements and defining, developing and testing the roles.

·         Writing and executing unit tests on HPQC, functionality tests and Integration tests of SAP Modules (MM, IM, WM)

·         well versed with ticket handling & other production support procedures

·         Excellent communication and interpersonal skills with problem solving abilities, effective in working independently and an exceptional team player

·         Ability to provide management, guidance and supervision to large and small groups.

 

 

Technical Skills:

ERP: mySAP ERP ECC 6.0, ECC 5.0, SAP R/3 4.7, 4.6C, 4.6A/B, 4.0B, SAP Netweaver 2004s, SAP Enterprise Portal 7.0, 6.0, 5.0, CRM, BI 7.0, HANA Studio, Solution Manager, Virsa Compliance Calibrator, Approva BizRights. GRC 10.1.

 

 

Professional Experience: 

 

SAP Security/GRC Analyst                                                                            Sept. 2016 – Present

Avnet Inc. Phoenix, AZ

 

Responsibilities:

·         Managing business profiles through GRC by running simulations and analyzing open risks.

·         Granting FireFighter access by ensuring ‘owner/control’ are assigned to a FF ID.

·         Ensured all SOD violations are resolved through either: mitigation, remediation or identifying a false positive.

·         Extensively using RAR tool to ensure end-users’ access not violating SODs.

·         Troubleshooting Role-based authorizations by using SU53/ST01 in a timely manner.

·         Creating and managing profiles in PFCG and supporting UAT testing.

·         Extensively using SCC1 to ‘copy client’ profiles to support test modifications.

·         Assisting with password resets and account lock/unlock.

·         Providing SAP developer/object keys access through SAP Marketplace.

·         Granting analytic privileges to end-users in SAP HANA studio.

 

Project: Full Life Cycle Implementation

 

 

 

The Boeing Company, Renton, WA                                                   August 2014- July 2016

SAP Security Analyst/ Project lead

 

The Boeing Company is an American multinational aerospace and defense corporation. Founded in 1916 by William E. Boeing in Seattle, Washington, the company has expanded over the years, and merged with McDonnell Douglas in 1997. Boeing moved its corporate headquarters from Seattle to Chicago, Illinois, in 2001 Boeing is made up of multiple business units, which are Boeing Commercial Airplanes (BCA); Boeing Defense, Space & Security (BDS); Engineering, Operations & Technology; Boeing Capital; and Boeing Shared Services Group. Boeing is company of over 171,000 employees worldwide.

 

Responsibilities/Deliverables:

·         Extensively used ARA to simulate and analyzed open risks.

·         Ensured all SOD violations were resolved through either: mitigation, remediation or identifying a false positive.

·         Writing and executing unit tests on HPQC, functionality tests and Integration tests of SAP Modules (MM, IM, WM)

·         Assisted GRC team with the create/adjust rule set to meet the needs of the business.

·         Utilized Mitigation tab to update existing mitigating controls and create new mitigating.

·         Supported daily-production issues and ensure that the tickets are under SLA

·         Managed all authorizations escalations and provided tier 3 support to WIPRO off-shore team

·         Extensively used SUIM to process reports for the business

·         Utilized SU01 to reset passwords, assign roles, and create/maintain/copy users

·         Used PFCG to create single, composite, master and derived roles

·         Troubleshot backend role failures using ST01

·         Developed FSCM (Financial Supply Chain Management) roles for all the units and assisted in the entire implementation cycle

·         Led all Security tasks in the migration project from 4.6C to 6.0.

-Blueprint, architecture, development, integration testing, UAT, and Go-live

·         Ran LSMW for the mass profiles and password assignments to the end-users

·         Monitored iDocs via SCUL

·         Assigned backed profiles for HR users in SAP and grouped the users for ESS and MSS access.

·         Created analysis authorizations through the use of RSECADMIN

·         Assigned previously created authorizations to roles through S_RS_AUTH

·         Modified roles in BW through PFCG (S_RS_COMP)

·         Traced failing authorizations for BI users through RSECADMIN

·         Created mass end-users and added to ‘Groups’ in UME/SAP IDM portal

·         Assigned privileges to the roles and granted the roles to the users

·         Restricted the access on the role and object levels

·         Activated/Deactivated users

·         Managed the users by locking/unlocking the access, reset passwords

·         Direct access to individual users to SAP HANA database

 

Environment: ECC 6.0 Full Life Cycle Implementation.

 

 

 

Intel Corporation, Santa Clara CA                                                             June 2014 - Aug 2014.

SAP Security Administrator

Project: Full Life Cycle Implementation

 

Intel is the world's largest semiconductor chip maker, based on revenue. Develop advanced integrated digital

technology, primarily integrated circuits, for industries such as computing and communications. Integrated circuits are Semiconductor chips etched with interconnected electronic switches.

 

Responsibilities and Duties:

·         Providing production support on day-day basis in ITSM and HPQC ticketing system.

·         Responsible for creating transport through PFCG and SE10.

·         Performing SOD checks for all PRD users with Approval BizRights tool.

 

 

 

·         Converting characteristics Info. Object to Auth. Relevant in BI 7.0 using RSD1.

·         Assigning the Analysis Authorizations access to users using the authorization object S_RS_AUTH.

·         Performing User master maintenance such as creating new users, assigning roles, deleting users, renaming users, resetting password, Lock/unlock User ID using transaction code SU01

 

Environment: SAP Implementation ECC 6.0 – II

 

 

 

SAP Security Analyst                                                                                                Dec 2013-June 2014

Becton and Dickinson, Franklin Lakes, NJ

 

Responsibilities:

·         Running eCATT scripts to assign roles to new /existing users.

·         Creating SAP roles in the development, test, and training environments using Profile Generator (PFCG).

·         Responsible for creating user IDs based on a standard naming convention, setting up of new users,

·         Modified user accounts, resetting passwords, locking and unlocking user IDs.

·         Performed SOD checks for all PRD users with Compliance Calibrator 4.0/5.3 toolset (RAR).

·         Responsible for War Room support, issue remediation during Cutover simulation with critical resolution times

·         Promoted best practice, leveraging domestic implementation, documentation and procedures

·         Worked with development and business users to identify authorization requirements. Designed and created authorization roles and created custom authorization objects/groups.

·         Use of Active Directory (AD) to add userids-to-groups,

·         Coordinated build and cleanup of test userids prior to rollout,

·         Pre-implementation Production Support for Early Access userids.    

·         Supported Go-Live phase from May 5th-May 25th. Systems used are: BI, CRM, ECC, EWM, GTS, PI, SRM, SCM, and Solution Manager.

 

 

 

SAP Security Administrator                                                              Feb’11-Oct’ 13

Wyndham Hotel Groups                   

 

Responsibilities:

·         Involved in initial design/development/testing phases, testing, and go live of ECC end user security roles

·         Developed templates for requirements gathering and worked with functional teams on master/single role(s) design. Templates: R2TM (Role to transaction mapping) sheet, Authorization Input sheet.

·         Conducted workshops to drive Master/Single role/Derived/Composite role(s) design.

·         Supported unit testing, integration test cycle and coordinated defect resolution.

·         Effectively analyzed trace files and tracked missing authorizations for user’s access problems.

·         Used SAP GRC Access Control v5.3 Risk Analysis and Remediation tool to define SOD violations

·         Analyzed all customer programs and transaction codes for authority checks.

·         Recommended and implemented values for profile parameters for controlling Password rules, logon rules, established monitoring process for inactive user's unsuccessful logons.

·         Communicated with Business Process owners to obtain approvals for Security changes.

·         Worked on SAP Check indicator Defaults and field values, reduced the scope of authorization checks using transaction SU24 and maintained check indicators for transaction codes.

·         Maintained and formulated the procedures for the Role Repository database.

·         Followed the established standards and naming conventions as dictated for the Clients security schema.

·         Analyzed Root Cause of Authorization Problems and fix the missing authorizations.

·         Worked with CUA (SCUL and SCUM), and  standards which makes more flexible to work with large number of users to update their roles and profiles across the landscape.

·         Developed use cases (for example, descriptions of the user's interaction with the system), customer scenarios, and/or prototypes (for example, demos) and be heavily involved in testing and troubleshooting the application.

 

 

   

 

SAP Security Analyst                                                                                     Feb ‘09 - Dec ‘10

JSR Micro Electronics, Sunnyvale, CA

Responsibilities:

·         Worked with Profile Generator (PFCG) in creating roles, profiles, composite roles, and derived roles.                                                             

·          Responsible for day-to-day transport support for moving Roles from one client to another client within the same system using transaction code PFCG, SE10, and SCC1.

·          Developed derived roles for FI by converting certain fields to organizational level fields.

·          Used SeCATT script for mass generation of roles and user assignments.

·          Assisted users with access problems and questions using SUIM, ST01, and SU53.

·          Performed reconciliation of user master record and roles using PFUD and SUPC.

·         Worked with respective functional heads for SOD tools & security changes based on SOX violations at T-code level & object level.

·          Created over 700 job roles in SD, FI, MM, WM, PP and transporting them to QA and Production.

·          Ran system audits to detect deviations of established procedures, role mapping, and unauthorized changes to the SAP security and report finding to management.

·          Analyzed users and roles through GRC v5.3 RAR tool by running SOD reports in Transaction and Authorization level.

·          Supported BI S_RS_Auth info. objects in PFCG.

·          Secured SAP* user by changing the parameter in RZ11.

 

                                                                                                                                     

Academic Qualifications:

 

Masters in Business Administration from Indus Institute Of Higher Education 2007