Rashed M Mohammed

  • Senior SAP Security/GRC Consultant
  • San Diego, CA
  • Member Since May 07, 2023

Candidates About

 

Rashed M Mohammed

SAP Security / GRC Consultant

 

Career Summary:

Senior GRC Consultant  with expertise in SECURITY across platforms and modules; Quality focused individual with experience in Quality Planning and Testing; Excellent team player with exceptional team building abilities, strong organization, technical and interpersonal skills; Confident and poised in interactions at all levels.

 

Core Strengths:

 

·         GRC 10.0: Performed user audits for customer systems and reviewed role and profile using the GRC to identify and mitigate against potential security risks. Expert in configuring, troubleshooting and Supporting of Various Components of GRC 10.0 ARM (Access Request Management), ARA (Access Risk Analysis ),  EAM (Emergency Access Management )

·         Management skills and competencies: Developed long-range plans to drive business related IT and Compliance strategies, providing vision and leadership, proposing and managing budgetsand staff

·         Worked on HANA and BOBJ Security

·         Infrastructure design and architecture

·         Life cycle implementation of ERP

·         Compliance, Risk and Security Analysis

·         Business Analysis and Integration across various platforms

·         Disaster Management and Business Continuity

·         Proactive Technical monitoring and support

·         ROFC (Resolve on First Call)

·         Problem Resoloution

·         Handling Outages and crisis with ease

·         Cybersecurity: Cybersecurity strategy, policies and procedures, information security, application security, vulnerability management, testing, risk and threat modeling, identity managementand forensics

·         Infrastructure Frameworks: Enterprise and IT Governance, Risk and Compliance, Information Technology,Cybersecurity, Cloud Security, and Digital Transformation

·         Risk Management:IdentifyIT and enterprise risks, assess the likelihood and impactand implement mitigating controls and processes where feasible.

·         Vertical Industries:  Financial, High-Tech, Healthcare.

·         Network Installation and maintenance

·         VPN Issues and fiberlink

·         Hardware Failure Issues          

·         Coordination of support &  server team

·         Managing routers, switches, IP devices

·         SAP GRC AC 10.0 implementation

·         Client Server installation (Active Directory, Citrix and N Computing)

·         Video Conferencing, IP surveillance

·         Hardware & software troubleshooting

·         Installation and upgrade of all server and client Operating Systems.

·         Creating User Groups, roles, resources and giving Permissions/access

·         Sharing resolution within the team

·         Hands on Experience on Configuring business critical applications on Android, iPhone and other devices

·         Installation and Configuration of  Network and stand-alone printers

 

 

 

 

 

 

 

Technical Proficiencies:

 

ERP:                           Expert in life cycle implementation, upgrade, security and support of SAP ECC,

CRM, BI,  HANA 1.0, BOBJ 4.0, Netweaver, GRC and Validation.

Applications:               Clarify CRM, Rational Rose, Clearcase, Microsoft Visio, Business Objects

Networking:                LAN/WAN Installation, Router, switching, N-Computing, Video Streaming and

Video Conferencing

Environment:                          All Operating systems, Database, Middleware, Server installation & support

 

Education:

·         MS in Information Systems and CRM from DePaul University, Chicago, IL

 

Professional Experience:

Illumina,  San Diego CA                                                                                 Dec 2013 - Till Date.

Senior SAP Security/GRC Consultant

 

Responsibilities

SAP GRC 10.0 / HANA 1.0/ BOBJ 4.0

 

·         Configured Access Risk Analysis sub module by Creating Connector, setting up Connector type, Creating Custom Global Rule sets, Authorization Sync and Updating Repository Sync( User , Role and Profile ) on Full/ incremental Sync as needed

·         Activate BC sets after completing the data migration process

·         Configure the parameters related to ARA, EAM, ARQ

·         Created users in Target System

·         Download Migration Tool and install the Migration tool

·         Creating the Required Organization Unit in GRC 10.1

·         Export the Configuration and Master data in to GRC 10.1

·         Export the Transactional Data into SAP GRC 10.1and apply OSS Notes

·         Run the job in the background for Repository Synchronization

·         Perform Authorization ( Roles , Users and profiles ) Synchronization

·         Maintaining Configuration Settings

·         Infrastructuredevelopment project manager for following programs:

·         Establishing a Governance, Risk and Compliance Framework infrastructure forthe Information Technology (IT) and Operational Technology (OT) business units.

·         The development of an IT/OTCybersecurity Risk Model.

·         Industrial Controls System Reliability and Security Assurance (Operational Technology) project across all MPC business Units – Refinery, Pipeline, Terminals and Marine.

·         Development and implementation of the NIST 800-53r4, 800-30, 39& 62, API1164 and ISA99 standards and policies.

·         A Cybersecurity Framework that is conducive to the business units and organization. First such model for MPC.

·         Development and implementation of anIT EnterpriseComputer Security Incident Response Team (CSIRT).

·          

·         Import RAR, EAM , ERM, SPM and Workflow data

·         Configured HANA Security for End users and created various privileges and secured the data

·         Worked on HANA studio to create various types of users and assigned respective roles

·         Created Roles in HANA as needed by business using various types of data models and secured the financial reports

·         Worked on BOBJ CMC tool to secure the various types of applications and created custom access levels and assigned the custom access levels to Groups

·         In BOBJ assigned various types of Groups to users to inherit the authorizations and performed synch up the Users from BI to BOBJ

·         Designed security architecture based on Simple, Composite, Derived Roles and other company requirements.

·         Tested and implemented Roles for FI, MM,HR, CRM, APO, SD, CO, PS, PM, PP, QM and other functional modules to ensure accuracy and SoD compliance.

·         Supervised and coordinated the activities of off-shore user support team by providing troubleshooting support and resolving communications issues.

·         Identified, maintained, and documented key values for Organizational Levels, Authorization objects and Authorization Fields.

·         Developed and maintained Netweaver BW/BI security profiles.

·         Implemented BW/BI security by securing Analysis Authorizations into PFCG Roles and assigning them to the users.

·         Created Queries for various business process needs.

·         Troubleshoot authorization errors using transaction code SU53 and ST01

·         Maintained users account by renaming, change password, locking, unlocking

·         Supported testing team according to request

·         Supported training team to prepare documents for end users

·         Go-Live and supported End Users

·         Implemented LSMW Script to Create Mass users

·         Handled various tasks involving Portal engine and resolved web based access issues

·         Developed and maintained Netweaver BW/BI security profiles

·         Implemented BW/BI security by securing Analysis Authorizations into PFCG Roles and assigning them to the users

·         Created Queries for various business process needs

·         Documented security development standards, guidelines, policies, and procedures

·         Added business processes and functional area for business processes

 

Texas United Corporation, Houston Texas                                                   June 2012- Nov 2013

SAP Security/GRC

 

Responsibilities

·         Configured GRC 10.0 for All modules within Access control

·         Activated various business sets and created rule sets within GRC ARA module

·         Configured EAM Module in SAP GRC to provide broader access within in SAP in emergency for sustainment team

·         Configured MSMP ( Multi stage multi path ) within SAP GRC to support various modules within SAP GRC

·         Worked with process experts on SOD - Segregation of Duties issues.

·         Worked with Internal Auditors in creation of Users, Role Mitigations and uploaded them.

·         Assisted Internal Auditors in framing new Rules for combination of new transactional codes

·         Worked with Business Experts in placing Mitigation for Conflicting and Critical transactions.

·         Configured and extensively used the Firefighter tool for emergency access and troubleshooting.

·         Utilized Access Enforcer for user provisioning and audit monitoring purposes.

·         Projectmanagerfor numerous IT and Business audits which included planning, assessing, identifying risks, scheduling, fieldwork, preparation and communication of audit reports to senior management and the audit committee.

·         Project managerfor initiative to identify and implement data analytics and continuous monitoring tools utilizing SAP, IDERA and ACL.  

·         Audits managed and performed: Sarbanes-Oxley (SOX), Payment Card Industry (PCIDSS), HIPAA, NIST 800-53, Insider risks, Application and SAP security,Data security, SIEM, IDS/IPS,VPN, Firewall,Mobile Devices (BYOD), NIST Cybersecurity Framework 1.0, COBIT 5.0, API 1164, ISA-62443-3-2, and NERC CIP.

·         Special assessments and audits: refinery gap assessment, SCADA application security review, pipeline IT security operations gap analysis and Security Operations Center (SOC) gap analysis.

·         Project manager for facilitating and implementingthe development of the Cybersecurity IT Audit program. First such audit program for MPC

 

 

 

GE Healthcare,Arlington Heights,IL                                                                          July 2008 to June 2012

SAP Security

 

GE Healthcare consolidated lot of processes and applications after acquiring Healthcare giants in Nuclear medicine and Research. Despite being Oracle driven enterprise, GE retained business critical applications in SAP and upgraded them.

 

Responsibilities

·         Used comprehensive knowledge of Sarbanes-Oxley (SOX), GLBA, Payment Card Industry (PCIDSS), FERC/NERC, PCAOB Standards, SEC regulations, COSO/COBIT, NIST 800 Series/Standards, and ISO27001/02 to complete audits.

·         Coordinated partnerships with Senior Managers and Directors to meet the enterprises common goals.

·         Completed Specialized Technology Compliance/Auditing Initiatives: Process Control Networks (PCN), Offshore Platforms (Ekofisk-North Sea), Programmable Logical Controllers (PLC), Distributed Control System (DCS), and Supervisory Control and Data Acquisition (SCADA).

 

·         Created BI 7.0 Roles for Various Department and sync the roles/users with BOBJ 4.0

·         Restricted Access to users by Creating Access Levels, Groups, personal folders for various Department in BOBJ 4.0 and Assigned users into Group

·         Worked on CMC Control in BOBJ 4.0 to synch the user groups and Transfer the Roles from the backend systems.

·         Configured users to login BOBJ 4.0 through SSO and run the reports in BOBJ 4.0 and replicate the data as per Roles in BI 7.0

·         Creating Portal roles for BI Portal (EP 7.0) to Publish Queries

·         Assigned Portal roles/ Portal Groups  corresponding to backend roles to user view and use in the portal

·         Created analysis authorization objects for authorization relevant characteristics and Key figures related to Sales chain & Finance reports related to District Managers, Directors and VP

·         Created and maintained SAP HCM Structural Profiles

·         Identified and resolved issues arising from HR integration

·         Modified SAP Role and Authorization to include and adjust HR objects

·         Identify and correct authorizations issues related to used IDs and HR Positions

·         Created PFCG roles for the Business Roles in CRM 7.0 IC Web Client UI and assigned them in Org Structure to various positions.

·         Worked closely with the CRM BSA in creating the Business Roles, Org Structure & Positions.

·         Traced and Resolved Authorization issues for BSP Applications in Web Client UI

·         Created PFCG roles to provide access to logical links of work centers in Business Roles

·         Assigned Business partners to various positions within the Organization Structure

·         Creating Business Partner and associating them with user (employee)

·         Perform user maintenance and SAP License Administration

·         Analyze existing security setup, develop and implement the solutions to cover risk management

·         Worked with Business Process Experts to identify security requirements and associated risks

·         Identify, maintain, and documented key values for Organizational Levels, Authorization objects and Authorization Fields

·         Determine and monitor security policies such as, password length, validity, impermissible passwords, incorrect logon attempts, default client, inactivity period allowed

 

 

Rogers, Toronto,CA                                                                                     May 2007 to June 2008

Technical Support Consultant

 

Rogers is a communications company in Canada dealing with gadgets and digital consumer services. I was hired in the capacity of technical support consultant and my accomplishments.

 

Responsibilities

·         Displayed professional customer friendly attitude with focus on problem resolution & involving/educating user.

·         Understood the user requirements and task urgency in order to provide timely solution.

·         Analyzed business problems and identified solutions in a timely manner.

·         Re-Structured the procedure for escalation to level 2 when needed to escalate.

·         Strategized ROFC (Resolve on First Call) practice and prepared teams technically stronger and self-sufficient.

·         Mentored new hires, motivated teamwork and facilitated innovation as per the policies.

·         Updated and upgraded the system, people and resources through internet search, research and fact finding abilities thus providing solutions to team for further reference.

·         Took every user as a new challenge and resolve any kind of issues through positive attitude.

·         Analyzed issues with problem related to connectivity or laptop performance or application support and took extra efforts to resolve them.

·         Worked in shifts on rotation basis and extend after hours when required by business.

·         Took feedbacks very positively and helped others including myself.

·         Handled every issue independently and if issue was unknown, searched for the issue and took help from peers to give resolution accordingly.

·         Worked on hardware issues of Dell, Sony, Lenovo, HP, Toshiba and others.

·         Installed applications and provided support for Android, Blackberry, iPhone and other Smartphone to the users.           

 

 

Certification Training - Scheduled to take the GRC Exam in November