Candidates About

 

VJ Rupani

SUMMARY OF EXPERTISE

·         9+ Years of extensive experience as an SAP Security Analyst w/5 Full Life Cycle Implementations working with all SAP ECC modules such as FI, CO, BI, HR, MM, PP, SD, BC, etc.

·         Experience designing/redesigning implementing role-based security, based on specific needs, environments, organizational levels & SOD concerns in R/3 releases: ECC 5.0 & ECC 6.0

·         Designed multiple Role to Transaction Matrices by working w/ functional team leads to get business role definitions & organize the requirements into one complete MS Excel document.

·         Experience with SOD analysis using SAP GRC 10.1 Access Control tools ARA (Access Risk Analysis), EAM (Emergency Access Management) & GRC 5.3 RAR (Risk Analysis & Remediation) & Compliant User Provisioning (CUP) tools

·         Strong working knowledge of Segregation of Duties & SOX auditing requirements as well as conducting remediation analysis & implementing mitigation controls on roles causing SOD risks

·         Worked w/ auditors on Security audits to analyze critical risks, transactions, objects, production role change history, etc & communicate violations & recommend mitigation strategies.

·         Strong in BW/BI Security & Analysis Authorizations concepts including creation of Info Objects

·         Expert in troubleshooting end user authorization failures in all SAP applications using SU53 , ST01 & SUIM reports to resolve security issues & support integration testing of Roles/Profiles

·         Experienced in performing user administration using CUA, set user distribution parameters for CUA using transaction SCUM & verified IDOC distribution through SCUL

·         Expert in mass user administration/ creation/ maintenance through use of SU01 & SU10

·         Experienced in maintaining SAP Authorization Object Check Indicators & Field Values in SU24

·         Expert in creating Single/ Master/ Derived/ Composite roles based on specific company code/ plant/ business role requirements

• Strong in developing Security Authorization Roles for end user positions defined by functional managers by using Profile Generator (PFCG) tool

·         Skilled in configuring/ running eCATT scripts for mass creation of roles & R/3 user id’s

·         Excellent communication & interpersonal skills to manage & coordinate activities & work effectively in a team environment to achieve the deliverables

 

TECHNICAL SKILLS SUMMARY

 

ERP: SAP ERP ECC 6.0, ECC 5.0, SAP R/3 4.7, 4.6C, 4.6A/B, 4.0B, SAP Netweaver 2004s, SAP Enterprise Portal 7.0, 6.0, 5.0,  BI 7.0, Virsa Compliance Calibrator, Solution Manager, GRC 10.1 & 5.3

Package/Tools: MS Excel, MS Word, MS PP, MS Access,   

Industry Lines: Retail, Banking, Manufacturing, Software, Public Utilities

 

EXPERIENCE:

 

01/2015-PRESENT   SAP SECURITY ADMINISTRATOR, Sempra Energy. San Diego, CA

 

●     Provided day to day technical SAP Security Production support for 10,000 + users in all SAP ECC Modules as well as supported GRC upgrade project from version 5.3 to 10.1 on various tasks pertaining to design & functionality of GRC 10.1 Access Management for ARA & EAM components.

●     Proposed & implemented strategies for design of SAP Security model to clean up roles & reduce excess & unnecessary authorizations granted to end users throughout the company in order to be SOX audit compliant & provide value to the company as well.

●     Represented SAP Security team in weekly GRC implementation meetings with KPMG to review Security changes/defects & ensure daily/weekly/monthly check points were reached in order for implementation to be on schedule.  

●     Assisted in User Role Remediation tasks by adding/ removing SAP Security Roles using SU01/ SU10 to ensure users do not pose SOD violation risks to the company.

●     Cross-trained other members of SAP Security team on various Security aspects of GRC 10.1 (ARA/ EAM tools) by creating detailed power point presentations & demonstrations.

●     Created step by step documentation on conducting GRC SOD checks using the Access Risk Analysis (ARA) tool in GRC 10.1 for new role creation & role modification processes.

●     Assigned Owners/ Controllers to FireFighter ID’s in GRC 10.1 Emergency Access Management (EAM) component.

●     Performed Role Assignment Analysis in order to analyze which users were granted additional/ unnecessary access during SOD check review of user accounts.

●     Conducted Role Authorization changes for 1000+ users, creating test IDs in various systems to conduct unit & integration testing on changes made to user roles, etc.

●     Utilized transaction SECATT to mass create 500 + users as well as assign test roles in GRD (GRC Development system) during integration test phase of implementation.

●     Worked with Finance/ Accounting to roll out new custom FI/CO transactions & populate SU24 tables: USOBT_C & USOBX_C by running ST01 Trace on test users in order to capture all necessary authorization objects & field values.

●     Showed strong ability to work with many moving parts/ people during this implementation of a brand new GRC 10.1 software from start to finish, as well as grasp new ways & techniques in order to achieve project milestones with high efficiency.

 

02/2014-12/2014  SAP SECURITY/GRC ANALYST, Manitowoc Cranes. Manitowoc, WI

 

Responsibilities:

●     Primarily responsible for Analysis, Design, Development, Testing & Implementation of all SAP roles in ECC & BI  implementation project for different geographic sites (United States, Brazil, Portugal & France)

●     Worked closely with functional team leads to develop custom Global Role Matrix for R2TM (Role to Transaction Mapping) as well as Master/ Single/ Derived/ Composite role design for all SAP modules (FI/CO, SD, MM, HR, PP, BC etc), during initial project prep/blueprint/unit testing phases, & GO Live of ECC end user security roles.

●     Created 3,000 + Roles (Master/ Derived/ Composite) & 4,000 users, using eCatt scripts during Realization phase of implementation & conducted SOD checks using Access Risk Analysis tool in GRC

●     Managed & led workshops for GRC 10.1 SOD check review with Business Roles Owners, Business Process Owners & Business Analysts in order to effectively communicate the SOD risks involved with current role/ transaction assignment to ECC end users.

●     Mitigating user(s) in GRC 10.1 by applying ‘Control ID’ on a user SOD violations as well as creating new Mitigation Conrols through assigning the ‘Control ID’ with a ‘Risk ID’ & assigning each Control ID with a ‘Approver’ & ‘Monitor’.

●     Used Solution Manager to assign roles to users during training/ post go-live support in CUA as well as synchronized CUA System with other Child Systems by performing “Text Comparison” Analysis through transaction SU01.

●     Responsible for FireFighter Account Management in SAP & GRC 10, through creation of FF users in CUA, adding relevant FF roles to users & assigning FF ID’s/ users to FF Owners in GRC 10 EAM (Emergency Access Management) tool.

●     Heavily involved in designing/ creating BW/BI Security Roles/ Analysis Authorization Objects for various user groups across 4 geographic sites (United States, Brazil, Portugal & France)

●     Assigned BI Analysis Authorization objects to BI roles in PFCG using authorization object S_RS_AUTH & transporting to Quality system for unit/ integration testing.

●     Solved hundreds of SU53 errors by performing ST01 Trace, using SUIM, investigating & analyzing other users/ roles with similar access, conducting Global SU24 changes or working with ABAP team to develop custom transactions & authorization objects.

●     Effectively analyzed trace files using ST01, successfully tracking sequence of security authorization checks for solving user’s access problems.

●     Provided post Go-Live Production support on a daily basis by solving/ completing Security tickets in Service Now to ensure SAP Security roles were up to client’s business requirements & properly functioning for end users.

●     Constantly worked with consultants from Capgemini, Deloitte, Audit teams in troubleshooting & resolving issues prior to going live.

 

 

03/2013-02/2014   SAP SECURITY ANALYST, Esri. Redlands, CA

 

Responsibilities:

●     Created over 550 job roles through PFCG in SD, FI, MM, WM, PP & transporting them from DEV to QA for integration testing & then to Production using STMS & SCC1.

●     Used GRC 10 Access Control to analyze SOD violations on users/ roles & recommended remediation options as well as implementing mitigation controls after running SOD conflict reports in ARA (Access Risk Analysis) Tool.

●     Worked as part of remediation team & assist in elimination of Segregation of Duties (SOD) conflicts & make roles compliant with SOX auditing requirements.

●     Scheduled & monitored SOD conflict reports as background jobs in GRC 10 on a weekly basis to send to management for review.

●     Maintained the Firefighter ID`s, privileged access & user mapping in EAM (Emergency Access Management) tool.

●     Executed tasks to support User Management (provisioning/ de-provisioning) using Central User Administration (CUA):

●             Perform user maintenance, check status of IDOC distribution (SU01, SCUL)

●             Configured User Field Distribution parameters (SCUM)

●             Made Mass User changes throughout the l&scape using SU10

●     Used security tables such as: AGR_1251, AGR_1252, AGR_DEFINE, AGR_AGRS, AGR_USERS, AGR_TCODES, USR02, USR40, USOBT_C, USOBX_C, TACT, TSTC, TPGP, TRDIR, TDDAT, etc, for research & problem solving purposes.

●     Utilized transaction SU24 to maintain SAP Default Check Indicators & Field Values & reduce role maintenance by using best practices when configuring changes to Authorization Objects/ Field Values for Transaction Codes.

●     Communicated on a daily basis with Functional Team Leads & Role Owners to obtain approvals for Security changes.

●     Analyzed SU53 & SUIM reports to determine the root cause of user authorization access failures & fix the authorization errors accordingly.

 

01/2012-11/2012      SAP SECURITY ADMINISTRATOR, West Marine. Watsonville, CA

Responsibilities:

●     Analyzed Business scope, user roles & developed user / role matrix for better underst&ing of the SAP Security authorization plan & worked with functional teams to roll out new security changes.

●     Assisted in initial set up of the ALE Environment for Central User Administration (CUA) configuration through assignment of Logical Systems in SALE, establishment of RFC connections using SM59 & field distribution settings (SCUM).

●     Created hundreds of single roles, composite roles, master /derived roles & assigned profiles using Profile Generator in PFCG in all modules (SD, FI, MM, PP, WM).

●     Recommended solution strategies for role requirements for different functional teams based end user job functions in order to be more efficient when using SAP to do their jobs.

 

●     Coordinated with functional team leads to assist in mass table cleanup project (5000+ tables), by assigning non-protected custom tables (&NC&) to newly created table authorization groups in SE54.

●     Designed master/ derived roles for FI/CO by converting certain auth fields to organizational level fields using program PFCG_ORGFIELD_CREATE.        

●     Supported BI security by maintaining Info Objects through RSECADMIN as well as updating authorization object S_RS_AUTH in PFCG for BI roles.

●      Used SeCATT script for automation purposes such as mass generation of roles & user assignments.

●     Investigated user access problems & questions using trouble shooting tools such as SUIM, ST01, & SU53.

●     Used SAP Security audit logging tools (SM20, SM19, SM18), setting Security audit log parameters, logging changes to user master records, profiles, & authorizations

●      Performed reconciliation of user master record & roles using PFUD & SUPC.

 

08/2010-10/2011      SAP SECURITY ADMINISTRATOR, Edmund Optics. Barrington, NJ

Responsibilities:

●     Involved in complete life cycle implementation of SAP HR & SD modules security from setting up naming conventions for roles, profiles, test ids, custom objects & user groups.

●     Worked heavily with Technical & Functional leads to collect role requirements, configuration of single & composite roles, transport of roles, creation of test ids & post implementation support on all SAP modules.

●     Supported Role redesign process with complete Analysis of FI roles to comply with SOX & prevent violation of SOD (Segregation of Duties).

●     Analyzed users & roles through GRC v5.3 Risk Analysis & Remediation (RAR) tool by running SOD reports in Transaction & Authorization level as well as provisioning & de-provisioning roles for user access using Compliant User Provisioning (CUP) tool in GRC 5.3

●     Worked with functional team leads & role owners to help them underst& what SAP authorization objects are causing the SOD conflicts & what all options exist for conducting remediation & implementing mitigating controls.

●     Conducted mass transport/ release of roles as well as transporting from client to another client within the same system using transaction code PFCG, SE10, & SCC1.

●     Assigned/ created table authorization groups using SE54 & Secured SAP tables through proper administration of authorization object S_TABU_DIS during role design.

●     Ran system audits to detect deviations of established procedures, role mapping, & unauthorized changes to the SAP security & report finding to management.

 

08/2009-06/2010      SAP SECURITY ANALYST, Pier 1 Imports. Forth Worth, TX

●     Worked in SAP Security Team to support Security policies for the large number of users based on different geographic locations (United States, Canada & Mexico) during initial project prep/blueprint/unit testing phases, & GO Live of ECC end user security roles.

●     Involved in all aspects of SAP Security from setting up naming conventions for roles/profiles in PFCG, creation of user/test ids & assigning roles in CUA/ SU01, maintaining authorization objects in SU24, creating custom authorization objects in SU21 & user groups in SUGR .

●     Interacted & work closely with various functional teams to collect role requirements & develop custom Role Matrix, configuration of single /composite roles, transport of roles to relevant systems for unit/ integration testing using SE10, cutover activities & post implementation support.

●     Collaborated with BW Technical Team to design security, identify InfoAreas, InfoCubes, & created custom analysis authorization objects using transaction RSECADMIN. Activated custom analysis authorization objects & included them in BW relevant roles.

●     Maintained SAP Check Indicator Defaults & Field values for authorization objects, by analyzing the  scope of Authorization checks using transaction SU24 for Transaction codes & eliminating the need to manually input authorization objects in roles in PFCG.

●     Troubleshooted security/authorization associated problems using SU53, ST01, SUIM as well as various security related tables such as AGR_USERS, AGR_TCODES, AGR_AGRS, AGR_DEFINE, USR*, USOBT_C & USOBX_C tables in SE16.

●     Created & Scheduled Background jobs such as PFCG_TIME_DEPENDENCY, PFCG_AGRS_WITH_MANUAL_S_TCODE,  PFCG_REGENERATE_ACT_GROUPS , etc                using SM36 & SM37

 

07/2008-05/2009      SAP SECURITY ADMINISTRATOR, Foster Farms. Livingston, CA

Responsibilities:

●     Managed day to day technical/ production support & resolved hundreds of High Priority trouble tickets for Production System.

●     Maintained User Master Data in CUA (SU01) through user creation, deletion, role/ profile assignment, lock down, activation, password management tasks & ran various user administration reports.

●     Created & modified Single roles, Composite roles & Master/Derived roles using automatic profile generator (PFCG) to meet business requirements by making sure users do not get more authorizations than needed or assign missing authorizations to perform their tasks.

●     Performed changes on (SU24) SAP Default Check Indicators globally for specific transaction’s authorization objects & field values, improving role design & maintenance in PFCG.  

●     Utilized RZ11 to suggest & implement input values for profile parameters such as securing SAP* User.

●     Created Fire Fighter users, designed & assigned Fire Fighter roles.

●     Performed audit logs activities on end users to collect logon info,  transactions conducted by end users & monitor critical transactions via (SM19 & SM20)

●     Ran reports in Virsa Compliance Calibrator from different functional areas to ensure all roles were SOD compliant. Supported internal security audits in the production system every month.

●     Worked with Business specialists to help them underst& what SAP authorization objects are causing the conflicts & what all options exist for mitigating the conflicts (removing the object, re-assigning the transaction/role to another user, etc) 

●     Extensively worked with transaction SUIM for researching user access issues & diagnosis of SU53 reports.

●     Translated business requirements into technical requirements & ensured that the timelines given to upper management & functional teams are realistic given the actual work required.
 

 

EDUCATION

●     BS in Business Administration, California State East Bay

●     AA in Accounting, Heald Business College