Amit Chawla

  • SAP Security/GRC/Compliance Architect
  • Dallas, TX
  • Member Since May 10, 2023

Candidates About

 

 

Amit Chawla, CISA

SUMMARY

·         SAP Security Design, Development, and Support for SAP ECC, SAP S/4, BW/BI - HANA, SEM (BPS & BCS), CRM, SRM, Enterprise Portal, Solution Manager, Single Sign-On, CUA (Central User Administration), PPM, BOBJ, BPC, SEM, GTS, Redwood, OpenText, PRA, SAP GRC 10.1.

·         Experience in virtually all ECC/S4 Modules including: HR, PY, WM, MM, FI/CO, FI/RAR, TR, TAX (Vertex and OneSource), PM, SD, PP, QM, PS, AFS, IS-Oil, PRA, IS-AFS, GTS, PPM, ECC, S/4, ChaRM, Portal, SolMan, Fiori, NWBC, Crawford Plus Packs.

·         CISA Certification

·         SOX Documentation, Testing, and Remediation

·         Experience in both Internal and External Audit

·         Experience in Design and Configuration of SOD Tools: Virsa, Security Weaver, Control Panel (Symmetry), GRC 10.1, and Approva BizRights, Bindview.

·         Expert in Role/Security Remediation

·         SAP Project Management

·         Expert in Training of SAP Security Resources

·         US Citizen with Outstanding Communication and Interpersonal Skills

 

 

PROFESSIONAL EXPERIENCE

 

BP – L48 Division – Houston, TX                                                       May 2017 - Present

SAP Security/GRC/Compliance Architect

 

“Greenfield” SAP Implementation on S/4 HANA, with GRC 10.1, IS-OIL, PRA, OilDex, Ariba, OneSource Tax, and Maximo integration.  Currently managing a team of 7 (Big 4 and independent consulting) resources and serving as the technical Architect for all things GRC/Compliance and SAP Security.

 

 

 

Northrop-Grumman - Irving, TX                                                      July 2007 – April 2017

Senior SAP Security and Compliance Architect

 

Design, Build, Test, Implementation, Train, and Support

·         Primary Consultant since 2007 for over 14 implementations. (TK, HR, PY, TR, GTS, PPM, SRM, CRM, Re-Orgs, Supply Chain, Manufacturing, Financial Systems, Proprietary Invoicing Applications, RAR – Revenue Recognition)

·         Extensive work with Internal and External Auditors to address SOD and SOX Issues.

·         Expert Level skills in SOD Role Remediation (Multiple GRC Tools, Risk Management)

·         Expert Level skills in Rule Book/SOD Design, Implementation, and Mitigation. (Multiple GRC Tools – GRC, Symmetry Control Panel, Approva, etc)

·         Expert Level skills in automated provisioning using multiple GRC tools (Access Control, Dynamic Security, Custom ABAP and Portal, IDM integration, PI integration, Workflow)

·         Expert Level skills in Audit Response and Remediation at all levels from Project Teams to Internal/External/DCAA Audit to Sr. Management and Executives.

·         SAP Licensing using FlexNet and SAP Tools

·         Prepared Evaluations and Screened Candidates for open positions

·         Trained new team members in the SAP Security Concept and Best Practices in SAP Security.

·         Developing Custom Authorizations for client specific processes and applications

·         Rolled out over 45000 new users, as the SAP Security Archtect for virtually all project go-lives from 2007 – 2017

·         Experience and Training in Securing new SAP Technologies (S/4 HANA, BW HANA, SSO, and Fiori)

·         Security Lead on the following projects, among others: Timekeeping (3x), Re-Orgs (4x), GTS (2x), PPM, Fiori, SolMan, Payroll, Manufacturing, BPC Pilot, BOBJ, Treasury, iDM, RAR (Revenue Recognition), Customized Vendor Invoicing (2x), Single-Sign On, Redwood, ECC Upgrades (4x), , Workflow, OpenText (2x), Custom Release Management Solution, BW/BI HANA, S/4 HANA Upgrade.

 

SOD Remediation via Approva, GRC & Control Panel (Symmetry)

·         Support Lead for Approva, GRC

·         Technical Lead for Installation of Approva/BizRights, GRC, Control Panel

·         Troubleshoot and Support Approva Issues (Extracts, Services, User Issues)

·         Analyze Reports for Users, Roles, and Processes

·         Identify and Correct SOD issues for Roles and Users (100% mitigation)

·         Presented Audit Responses for Executives and Management.

 

Levi Strauss & Co - Westlake, TX                                                      Mar 2007 – July 2007

SAP Security Architect

 

Design, Build, Test, and Implementation SAP Security Roles and Authorizations

·         Implementing of all facets of SAP Security for entire LS&Co. landscape (SAP Security Design Standards, User IDs, and System Controls to address SOD and SOX Issues).

·         Requirements gathering from all Business/Process Teams

·         Development and Documentation of Testing Standards for Unit Test and Integration Test.

·         Role Development with Profile Generator for newest versions of various SAP products (ECC 6.0, BW 5.0, AFS 6.0, etc.)

·         Mass User Creation and Verification Tools Development

·         Authorization and Transaction Maintenance, via SU24, SU22, SE93, SU02, SU03.

·         Developing Migration (Transport) and Change Control Strategy

·         Creating Custom Transactions and Authorizations.

Project Management

l  Planning and Tracking of all SAP Security Project Milestones

l  Provided regular status updates to Executives and Auditors

l  Coordinate activities across multiple projects, teams, and systems.

 

Northrop-Grumman, Irving, TX                                                        Sept 2006 – Mar 2007

Senior SAP Security Consultant

 

Process and Design Improvement

·         Requirements gathering, documentation, analysis, and negotiation (with management and users)

·         Documenting Areas of Vulnerability in SAP Security

·         Troubleshooting and correcting complex SAP Security errors reported by end users

·         Reviewing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues

·         Cleaning up Obsolete Profiles, Roles/ Activity Groups

·         Develop automation tools with in house ABAP Programmers

·         Develop advanced CRM Security tools and procedures around Partner Function with SAP Developers

·         Prepare Evaluations and Screen Candidates for SAP Security Team

·         OnCall/After Hours Support

·         Developing Custom Authorizations for User Exits in various modules

SOD Remediation via APPROVA

·         Technical Lead for Installation of Approva

·         Troubleshoot and Support Approva Issues

·         Analyze Reports for Users, Roles, and Processes

·         Identify and Correct SOD issues for Roles and Users resulting in 100% Mitigation.

·         Produce reports for Controllers and External Auditors

Documentation and Training

·         Conducting SAP Security Training Classes

·         Initiating Process improvements

·         Training Colleagues on SAP Security Best Practices

 

 

 

Silicon Laboratories, Inc - Austin, TX                                                           Mar 2006 – Sept 2006

SAP Security Architect

 

Design, Build, Test, and Implementation

·         Troubleshooting and correcting complex SAP Security errors reported by Project Team Members

·         Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues.

·         Implementing newest versions of various SAP products (ECC 5.0, CRM 4.0, SEM 4.0, BW 3.5, EP 6.0, etc.)

·         Authorization and Transaction Maintenance, via SU24, SU22, SE93, SU02, SU03.

·         Developing Migration (Transport) and Change Control Strategy

·         Creating Custom Transactions and Authorizations for CRM, ECC, EP, BW, and SEM

Documentation and Training

·         Conducting several SAP Security Training Classes

·         Documenting Process Flows

·         Initiating Process improvements

·         Training Colleagues on SAP Security Concept

Project Management

·         Planning and Tracking of all SAP Security Project Milestones

·         Provided regular status updates to Senior Project Managers

 

GlobalSantaFe Corp. - Houston, TX                                                             Feb 2005 – Dec 2005

SAP Security Architect

 

Design, Build, Test, and Implementation

·         Requirements gathering, documentation, analysis, and negotiation (with management and users)

·         Documenting Areas of Vulnerability in SAP Security

·         Troubleshooting and correcting complex SAP Security errors reported by end users

·         Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues for the FI and Supply Chain Projects

·         Implementing SAP 4.7 Security Architecture

·         Authorization and Transaction Maintenance, via SU24, SM54, SE93, SU02, SU03.

·         Developing Migration (Transport) and Change Control Strategy

·         Cleaning up Obsolete Profiles, Roles/ Activity Groups

SOD Remediation via VIRSA

·         Advised on the Installation of Virsa Compliance Calibrator and FireFighter

·         Troubleshoot and Correct Technical Virsa Errors

·         Analyze Virsa Reports for Users and Roles

·         Identify and Correct SOD issues for Roles and Users

·         Produce reports for Executives (CFO and CIO) and for External Auditors

Documentation and Training

·         Conducting SAP Security Training Classes

·         Documenting Process Flows

·         Initiating Process improvements

·         Training Colleagues on SAP Security Concept

·         Monitoring progress of Colleagues

Project Management

·         Supervising Junior Consultants

·         Prioritizing work for 3 SAP Security resources

·         Planning and Tracking of new Projects

·         Achieved all Key Milestones on every project

·         Provided regular status updates to Senior Project Managers

 

Shell Lubricants (Pennzoil-Quaker State) - Houston, TX                           Nov 2004 – Feb 2005

SAP SOX/Audit Consultant

 

Documentation of SOX Controls

·         Planning Documentation Strategy

·         Training Colleagues on SOX terminology and methods

·         Interviewing Process Owners

·         Developing Flowcharts, Narratives, and Walk-thru for multiple applications including SAP R/3, BW, and Legacy systems

Gap Analysis and Remediation

·         Analysis of Controls Weaknesses

·         Creating “Scoping” Documents for Project Management and CIO

·         Advising on best practices for SOX compliance and SAP Security Design

 

Global SantaFe Corp. - Houston, TX                                                            Sept 2004 – Nov 2004

Sr. SAP SOX and Compliance Analyst

 

SAP Security Analysis

·         Providing insight and recommendations into SAP Security Model

·         Assisting management with the design of Support Models

·         Reviewing SAP Security Design Standards, Naming Conventions, and System Controls in relation to Sarbanes-Oxley

·         Report findings and recommendations to Audit Board, Controllers, CFO.

Documentation and Training

·         Coordinating communications regarding SAP Security between Internal Audit and Project Team

·         Developing documentation for SOX Compliance

SAP Security Controls Testing for Sarbanes-Oxley 404

·         Reviewing System Settings

·         Identifying Control and Process Gaps

·         Devising Test Plans for evaluation of existing Process Controls

·         Conducting Preliminary tests and Identifying resulting Issues

·         Advising on possible solutions to address Process Gaps to Executive Management (CIO, VP’s)

 

Halliburton, Houston, TX                                                                              Aug 2004 – Sept 2004

SAP Sarbanes-Oxley Compliance Analyst

 

Documentation and Training

·         Developing communications regarding SAP Security for a non-technical audience

·         Training colleagues in the SAP Security Concept

·         Reviewing SAP Security Process Flows

SAP Security Controls Testing for Sarbanes-Oxley 404

·         Identifying Control and Process Gaps

·         Devising Test Plans for evaluation of existing Process Controls

·         Conducting tests and Identifying resulting Issues

·         Conducting Extensive User Audits and Access reviews (t-codes, objects, programs)

 

Conoco-Phillips Company, Bartlesville, OK                                     June 2004 – Aug 2004

Sr. SAP Security Consultant

 

Design, Build, Test, and Implement

·         Requirements gathering, documentation, analysis, and negotiation (with management and users)

·         Performing extensive user audits

·         Troubleshooting and correcting complex SAP Security errors reported by end users

·         Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SOD and SOX Issues

·         Upgrading to SAP 4.7 Security Architecture

·         Maintaining Object Values via SU24

·         Initiating, Creating, Prioritizing, and Monitoring Transports

 

Network Associates, Inc. (McAfee) - Plano, TX                               May 2004 – June 2004

SAP SOX and Compliance Consultant

 

SAP Security Analysis

·         Providing insight and recommendations into SAP Security Model

·         Reviewing SAP Security Design Standards, Naming Conventions, and System Controls in relation to Sarbanes-Oxley Compliance

Documentation and Training

·         Developing communications regarding SAP Security for a non-technical audience

·         Training colleagues in the SAP Security Concept

·         Reviewing and Documenting SAP Security Process Flows

SAP Security Controls Testing for Sarbanes-Oxley Compliance

·          Identifying Control and Process Gaps

·          Devising Test Plans for evaluation of existing Process Controls

·          Conducting tests and Identifying resulting Issues

 

Shell Lubricants (Pennzoil-Quaker State) - Houston, TX                           Dec 2003 - April 2004

SAP Security Lead Developer and Architect

 

SAP Security Architect

·         Providing insight and recommendations into SAP Security Model

·         Assisting management with the design of Post go-live Support Models

·         Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SoD issues in relation to Sarbanes-Oxley

Documentation and Training

·         Developing communications regarding SAP Security for a non-technical audience

·         Training colleagues in the SAP Security Concept

·         Documenting key project successes and areas of improvement

Design, Build, Test, and Implement

·         Requirements gathering, documentation, analysis, and negotiation (with management and users)

·         Identifying and documenting Segregation of Duties (SoD) Risks in relation to Sarbanes-Oxley

·         Troubleshooting and correcting SAP Security errors reported by end users

·         Testing and Implementing Custom Authorizations in FI/CO and Basis.

 

Lyondell-Equistar Chemicals, Houston, TX                                                  Jan 2003 – Dec 2003 

SAP Security Lead

 

Project Management

·         Assumed responsibilities of previous consultants without impacting project timeline

·         Developing and maintaining project plans

·         Determining resource allocations, negotiating project resources and budget with Sr. Management

·         Tracking project progress and reporting

·         Achieving key milestones

Design, Build, Test, and Administer

·         Requirements gathering, documentation, analysis, and negotiation (with management and users)

·         Performing extensive user audits

·         Identifying and documenting Segregation of Duties (SoD) Risks as pertaining to Sarbanes-Oxley

·         Creating reports for Internal and External Auditors in relation to Sarbanes-Oxley

·         Identifying Areas of Vulnerability in SAP Security

·         Designing and developing Composite Roles and Activity Groups in SAP v. 4.5b

·         Implementing SAP Security Design Standards, Naming Conventions, and System Controls to address SoD issues

·         Administering over 700 Test Ids in the Test Environment and 16,000 named Users in Production Environment

·         Troubleshooting and correcting SAP Security errors reported by end users

·         Coordinating negations for Security Access across various modules and teams

 

Cirrus Logic, Austin, TX                                                                                Aug 2002 - Dec 2002 

SAP Security Lead

 

Project Management

·         Design, Build, Test, and Implement SAP Security

·         Documentation and Training Permanent Staff on SAP Security Best Practices

 

<p class="MediumGr