Post Job Free

Resume

Sign in

Security Sap

Location:
Wilmington, NC
Posted:
June 28, 2014

Contact this candidate

Resume:

D. P. Anah

acerve@r.postjobfree.com

972-***-****

Skill Set:

An Information Technology professional with 7+ years of diverse industry experience in IT

Technical Support and Security. Specializing in SAP Security and GRC. Expertise includes

auditing, reporting and monitoring. Seeking a position in which I can contribute my diverse

set of knowledge with an opportunity for growth.

SUMMARY OF QUALIFICATION

7+ years of SAP Security Administration & SOX Compliance expertise

o

Multiple SAP Security Lifecycles ( Analysis, Conception, Implementation, Upgrade, QA & Cutover)

o

SAP Security Administration - ECC 5.0/6.0

o

SOX Compliance - GRC 10/5.3/4.0 (CUP (Compliant User Provisioning), RAR (Risk Analysis &

o

Remediation), SPM (Firefighter)

Experience with SAP Portals (EP 5.0/6.0/7.0), Single Sign On (SSO), LDAP Configuration

o

Extensively Involved in the Support all components of GRC 10.0 Access Control [Access

o

Management Risk (AMR), Emergency Access Management (EAM)] & Process Control

Strong scripting experience with Power Shell, Visual Basics and User-Provisioning Service

o

Interfaces

Participated in Internal and External security audits

o

Ability to translate highly complex technical matters into easily digestible and actionable plans.

o

Ability to lead and manage technical individual contributor and management staffs with the ability

o

to foster open communications across various organizational levels.

Successful in meeting new technical challenges and finding solutions to meet the needs of the

o

customer and business

EXPERIENCE

SAP Security/Information Systems Analyst

CVS/ Caremark

Irving, Texas

August 2012 to Present

• SAP Security Auditing both internal and external Auditors and resolved SoD conflicts

• Install and Configured SAP GRC 10.0 Access Control

• Leverage AD objects for resource security access management, authorization and authentication

• Manage Lightweight Directory Protocol and Directory Services independently

• Create and Manage users authorization profiles and Group Authorization using PFCG

• Handle fulfillment of user access requests according to Service Level Agreement queues while

maintaining protection of confidential information

• Worked with table authorizations to control access to tables and created custom table authorization

groups and assigned to tables using transaction SE54.

• Actively utilize outstanding communication skills to interact well with team members and external clients

• Able to initiate ideas that were used to enhance security controls and compliance awareness within the

organization

• Supervised the data cleansing and transfer/conversion

• Prepared appropriate documentation at every milestone of the provisioning process

• Reviews and ascertains organizational compliance to Sarbanes Oxley act, COBIT and COSO frameworks

SAP Security/ GRC Consultant

Infosys

Southfield, MI

July 2010 to August 2012

• Provided SAP security production support for SAP ECC and EP / SAP BI Maintained OSS user ID and

service connection, managed Central User Administration (CUA) system, and traced new custom

transactions

• Ensuring approval for access requests are compliant with business and governance rules

• Worked with the IT department and business units on key new systems projects to ensure the systems

design includes necessary automated controls

• Security Maintenance & Support as part of Legacy System support (R/3 4.7, BW 3.5) and new system

implementation (ECC 6.0, BI 7.0, etc)

• Implementing SAP ECC and SAP BI / EP / GRC to align ERP solution and security framework with

enterprise business requirements

• Test plans/scripts meet the company standards

• Analyzed business requirements and existing processes

• Analyzed a third party application and outlined how it interfaced with Oracle Payables as part of an overall

plan to minimize data entry

• Technical knowledge of the ACDB Tool for SAP End User assignments

• Set up approval security controls and a three-way purchase order matching

• Leverage AD objects for resource security access management, authorization and authentication,

Segregation of Duties (SOD) and dependency conflict analysis protocols, and user termination

processes.

• Worked with Internal and External Auditors to ensure that SOD issues are addressed and proper actions

are taken. Substantially reduced service request response and resolution turnaround time.

• Prepare appropriate documentation at every milestone of the project's life cycle

SAP Security Analyst

Millennium Staffing Services

Las Vegas, NV

July 2009 to July 2010

• Troubleshooting security support issues including, role assignment problems, authorization failure,

working with business process owners to identify required roles or changes to roles to meet access needs

• Established User / Role Management Processes for production / non-production systems, approval /

authorization / administration procedures

• Batch jobs for SoD report dump & actions to eliminate existing violations/risks Worked with the IT

department and business units on key new systems projects to ensure the systems design includes

necessary automated controls

• Good Understanding of Audit Log Files and Set Standards for Audit Log Alerts ( SM19, SM20)

• Analyzed business requirements and existing processes

• Experience in SAP Security Maintenance (PFCG), maintained the roles for all the instance (DEV, QAS

and Prod.

• Setting up SAP system for auto log-out, password length and expiration and specifying impermissible

passwords.

• Activated some descriptive flex fields to capture additional information not available in standard Oracle

forms

• Performance Troubleshooting existing user roles, security objects and authorizations to resolve security

conflicts, supporting users, setting up new accounts, password resets.

• Prepare appropriate documentation at every milestone of the project's life cycle

IT Auditor 1

Millennium Staffing Services

Las Vegas, NV

July 2008 to July 2009

• Documentation of IT processes and controls, assessment of current IT processes to identify control gaps

and efficiency improvements, including any additional special projects to improve IT operations as

requested

• Utilize Active Directory, to ensure maintenance of technical security controls

• Worked with the IT department and business units on key new systems projects to ensure the systems

design includes necessary automated controls

• Test plans/scripts meet the Company standards

• Analyzed business requirements and existing processes

• Analyzed a third party application and outlined how it interfaced with Oracle Payables as part of an overall

plan to minimize data entry

• Mapped the Future Process Requirement into Oracle AP module and identified the gaps

• Activated some descriptive flex fields to capture additional information not available in standard Oracle

forms

• Set up approval security controls and a three-way purchase order matching

• Enabled most payable/financial options radio buttons to meet client's business requirements

• Developed functional conversion specifications to extract suppliers' information from legacy system and

convert to Oracle

• Leverage AD objects for resource security access management, authorization and authentication

Supervised the data cleansing and transfer/conversion

• Prepare appropriate documentation at every milestone of the project's life cycle

IT Auditor

Barclys Industries

Las Vegas, NV

January 2007 to Nov 2008

• Utilize Lightweight Directory Protocol and Directory Services independently

• General computing controls, application control, environmental controls, and system security audits

• Reviews and ascertains organizational compliance to Sarbanes Oxley act, COBIT and COSO frameworks

• Obtains a clear understanding of client's organizational structure, business processes, procedures,

policies, practices and regulatory obligations concerning information system audits

• Designs flowcharts diagrams representing the business narratives and identified risks/control points.

Mapped COBIT control objectives/COSO frameworks to the risk points and identified gaps

• Ascertains the integrity of the operational effectiveness and efficiency of client's information systems

including mainframe, servers, workstations, networking, and. telecommunications

• Obtains sufficient/relevant evidential matters through sampling, interviews, observations, review of

previous documentations

• Investigates IT security incidents and identify vulnerability that exist in the client's network environment

• Actively utilize outstanding communication skills to interact well with external clients and team members

EDUCATION and TECHNICAL SKILLS

• MS Office Suite

• Microsoft Access

• SAP Secuirty/GRC

• Net Weaver 2004 SR1

• Critical Path Method (CPM)

• WBS Levels I, II & III

• Java

• MainFrame

• Active Directory Users and Computers

• Visual Basics (VB) Scripting

• Microsoft Management Console ( MMC)

• Power Shell

• Solution Manager 7. EHP1

• SAP Portals (EP 5.0/6.0/7.0

Educational Background

B.B.A University of Nevada- Las Vegas



Contact this candidate