
Amit Chawla
- SAP Security/GRC/Compliance Architect
- Dallas, TX
- Member Since May 10, 2023
Amit Chawla, CISA
SUMMARY
· SAP Security Design, Development, and Support for SAP ECC, SAP S/4, BW/BI - HANA, SEM (BPS & BCS), CRM, SRM, Enterprise Portal, Solution Manager, Single Sign-On, CUA (Central User Administration), PPM, BOBJ, BPC, SEM, GTS, Redwood, OpenText, PRA, SAP GRC 10.1.
· Experience in virtually all ECC/S4 Modules including: HR, PY, WM, MM, FI/CO, FI/RAR, TR, TAX (Vertex and OneSource), PM, SD, PP, QM, PS, AFS, IS-Oil, PRA, IS-AFS, GTS, PPM, ECC, S/4, ChaRM, Portal, SolMan, Fiori, NWBC, Crawford Plus Packs.
· CISA Certification
· SOX Documentation, Testing, and Remediation
· Experience in both Internal and External Audit
· Experience in Design and Configuration of SOD Tools: Virsa, Security Weaver, Control Panel (Symmetry), GRC 10.1, and Approva BizRights, Bindview.
· Expert in Role/Security Remediation
· SAP Project Management
· Expert in Training of SAP Security Resources
· US Citizen with Outstanding Communication and Interpersonal Skills
BP – L48 Division – Houston, TX May 2017 - Present
SAP Security/GRC/Compliance Architect
“Greenfield” SAP Implementation on S/4 HANA, with GRC 10.1, IS-OIL, PRA, OilDex, Ariba, OneSource Tax, and Maximo integration. Currently managing a team of 7 (Big 4 and independent consulting) resources and serving as the technical Architect for all things GRC/Compliance and SAP Security.
Northrop-Grumman - Irving, TX July 2007 – April 2017
Senior SAP Security and Compliance Architect
Design, Build, Test, Implementation, Train, and Support
· Primary Consultant since 2007 for over 14 implementations. (TK, HR, PY, TR, GTS, PPM, SRM, CRM, Re-Orgs, Supply Chain, Manufacturing, Financial Systems, Proprietary Invoicing Applications, RAR – Revenue Recognition)
· Extensive work with Internal and External Auditors to address SOD and SOX Issues.
· Expert Level skills in SOD Role Remediation (Multiple GRC Tools, Risk Management)
· Expert Level skills in Rule Book/SOD Design, Implementation, and Mitigation. (Multiple GRC Tools – GRC, Symmetry Control Panel, Approva, etc)
· Expert Level skills in automated provisioning using multiple GRC tools (Access Control, Dynamic Security, Custom ABAP and Portal, IDM integration, PI integration, Workflow)
· Expert Level skills in Audit Response and Remediation at all levels from Project Teams to Internal/External/DCAA Audit to Sr. Management and Executives.
· SAP Licensing using FlexNet and SAP Tools
· Prepared Evaluations and Screened Candidates for open positions
· Trained new team members in the SAP Security Concept and Best Practices in SAP Security.
· Developing Custom Authorizations for client specific processes and applications
· Rolled out over 45000 new users, as the SAP Security Archtect for virtually all project go-lives from 2007 – 2017
· Experience and Training in Securing new SAP Technologies (S/4 HANA, BW HANA, SSO, and Fiori)
· Security Lead on the following projects, among others: Timekeeping (3x), Re-Orgs (4x), GTS (2x), PPM, Fiori, SolMan, Payroll, Manufacturing, BPC Pilot, BOBJ, Treasury, iDM, RAR (Revenue Recognition), Customized Vendor Invoicing (2x), Single-Sign On, Redwood, ECC Upgrades (4x), , Workflow, OpenText (2x), Custom Release Management Solution, BW/BI HANA, S/4 HANA Upgrade.
SOD Remediation via Approva, GRC & Control Panel (Symmetry)
· Support Lead for Approva, GRC
· Technical Lead for Installation of Approva/BizRights, GRC, Control Panel
· Troubleshoot and Support Approva Issues (Extracts, Services, User Issues)
· Analyze Reports for Users, Roles, and Processes
· Identify and Correct SOD issues for Roles and Users (100% mitigation)
· Presented Audit Responses for Executives and Management.
Levi Strauss & Co - Westlake, TX Mar 2007 – July 2007
SAP Security Architect
Design, Build, Test, and Implementation SAP Security Roles and Authorizations
· Implementing of all facets of SAP Security for entire LS&Co. landscape (SAP Security Design Standards, User IDs, and System Controls to address SOD and SOX Issues).
· Requirements gathering from all Business/Process Teams
· Development and Documentation of Testing Standards for Unit Test and Integration Test.
· Role Development with Profile Generator for newest versions of various SAP products (ECC 6.0, BW 5.0, AFS 6.0, etc.)
· Mass User Creation and Verification Tools Development
· Authorization and Transaction Maintenance, via SU24, SU22, SE93, SU02, SU03.
· Developing Migration (Transport) and Change Control Strategy
· Creating Custom Transactions and Authorizations.
Project Management
l Planning and Tracking of all SAP Security Project Milestones
l Provided regular status updates to Executives and Auditors
l Coordinate activities across multiple projects, teams, and systems.
Northrop-Grumman, Irving, TX Sept 2006 – Mar 2007
Senior SAP Security Consultant
Process and Design Improvement
· Requirements gathering, documentation, analysis, and negotiation (with management and users)
· Documenting Areas of Vulnerability in SAP Security
· Troubleshooting and correcting complex SAP Security errors reported by end users
· Reviewing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues
· Cleaning up Obsolete Profiles, Roles/ Activity Groups
· Develop automation tools with in house ABAP Programmers
· Develop advanced CRM Security tools and procedures around Partner Function with SAP Developers
· Prepare Evaluations and Screen Candidates for SAP Security Team
· OnCall/After Hours Support
· Developing Custom Authorizations for User Exits in various modules
SOD Remediation via APPROVA
· Technical Lead for Installation of Approva
· Troubleshoot and Support Approva Issues
· Analyze Reports for Users, Roles, and Processes
· Identify and Correct SOD issues for Roles and Users resulting in 100% Mitigation.
· Produce reports for Controllers and External Auditors
Documentation and Training
· Conducting SAP Security Training Classes
· Initiating Process improvements
· Training Colleagues on SAP Security Best Practices
Silicon Laboratories, Inc - Austin, TX Mar 2006 – Sept 2006
SAP Security Architect
Design, Build, Test, and Implementation
· Troubleshooting and correcting complex SAP Security errors reported by Project Team Members
· Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues.
· Implementing newest versions of various SAP products (ECC 5.0, CRM 4.0, SEM 4.0, BW 3.5, EP 6.0, etc.)
· Authorization and Transaction Maintenance, via SU24, SU22, SE93, SU02, SU03.
· Developing Migration (Transport) and Change Control Strategy
· Creating Custom Transactions and Authorizations for CRM, ECC, EP, BW, and SEM
Documentation and Training
· Conducting several SAP Security Training Classes
· Documenting Process Flows
· Initiating Process improvements
· Training Colleagues on SAP Security Concept
Project Management
· Planning and Tracking of all SAP Security Project Milestones
· Provided regular status updates to Senior Project Managers
GlobalSantaFe Corp. - Houston, TX Feb 2005 – Dec 2005
SAP Security Architect
Design, Build, Test, and Implementation
· Requirements gathering, documentation, analysis, and negotiation (with management and users)
· Documenting Areas of Vulnerability in SAP Security
· Troubleshooting and correcting complex SAP Security errors reported by end users
· Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues for the FI and Supply Chain Projects
· Implementing SAP 4.7 Security Architecture
· Authorization and Transaction Maintenance, via SU24, SM54, SE93, SU02, SU03.
· Developing Migration (Transport) and Change Control Strategy
· Cleaning up Obsolete Profiles, Roles/ Activity Groups
SOD Remediation via VIRSA
· Advised on the Installation of Virsa Compliance Calibrator and FireFighter
· Troubleshoot and Correct Technical Virsa Errors
· Analyze Virsa Reports for Users and Roles
· Identify and Correct SOD issues for Roles and Users
· Produce reports for Executives (CFO and CIO) and for External Auditors
Documentation and Training
· Conducting SAP Security Training Classes
· Documenting Process Flows
· Initiating Process improvements
· Training Colleagues on SAP Security Concept
· Monitoring progress of Colleagues
Project Management
· Supervising Junior Consultants
· Prioritizing work for 3 SAP Security resources
· Planning and Tracking of new Projects
· Achieved all Key Milestones on every project
· Provided regular status updates to Senior Project Managers
Shell Lubricants (Pennzoil-Quaker State) - Houston, TX Nov 2004 – Feb 2005
SAP SOX/Audit Consultant
Documentation of SOX Controls
· Planning Documentation Strategy
· Training Colleagues on SOX terminology and methods
· Interviewing Process Owners
· Developing Flowcharts, Narratives, and Walk-thru for multiple applications including SAP R/3, BW, and Legacy systems
Gap Analysis and Remediation
· Analysis of Controls Weaknesses
· Creating “Scoping” Documents for Project Management and CIO
· Advising on best practices for SOX compliance and SAP Security Design
Global SantaFe Corp. - Houston, TX Sept 2004 – Nov 2004
Sr. SAP SOX and Compliance Analyst
SAP Security Analysis
· Providing insight and recommendations into SAP Security Model
· Assisting management with the design of Support Models
· Reviewing SAP Security Design Standards, Naming Conventions, and System Controls in relation to Sarbanes-Oxley
· Report findings and recommendations to Audit Board, Controllers, CFO.
Documentation and Training
· Coordinating communications regarding SAP Security between Internal Audit and Project Team
· Developing documentation for SOX Compliance
SAP Security Controls Testing for Sarbanes-Oxley 404
· Reviewing System Settings
· Identifying Control and Process Gaps
· Devising Test Plans for evaluation of existing Process Controls
· Conducting Preliminary tests and Identifying resulting Issues
· Advising on possible solutions to address Process Gaps to Executive Management (CIO, VP’s)
Halliburton, Houston, TX Aug 2004 – Sept 2004
SAP Sarbanes-Oxley Compliance Analyst
Documentation and Training
· Developing communications regarding SAP Security for a non-technical audience
· Training colleagues in the SAP Security Concept
· Reviewing SAP Security Process Flows
SAP Security Controls Testing for Sarbanes-Oxley 404
· Identifying Control and Process Gaps
· Devising Test Plans for evaluation of existing Process Controls
· Conducting tests and Identifying resulting Issues
· Conducting Extensive User Audits and Access reviews (t-codes, objects, programs)
Conoco-Phillips Company, Bartlesville, OK June 2004 – Aug 2004
Sr. SAP Security Consultant
Design, Build, Test, and Implement
· Requirements gathering, documentation, analysis, and negotiation (with management and users)
· Performing extensive user audits
· Troubleshooting and correcting complex SAP Security errors reported by end users
· Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues
· Upgrading to SAP 4.7 Security Architecture
· Maintaining Object Values via SU24
· Initiating, Creating, Prioritizing, and Monitoring Transports
Network Associates, Inc. (McAfee) - Plano, TX May 2004 – June 2004
SAP SOX and Compliance Consultant
SAP Security Analysis
· Providing insight and recommendations into SAP Security Model
· Reviewing SAP Security Design Standards, Naming Conventions, and System Controls in relation to Sarbanes-Oxley Compliance
Documentation and Training
· Developing communications regarding SAP Security for a non-technical audience
· Training colleagues in the SAP Security Concept
· Reviewing and Documenting SAP Security Process Flows
SAP Security Controls Testing for Sarbanes-Oxley Compliance
· Identifying Control and Process Gaps
· Devising Test Plans for evaluation of existing Process Controls
· Conducting tests and Identifying resulting Issues
Shell Lubricants (Pennzoil-Quaker State) - Houston, TX Dec 2003 - April 2004
SAP Security Lead Developer and Architect
SAP Security Architect
· Providing insight and recommendations into SAP Security Model
· Assisting management with the design of Post go-live Support Models
· Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SoD issues in relation to Sarbanes-Oxley
Documentation and Training
· Developing communications regarding SAP Security for a non-technical audience
· Training colleagues in the SAP Security Concept
· Documenting key project successes and areas of improvement
Design, Build, Test, and Implement
· Requirements gathering, documentation, analysis, and negotiation (with management and users)
· Identifying and documenting Segregation of Duties (SoD) Risks in relation to Sarbanes-Oxley
· Troubleshooting and correcting SAP Security errors reported by end users
· Testing and Implementing Custom Authorizations in FI/CO and Basis.
Lyondell-Equistar Chemicals, Houston, TX Jan 2003 – Dec 2003
SAP Security Lead
Project Management
· Assumed responsibilities of previous consultants without impacting project timeline
· Developing and maintaining project plans
· Determining resource allocations, negotiating project resources and budget with Sr. Management
· Tracking project progress and reporting
· Achieving key milestones
Design, Build, Test, and Administer
· Requirements gathering, documentation, analysis, and negotiation (with management and users)
· Performing extensive user audits
· Identifying and documenting Segregation of Duties (SoD) Risks as pertaining to Sarbanes-Oxley
· Creating reports for Internal and External Auditors in relation to Sarbanes-Oxley
· Identifying Areas of Vulnerability in SAP Security
· Designing and developing Composite Roles and Activity Groups in SAP v. 4.5b
· Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SoD issues
· Administering over 700 Test Ids in the Test Environment and 16,000 named Users in Production Environment
· Troubleshooting and correcting SAP Security errors reported by end users
· Coordinating negations for Security Access across various modules and teams
Cirrus Logic, Austin, TX Aug 2002 - Dec 2002
SAP Security Lead
Project Management
· Design, Build, Test, and Implement SAP Security
· Documentation and Training Permanent Staff on SAP Security Best Practices
<p class="MediumGr