Candidates About

 

 

 Sarfraz Mohammed  

Professional Summary:  

·         10+ Years of extensive experience as an ERP consultant

·         Exceptional communication & interpersonal skills

·         Experience with R/3 releases versions:

o    ECC5.0 & ECC6.0

o    various modules like MM, PP, SD, FI, CO,

o    familiarity of BI, BOBJ, BPC and CRM

·         Skilled in using CUA, HANA Studio (User Mgmt.), Oracle IDM (User provisioning)

·         Expert user administration through the use of SU01, SU10

·         Expert in role development using profile generator (PFCG)

·         Extensive experience with best practices using SU24

·         Experienced and strong with Security audits, SOX Section 404 compliance

·         Assisted in running reports in of SAP GRC Component Compliance Calibrator

·         Worked closely with functional consultants for evaluation of requirements and defining, developing and testing the roles.

 

Technical Skills

ERP: mySAP ERP ECC 6.0, ECC 5.0, SAP R/3 4.7, 4.6C, 4.6A/B, 4.0B, SAP Netweaver 2004s, SAP Enterprise Portal 7.0, 6.0, 5.0, CRM, BI 7.0, HANA Studio, Solution Manager, Virsa Compliance Calibrator, Approva BizRights. GRC 10.1.

 

Certification: C_HANATEC141 Technology Associate –SAP HANA

                               C_GRCAC_10- SAP Business Objects Access Control 10.0 – SAP GRC

 

LinkedIn profile: https://www.linkedin.com/in/razmohammed86/

 

 

Professional Experience:

 

SAP Security/GRC Analyst

Marathon Petroleum Corp.

Sep. 2017 – Present

 

Responsibilities:

• Designing, building, and supporting SAP roles and user administration

• Collaborate with business process owners and other project teams to configure and manage SAP profiles and roles to meet the business needs

• Align SAP security profile authorizations with Sarbanes/Oxley controls to ensure compliance with Segregation of Duties (SOD) while providing the minimum access required meeting business needs

• Manage user administration utilizing SU01 and SU10 (mass changes) in creating, copying, deleting, locking, unlocking users and provisioning roles.

• Utilize SE16 and SUIM to retrieve various data.

• Utilize SU24 to enable / disable security checks.

• Generate transports for security to move profiles and roles to the proper clients

• User creation and assignment of roles

• Analyzing SU53/ST01 reports

 

 

SAP Security/GRC Analyst
Avnet Inc. Phoenix, AZ
Sept. 2016 – Oct. 2017

Responsibilities:

·         Managing business profiles through GRC by running simulations and analyzing open risks.

·         Granting FireFighter access by ensuring ‘owner/control’ are assigned to a FF ID.

·         Ensured all SOD violations are resolved through either: mitigation, remediation or identifying a false positive.

·         Extensively using RAR tool to ensure end-users’ access not violating SODs.

·         Troubleshooting Role-based authorizations by using SU53/ST01 in a timely manner.

·         Creating and managing profiles in PFCG and supporting UAT testing.

·         Extensively using SCC1 to ‘copy client’ profiles to support test modifications.

·         Used STMS to transport profiles from DEV to QUA system for testing purposes.

·         Assisting with password resets and account lock/unlock.

·         Providing SAP developer/object keys access through SAP Marketplace.

·         Granting analytic privileges to end-users in SAP HANA studio.

·        Utilizing RS2HANA_GEN to expose objects in Native HANA.

·        Used stored procedure for the assignment of repository privileges in HANA studio.

·        Used SM59 and SPRO to create RFC plug-ins with GRC backend system.

SAP Security Analyst/ Project lead
KONE Inc. Moline, IL
August 2014- July 2016

Responsibilities:

·         Extensively used ARA to simulate and analyzed open risks.

·         Ensured all SOD violations were resolved through either: mitigation, remediation or identifying a false positive.

·         Assisted GRC team with the create/adjust rule set to meet the needs of the business.

·         Utilized Mitigation tab to update existing mitigating controls and create new mitigating.

·         Supported daily-production issues and ensure that the tickets are under SLA

·         Managed all authorizations escalations and provided tier 3 support to WIPRO off-shore team

·         Extensively used SUIM to process reports for the business

·         Utilized SU01 to reset passwords, assign roles, and create/maintain/copy users

·         Used PFCG to create single, composite, master and derived roles

·         Troubleshot backend role failures using ST01

·         Developed FSCM (Financial Supply Chain Management) roles for all the units and assisted in the entire implementation cycle

·         Led all Security tasks in the migration project from 4.6C to 6.0.

-Blueprint, architecture, development, integration testing, UAT, and Go-live

·         Ran LSMW for the mass profiles and password assignments to the end-users

·         Monitored iDocs via SCUL

·         Assigned backed profiles for HR users in SAP and grouped the users for ESS and MSS access.

·         Created analysis authorizations through the use of RSECADMIN

·         Assigned previously created authorizations to roles through S_RS_AUTH

·         Modified roles in BW through PFCG (S_RS_COMP)

·         Traced failing authorizations for BI users through RSECADMIN

·         Created mass end-users and added to ‘Groups’ in UME/SAP IDM portal.

·         Assigned privileges to the roles and granted the roles to the users

·         Restricted the access on the role and object levels.

·         Activated/Deactivated users

·         Managed the users by locking/unlocking the access, reset passwords

·         Direct access to individual users to SAP HANA database.

 

SAP Security Administrator

AmeriGas LP, King of Prussia, PA

June’ 14 – Aug 14.

 

Responsibilities:

• Providing production support on day-day basis in ITSM and HPQC ticketing system.
• Responsible for creating transport through PFCG and SE10.
• Performing SOD checks for all PRD users with Approva BizRights tool.

• Converting characteristics Info. Object to Auth. Relevant in BI 7.0 using RSD1.
• Assigning the Analysis Authorizations access to users using the authorization object S_RS_AUTH.
• Performing User master maintenance such as creating new users, assigning roles, deleting users, renaming users, resetting password, Lock/unlock User ID using transaction code SU01

 

SAP Security Analyst

Becton and Dickinson, Franklin Lakes, NJ

Dec’ 13-June 14

 

Responsibilities:

• Running eCATT scripts to assign roles to new /existing users.
• Creating SAP roles in the development, test, and training environments using Profile Generator (PFCG).
• Responsible for creating user IDs based on a standard naming convention, setting up of new users,
• Modified user accounts, resetting passwords, locking and unlocking user IDs.
• Performed SOD checks for all PRD users with Compliance Calibrator 4.0/5.3 toolset (RAR).
• Responsible for War Room support, issue remediation during Cutover simulation with critical resolution times
• Promoted best practice, leveraging domestic implementation, documentation and procedures
• Worked with development and business users to identify authorization requirements. Designed and created authorization roles and created custom authorization objects/groups.
• Use of Active Directory (AD) to add userids-to-groups,
• Coordinated build and cleanup of test userids prior to rollout,
• Pre-implementation Production Support for Early Access userids.    
• Supported Go-Live phase from May 5^th-May 25th. Systems used are: BI, CRM, ECC, EWM, GTS, PI, SRM, SCM, and Solution Manager.

 

 

SAP Security Administrator

Wyndham Hotel Groups                 

Feb’11-Oct’ 13

 

Responsibilities:

·         Involved in initial design/development/testing phases, testing, and go live of ECC end user security roles

·         Developed templates for requirements gathering and worked with functional teams on master/single role(s) design. Templates: R2TM (Role to transaction mapping) sheet, Authorization Input sheet.

·         Conducted workshops to drive Master/Single role/Derived/Composite role(s) design.

·         Supported unit testing, integration test cycle and coordinated defect resolution.

·         Effectively analyzed trace files and tracked missing authorizations for user’s access problems.

·         Used SAP GRC Access Control v5.3 Risk Analysis and Remediation tool to define SOD violations

·         Analyzed all customer programs and transaction codes for authority checks.

·         Recommended and implemented values for profile parameters for controlling Password rules, logon rules, established monitoring process for inactive user's unsuccessful logons.

·         Communicated with Business Process owners to obtain approvals for Security changes.

·         Worked on SAP Check indicator Defaults and field values, reduced the scope of authorization checks using transaction SU24 and maintained check indicators for transaction codes.

·         Maintained and formulated the procedures for the Role Repository database.

·         Followed the established standards and naming conventions as dictated for the Clients security schema.

·         Analyzed Root Cause of Authorization Problems and fix the missing authorizations.

·         Worked with CUA (SCUL and SCUM), and  standards which makes more flexible to work with large number of users to update their roles and profiles across the landscape.

·         Developed use cases (for example, descriptions of the user's interaction with the system), customer scenarios, and/or prototypes (for example, demos) and be heavily involved in testing and troubleshooting the application.

 

SAP Security Analyst

JSR Micro Electronics, Sunnyvale, CA
Feb ‘09 - Dec ‘10

Responsibilities:

● Worked with Profile Generator (PFCG) in creating roles, profiles, composite roles, and derived roles.                                                              

● Responsible for day-to-day transport support for moving Roles from one client to another client within the same system using transaction code PFCG, SE10, and SCC1.

● Developed derived roles for FI by converting certain fields to organizational level fields.

● Used SeCATT script for mass generation of roles and user assignments.

● Assisted users with access problems and questions using SUIM, ST01, and SU53.

● Performed reconciliation of user master record and roles using PFUD and SUPC.

● Worked with respective functional heads for SOD tools & security changes based on SOX violations at T-code level & object level.

● Created over 700 job roles in SD, FI, MM, WM, PP and transporting them to QA and Production.
● Ran system audits to detect deviations of established procedures, role mapping, and unauthorized changes to the SAP security and report finding to management.

● Analyzed users and roles through GRC v5.3 RAR tool by running SOD reports in Transaction and Authorization level.

● Supported BI S_RS_Auth info. objects in PFCG.

● Secured SAP* user by changing the parameter in RZ11.

 

SAP Security Administrator

Anthro Corp, Tualatin, OR                        

March’07- Jan ’09

 

Responsibilities:

·         Created users, maintained User Master Data, established security policies and Procedures.

·         Managed security operations on SAP clients (SAP R/3, and CRM).

·         Ran reports in Virsa Compliance Calibrator from different functional areas to ensure all roles were compliant.

·         Supported Internal security audits in the production system every month.

·         Created Firefighter User, designed and assigned Firefighter roles, Firefighter logs activities, Critical operation Alerts and etc.

·         Worked on SAP Check Indicator Defaults, Field values, and maintained check indicators for Transaction codes using (SU24) for authorization objects.

·         Created & managed the scheduling of batch jobs working with T-Codes SU53 and SUIM for giving user access.

 

Education: B.S.: University of California, Davis. Graduated 2008