Prashant Choudhary

  • Sr. SAP Security Architect
  • Atlanta, GA
  • Member Since Jun 02, 2023

Candidates About

 

Prashant Choudhary

16 years of experience in SAP Security, GRC and SAP Basis:

·        I’m a senior SAP Security specialist with experience in SAP Security for ECC ERP, SAP HCM(including SAP SuccessFactors), SAP BI, BPC, SAP NW IDM 7.1/7.0, CRM, SRM, NetWeaver Portal and SAP GRC 10.1 Access Control including three implementations, SAP Security Upgrades and multiple SAP Security Support projects. Strong experience in security architecture, strategy, design and implementation, eCATT for mass security tasks, CUA configuration and set up, SAP HCM/HR-Structural Authorizations, SAP BI 7.0/ BW 3.5 Migration and Implementation of SAP GRC Access Control 10.0, 5.3(including Access Risk Analysis (ARA), Access Request Management, Emergency Access Management (EAM/Firefighter) and Business Role Management).

·        My other specialties include SAP security assessment and redesign, HCM Application Security, HR Org. Structure/Position based security design, XI, Solution Manager, CRM 7.0/2007, BI 7.0 Analysis Authorizations, BW, Portal, ESS/MSS, SRM, SSO configuration through multiple mechanisms(SNC, SAP Logon tickets & SSL/X.509 certificates), SOD evaluation and Audit systems implementations. I’m experienced in all phases of the project life cycle including scoping, planning, upgrading and implementing SAP Security. I've worked as SAP Security Team lead for large Beverages, financial, engineering, technology, education and public sector Companies as well as consulting companies and have conducted several SAP full life-cycle implementations, has delivered superior solutions in high-pressure environments with tight timelines.

·        End-to-end experience of GRC Access Control 10.0 implementation including its technical aspects, Migrating/upgrading from earlier GRC versions to version 10.0.

·         Has worked as Team Lead on multiple full project life cycle projects as well as several support and upgrade projects.

·        Experienced in SAP ECC, ERP, SAP Security, SAP-WAS, SAP HCM/HR & Payroll, SAP NetWeaver Portal, SAP ECC 6.0(SD/ MM, PP, WM, FI/CO, HR), 5.0 R/3, 3.1i, 4.6B, 4.6C, 4.7, CRM 2007, SRM, PI/XI, ESS, MSS, NetWeaver Identity Management(NWIM) ver 7.0, SAP GRC Access Control, Windows Server 2003 Active Directory and its Security, LDAP, SAP Basis.

Security Tools used: SAP GRC 10.0, 10.1, 5.3/5.2, SAP Portal User Management Engine, CUA, SAP Solution Manager (SolMan), Single Sign On. 

 

EDUCATION:

  • MBA in 2001 from India’s top business school:  National Institute of Industrial Engineering (NITIE), Bombay/Mumbai with 7.75/10 CGPA.
  • BS Electronics and Communications Engineering (Honors) in 1999 from India’s top tech school: Malaviya National Institute of Technology (MNIT), Jaipur.

 

Professional Experience:

SAP Security Solution Architect,  Randstad Technologies (Client: The Coca-Cola Company, Bottling Investment Group-BIG), Greater Atlanta Area       

December 2014 to Current

Responsible for delivering SAP-centric solutions that support and advance application Security roles, Segregation of Duties (SoD) compliance and User Management in support of the BIG bottlers on CokeOne+. Solution areas include Security role architecture, design, development, and exploitation of the Security solution components. Subject matter expert in the SAP BI-HANA, SAP HCM/HR, SAP SuccessFactors, ECC, MDM, SRM, SCM, Portal, AP Business Objects(BOBJ), SAP HANA Security, SAP Security and Compliance Access and SoD controls. Have also done Cloud Security work for Oracle Hyperion FCCS/EPBCS implementation at Coca Cola.

 

As Solution Architect I work closely with Security (GSL), Business Solution Leads (BSL’s), Business Process Experts (BPEs), Business Process Leads (BPLs) and Deployment Leads (DLs) to ensure the solution is aligned and enables defined business processes and data standards.  The Solution Architect also works closely with the Support Manager and BIG Security Support Serviced (CCBBS) to ensure a smooth transition of solution delivery from development phases into ongoing operations as well as serve as an escalation for critical production issues, and to govern changes made as a part production incident management processes.

 

As Solution Architect responsible for the following:

          Implement and deploy Security to SAP systems (ECC, HCM/ HRM, BI, BPC, Portal, SCM, SRM, etc...)

          BW security development for operational reporting supporting granular multi-dimensional, drillable operational reports and charts for the bottlers. BI security development for information exploration project.

          SAP HCM Security design, development and support for Coke BIG.

           SAP SuccessFactors administration for Employee Center, Compensation etc.; securing the system using Role-Based Permissions.

          Security design and development for SAP Business Objects.

          Design and delivery of BIG major and minor releases, special projects and off-releases in accordance with defined Demand & Release Management processes

          Deployment of CokeOne+ solution to BIG Bottlers.

          Audit Remediation work

          Landscape Management, including upgrades, refreshes/builds and EWR reports

          Knowledge transfer to BIG team members and bottlers

          Provide thought leadership, solution architecture, and design for the Security Solutions

          Governance of template and local change requests

          Functional and Technical Documentation of design, processes and procedures

          Ensures the solution is in compliance with related TCCC standards

          HR Structural authorizations.

          Sarbanes Oxley and Segregation of Duties management.

          Project Management.

          Leading and coordinating across diverse teams to achieve desired outcomes.

          Use transport management system in complex environments.

          Understanding of key enabling technologies that support business processes.

 

Activities performed in order of Priority:

 

1)       VERY HIGH >>> Prod and NonProd Support:

a.        Review & approve roles changes performed by off-shore [as per standards and compliance reqs]

b.       Charm [SolMan] Transport validation

c.        Represent transports in migration meetings

d.       Represent Security in Bottler and BIG teams status calls

e.       Support bottler and non-bottler security issues - these are escalated issues in which off-shore needs further help from ATL team, esp. in the following areas:

                                                                           i.      BI, BPC, Business Object [BOBJ], HCM/ HR [structural auths], SAP SuccessFactors,  ECC, SRM, Solution Manager, CRM, Portal, Mobile, BCS [Business Consolidation], Oracle Hyperion FCCS/EPBCS Security (This will replace SAP BCS soon); HANA Security

f.         Manage IDM Business Roles mapping for Non-Bottler users

 

2)       HIGH >>> Audit:

a.        Address audit related issues – analysis and remediation

b.       RSECNOTE application across all production systems

c.        Security batchjob management

d.       Early Watch Reports – Security review and action items

 

3)       MEDIUM >>> Release Work – Major and Minor:

a.        Develop, test [incl. Regression], transport and support role changes, esp. those in the following areas:

                                                                           i.      BI, Business Object [BOBJ],  HCM/HR [structural auths], SAP SuccessFactors,  ECC, SRM, Solution Manager, CRM, Portal, Mobile, BCS [Business Consolidation], Oracle Hyperion FCCS/EPBCS Security (This will replace SAP BCS soon); HANA Security

b.       Sufficiently utilize release mgmt. tools – CCSN [minor]; HPALM [major]; SolMan

c.        Dry Run [DR] Security Tasks:

                                                                           i.      DR Prep - FF IDs, validation users, cutover access, etc…

                                                                          ii.      DR system validations

                                                                        iii.      Basis/Functional team access mgmt.

d.       TCO Security Tasks:

                                                                           i.      Attending cutover planning meetings and ensuring inclusion of all security related tasks

                                                                          ii.      Cutover Prep - FF IDs, validation users, cutover access, etc…

                                                                        iii.      Resolve TCO security issues

                                                                        iv.      Review system/access after TCO

 

 

 

SAP Security Consultant at Augmentare(Client: Belden), Greater New York City Area,    July 2014 to November 2014

Responsible for administering and supporting the security and authorization aspects for Belden’s SAP presence globally.

·                    Establishing and maintaining user rights, system access and authentication within Belden’s SAP environment

·                    Oversight and administration of SOX compliance within Belden’s SAP environment

·                    Development and administration of SAP security and authorization processes and documentation

·                    SAP security administration and support with SAP R/3 4.6c/4.7 ECC 6.0, SAP HCM and NetWeaver Process Integration (PI).

·                    SAP project management.

 

SAP Security /GRC Administrator at FlightSafety International, Greater New York City Area, April 2013 to June 2014

·        Administrator for global SAP implementation: End-to-End Full Life Cycle implementation including HR,FI,PS,BPC, CPM,BI et al; Production Support & Security Design and development of Security roles including derived/enabler roles based on Org Levels like company codes, profit centers, plants etc.

·        Implement, configure, maintain and support the Governance Risk and Compliance (GRC) 10 suite of products.

·        Contextual Structural Authorization for SAP HCM Security.

·        Support SAP ECC, BI, BOBJ, SAP BPC 10.0, Solution Manager and NW Portal systems.

·        Transaction Authorization, Analysis/Reporting Authorization

 

 

Sr. SAP Security/GRC Consultant

Forrest Solutions Group (Client: Viacom/ MTV Networks), New York, NY, Greater New York City Area,   February 2012 to August 2012

Lead a new full life cycle SAP Security implementation covering all aspects of design, build, testing, cutover and post production support:

·        Configured Security roles for SAP ECC, SRM, SUS, BI & BOBJ, Portal and Solution Manager.

·        Processes included in the implementation are: RTR, PTP, OTC and also HR (for SAP HR mini-master only).

·        Configured and implemented SAP GRC Access Control 10.0 including GRC Access Risk Analysis, Emergency Access Management and Access Request Management.

·        Also interacted with Compliance/Audit to insure successful audits.

 

 

Sr. SAP Security Architect, Technology Services

Turner Construction Co., Greater New York City Area

Feb 2011 to March 2012

 

I served as dedicated point of contact for all SAP Security related activities. Ensure that adequate architecture, configuration, policies, and procedures are in place within Turner’s SAP environment and that all of the above is documented. I work with various business verticals to address their security needs within SAP. Maintains alignment with Turner’s overall security framework/roadmap. Serve as integral part of the change control process, review all changes within SAP from a security standpoint and ensure alignment with security framework. Responsible for SAP security in the following areas:

·         Global SAP ECC security design and architecture: The Company operates internationally in Europe, Asia and Australia.

·         Creating security roles and users

·         User authorizations and administration

·         System access

·         Central User Administrator

·         Support specialized areas of SAP Security:

1.       HR

2.       CRM 7.0 security including Access Control Engine(ACE)

3.       Java and Portal Security design and implementation.

4.       BW/BI

5.       BPC

·         Design and set up SAP CRM Security Business roles and PFCG Roles for WebUI users.

·         Knowledge of security-related information, technology products and services that relate to the business needs of Turner Construction.

·         Maintain up-to-date documentation of all SAP security configurations, policies, and procedures.

·         Assist in developing and enforcing Turner Construction and Technology Services policies, procedures, and standards.

·         Configured and implemented Single On(SSO)  for three use cases:

SAPGUI using SAP SNC Kerberos

SAP Netweaver Java AS using SPNego Kerberos

SAP CRM WebUI using SAP Logon tickets

 

 

SAP Security Technical Expert at Wal-mart Stores Inc., Bentonville, AR

April 2010 to August 2010

 

Technical SME/ Lead of a global team responsible for supporting production and non-production SAP systems comprised of Regional ECC Systems for USA and UK with planned rollouts for numerous other countries, Global Business Intelligence (BI), Process Integration (PI), SAP GRC Access Control Suite (ACS), Solution Manager, CUA, and Enterprise Portal.

 

Implement and support a role based security design in ECC, BI 7.0 and Netweaver Portal, configure GRC Access Control 5.3:

 

  • SAP security administration, maintenance and role design.
  • Set up custom organizational level authorization fields and derived role design and maintenance.
  • Troubleshoot and resolve SAP security issues in a support and/or testing circumstances.
  • Work with the business to understand SAP security requirements, and be able to provide technical solutions.
  • Configure GRC toolset (RAR, SPM, ERM and CUP modules).
  • Recommend, implement and assure compliance with policy and procedures affecting the SAP environment on a government and company level.
  • Support SAP system security internal and external audits.
  • Set up SAP security processes, policies, and standards (ECC and BI 7.0, PI or Portal).
  • Design BI 7.0 security and the analysis authorizations.
  • Configure CUA environment and support it.
  • Excel and Access database manipulation for Role Manager.
  • Knowledge of basic business operational models to facilitate discussions with business teams.

 

Production Support (ECC, BI, PI, EP, ACS, CUA, Solution Manager)

•        End-user/Support Role Maintenance

•        Role Unit Testing/Transport

•        Documentation 

 

SAP GRC Access Control Suite (ACS) Maintenance & Operational Activities

•        Risk and Remediation (RAR)

•        Compliant User Provisioning (CUP)

•        Superuser Privilege Management (SPM)

 

Non-Production Support (ECC, BI ,PI, EP, ACS, CUA, Solution Manager)

•        User and Role Maintenance

•        Monitoring and Simulation

 

Experience in configuring, implementing, updating and supporting the SAP GRC Access Control suite version 5.3: Risk Analysis and Remediation (RAR),Compliant User Provisioning (CUP), Enterprise Role Management (ERM), Superuser Privilege Management (SPM). Technical expertise in implementing SAP GRC with an enterprise-wide scope and design of new SAP roles and the redesign of existing SAP roles to reduce the risks associated with segregation of duties(SOD) issues. Ongoing maintenance of the software configuration within the SAP GRC Access Control application. Review and deployment of service packs that are released by SAP for SAP GRC Access Controls. Working in conjunction with other support organizations to address any database or performance issues for the SAP GRC Access Controls suite of products.

Daily monitoring of jobs that are necessary for the GRC application(s) to run effectively and efficiently, for example nightly management risk analysis reporting. Experience with development of GRC Security Strategy as applicable to SAP application suite.

Other activities:

Provide training to Risk Managers, Role Owners and Key Users – in the use of SAP GRC Access control 5.3- RAR module

SAP GRC 5.3 – Mitigating SoD Conflicts

SAP GRC 5.3 – Sync up of User Groups

SAP GRC 5.3 – Risk Analysis & Remediation, creating and maintaining Mitigating Controls

SAP GRC 5.3 – Adding Systems to SAP GRC System.

Documentation related to Security and GRC Access control 5.3

 

 

SAP Security Consultant, Adaptive Solutions Group (client: Caleres/Brown Shoe Co.), St Louis, MO            July 2009 to Dec 2009

Architect the security infrastructure for SAP Implementation Project for: SAP HR/FI, SAP NW IdM 7.1, GRC Access Control 5.3, Portal, BI 7.1, PLM 7.0, CRM 7.0, SRM 7.0, Solution Manager 7.0 and XI/PI:

  • Role Development for SAP HR(including PA, PD, Time Management, Payroll, Benefits and WFM), FI, BI 7.1, Portal and XI/PI including table Security and custom authorization design, SAP Security architecture design. Implemented HR Structural Authorizations using the Context solution. Strong understanding of HR Master Data Elements and HR Organization Management.
  • Configured and administered SAP GRC Access Control 5.3(RAR, CUP and SPM).
  • Configured custom rule set for Brown Shoe in RAR, also configured CUP as per the workflow requirements of the customer including creating Entry types, stages, paths and Custom Approver Determinators(CAD).
  • Designed and implemented CRM 7.0 security business roles, Extensive working knowledge on SAP CRM ACE (Access Control Engine) Security model and programming, Customer Interaction Center (CIC).
  • Implemented SAP Netweaver Identity Management 7.1(IdM) across a diverse IT landscape including all SAP systems (HCM, FI, BI and Portal), GRC as well as non-SAP systems: MS AD, MS Exchange and IBM iSeries etc. , Installation on various components of NW IDM: VDS, IC, Web UI etc.  Set up SAP NW IDM Virtual Directory Server (VDS) to load data from SAP ECC.
  • Set up NW IDM Provisioning framework using NW IDM Identity Center
  • Scripting in JavaScript and VBScript for custom IDM IC passes.
  • NW IDM integration with SAP GRC Access Control CUP.
  • BI 7.1 Security design for End user, Power users and administrators; role and analysis authorization development. Generation of BI analysis authorizations through RSECADMIN transaction using structural authorization data extracted from data sources in the HCM ECC system for MSS and WFM users.
  • Designed and developed security for BOBJ Crystal Reports and for BusinessObjects XI 3.1 integration with SAP BI. Knowledge of Business Objects Enterprise, Crystal, WebI, XCelsius, Voyager, Explorer.
  • Security design for MSS/ESS, HR, Portal, WFM, HR reporting security design.
  • Supported the implementation of SAP FI and HCM in a position based security environment.
  • Supported Go-Live activities related to user provisioning, security role development, configuration of GRC Super-user roles and structural authorizations.
  • Development of SAP Portal Security and the role design and testing of SAP Structural Authorizations related to WFM and MSS.
  •  Created SRM 7.0 (EBP, SUS) roles as per the business requirements:
  1. Building EBP-Users from an HR-System.
  2. Used transaction USERS_GEN to mass create users and attach them to Org Structure
  3. Other transactions used: PPOMA_BBP, PPOSA_BBP,

 

  • Table Security and Custom authorization design, HR custom Objects (custom infotypes) and ALE Model data interface design.
  • Responsible for Security Configuration, testing, and overall project support up to go live.

 

 

SAP Security Architect/ Lead at Elite Careers LLC., Piitsburgh, PA          

Feb 2006 to July 2009

 

Worked for the following four projects:

 

Fuji Photofilm & Fuji Graphic Systems USA Inc., Valhalla, NY          

Worked as SAP Security Lead for the FGSU Pathfinder Project which includes SAP ECC 6.0/5.0 and BI 7/ 3.5 implementation, subsequent roll-offs, upgrade and continued support.

Job description & Responsibilities:

Design secure business solutions in SAP; developing, testing, implementing and upgrading of security for SAP ECC 6.0/ 5.0, BI 7.0/ BW 3.5, PLM 6.0, SRM 6.0, SCM 6.0  and CRM 2007 of Fujifilm Graphic Systems U.S.A. Inc. (FGSU) landscape. Areas included: FICO, Logistics (Sales and Distribution, Materials Management, Production Planning, Warehouse Management), HCM, CRM 2007 and BI 7.0/BW. Developed and implemented improved policies and procedures, implementing best practices solutions for SAP Security change management IT controls to support SOX compliance standards, requesting changes, testing and transporting SAP Security roles to production environment. Spearheaded and successfully implemented ongoing SOX and ISO 27000 Compliant Security Solutions designed to balance support of production processes, and governance and audit requirements, improved processes and procedures.

 

Design and implement comprehensive Identity Management program that supports Fuji standards and procedures across all environments. Developed SOX Sec 404 compliant security solutions designed to balance support of production security processes and governance and audit requirements: Installed and configured SAP GRC Access Control v 5.2 including Risk Analysis & Remediation formerly Compliance Calibrator, Compliant User Provisioning formerly Access Enforcer, Superuser Privilege Management formerly Fire Fighter and Enterprise Role Management formerly Role Expert and upgrade to version 5.3:

  • Evaluated and implemented ways to mitigate the current risk, modified existing Fire Fighter Ids, did updates/changes to IT User Roles.
  • Developing security processes and procedures associated with the Fuji application landscape.

 

Designed current IT user access and how IT users gain access to the system with SAP NetWeaver Identity Management 7.0:

  • Worked on SAP Identity Management 7.0 deployment based on an SAP HCM ABAP as the identity source use case. IdM- GRC integration initiative.
  • Developed IT security requirements for Identity Management specifically focused on the capturing repositories details and the provisioning framework.
  • Transitioned SAP CUA to SAP NW Identity Management solution.

Upgrade and Migration of SAP BW 3.5 Security to BI 7.0 Analysis authorizations:

  • Conversion and activation of custom objects to analysis authorizations.
  • Proficient in use BI 7.0 Analysis Authorizations creation and implementation tools: RSD1, RSECADMIN, RSEC_MIGRATION.
  • Involved in appropriate profile mappings, role assignments and testing through the BEx analyzer.
  • PD profiles and BI structure security and authorization design.
  • Structural authorization BI analysis and BI structure conversation.
  • Troubleshoot client’s issues on new analysis authorizations and concepts around security.

SAP CRM2007 Security: Configure WebClient User Interface (UI) security, User creation, Business Roles, PFCG roles, technical roles, Flexible security framework which can be adapted to specific customer needs, program CRMD_UI_ROLE_PREPARE, Org. structure model role assignment.

SAP Biller Direct, SAP Exchange Interface (“PI/XI”). Managed the security of Oracle 10g databases; hardened the database’s security by enforcing stricter password controls using profiles.

 

SRM 6.0(EBP/SUS) Security:

 * Worked with the SRM business team to prepare and maintain role matrices and user mapping matrix.

 * Created EBP, SUS roles and Involved in troubleshooting roles, identified missing objects, arranged the menu structure as per the business requirements and tested roles.

 * Worked with the SRM configuration team in building, testing and implementing the roles

 * Created Users in the SRM environment using the web browser using transaction BBPUSERMAINT.

 * Created SRM users using the transaction SU01 and Assigned the user to Organizational hierarchy for SRM Team members through USERS_GEN.

 

Continued SAP security support of SAP environment for Fuji including: security development,  incident monitoring, trouble shooting. Used eCATT: extended Computer Aided Test Tool for automating security tasks and user management, Access Review, Groups Creation/Modification, Authorization Traces and Troubleshooting. Configuration of Single Sign-On with Microsoft Kerberos, LDAP/ Microsoft Active Directory, supporting production environments, designing SAP security and in advising team on Security issues. Experienced in developing testing protocols, process control and tracking documentation.

 

Bayer Corp., Pittsburgh, PA                                         

Worked on the “Bayer THR (HR/ HCM & Payroll)” project as the SAP HR Security Team Lead for the Bayer SAP landscape (SAP ERP 2005 ECC version 6.0)

Job description & Responsibilities: Worked as SAP HR and Approva Bizrights Security Specialist: Bayer Corp., a major multinational corporation has implemented SAP HCM/ HR (version 2005) at their US HQ in Pittsburgh, this job involved: Design and set up HCM Security Roles, Profiles and HR Structural Authorizations and test all security development through Integration Testing, Parallel Testing and Go Live. Use Approva Bizrights to make this system SOX/SOD compliant. Created new Connectors and assigned mitigating controls. Coordinated the implementation and acted as SAP Security Subject Matter expert for BA's and BPO's. Performed SAP Security Administration functions -- Creating new Roles, Modifying existing Roles, User Administration using Solution Manager. Solved production authorization problems by analyzing user buffers. Supported Security around SAP HR / SCM and CRM modules. Assisted in conducting gap analysis between business requirements and SAP’s available

  • Experience:
    16 Years
  • Birthday:
    12/31/1969
  • Education Level:
    Master

Contact Us

This website requires cookies to provide all of its features. By using our website, you agree to our use of cookies. More info