D. P. Anah
acerve@r.postjobfree.com
Skill Set:
An Information Technology professional with 7+ years of diverse industry experience in IT
Technical Support and Security. Specializing in SAP Security and GRC. Expertise includes
auditing, reporting and monitoring. Seeking a position in which I can contribute my diverse
set of knowledge with an opportunity for growth.
SUMMARY OF QUALIFICATION
7+ years of SAP Security Administration & SOX Compliance expertise
o
Multiple SAP Security Lifecycles ( Analysis, Conception, Implementation, Upgrade, QA & Cutover)
o
SAP Security Administration - ECC 5.0/6.0
o
SOX Compliance - GRC 10/5.3/4.0 (CUP (Compliant User Provisioning), RAR (Risk Analysis &
o
Remediation), SPM (Firefighter)
Experience with SAP Portals (EP 5.0/6.0/7.0), Single Sign On (SSO), LDAP Configuration
o
Extensively Involved in the Support all components of GRC 10.0 Access Control [Access
o
Management Risk (AMR), Emergency Access Management (EAM)] & Process Control
Strong scripting experience with Power Shell, Visual Basics and User-Provisioning Service
o
Interfaces
Participated in Internal and External security audits
o
Ability to translate highly complex technical matters into easily digestible and actionable plans.
o
Ability to lead and manage technical individual contributor and management staffs with the ability
o
to foster open communications across various organizational levels.
Successful in meeting new technical challenges and finding solutions to meet the needs of the
o
customer and business
EXPERIENCE
SAP Security/Information Systems Analyst
CVS/ Caremark
Irving, Texas
August 2012 to Present
• SAP Security Auditing both internal and external Auditors and resolved SoD conflicts
• Install and Configured SAP GRC 10.0 Access Control
• Leverage AD objects for resource security access management, authorization and authentication
• Manage Lightweight Directory Protocol and Directory Services independently
• Create and Manage users authorization profiles and Group Authorization using PFCG
• Handle fulfillment of user access requests according to Service Level Agreement queues while
maintaining protection of confidential information
• Worked with table authorizations to control access to tables and created custom table authorization
groups and assigned to tables using transaction SE54.
• Actively utilize outstanding communication skills to interact well with team members and external clients
• Able to initiate ideas that were used to enhance security controls and compliance awareness within the
organization
• Supervised the data cleansing and transfer/conversion
• Prepared appropriate documentation at every milestone of the provisioning process
• Reviews and ascertains organizational compliance to Sarbanes Oxley act, COBIT and COSO frameworks
SAP Security/ GRC Consultant
Infosys
Southfield, MI
July 2010 to August 2012
• Provided SAP security production support for SAP ECC and EP / SAP BI Maintained OSS user ID and
service connection, managed Central User Administration (CUA) system, and traced new custom
transactions
• Ensuring approval for access requests are compliant with business and governance rules
• Worked with the IT department and business units on key new systems projects to ensure the systems
design includes necessary automated controls
• Security Maintenance & Support as part of Legacy System support (R/3 4.7, BW 3.5) and new system
implementation (ECC 6.0, BI 7.0, etc)
• Implementing SAP ECC and SAP BI / EP / GRC to align ERP solution and security framework with
enterprise business requirements
• Test plans/scripts meet the company standards
• Analyzed business requirements and existing processes
• Analyzed a third party application and outlined how it interfaced with Oracle Payables as part of an overall
plan to minimize data entry
• Technical knowledge of the ACDB Tool for SAP End User assignments
• Set up approval security controls and a three-way purchase order matching
• Leverage AD objects for resource security access management, authorization and authentication,
Segregation of Duties (SOD) and dependency conflict analysis protocols, and user termination
processes.
• Worked with Internal and External Auditors to ensure that SOD issues are addressed and proper actions
are taken. Substantially reduced service request response and resolution turnaround time.
• Prepare appropriate documentation at every milestone of the project's life cycle
SAP Security Analyst
Millennium Staffing Services
Las Vegas, NV
July 2009 to July 2010
• Troubleshooting security support issues including, role assignment problems, authorization failure,
working with business process owners to identify required roles or changes to roles to meet access needs
• Established User / Role Management Processes for production / non-production systems, approval /
authorization / administration procedures
• Batch jobs for SoD report dump & actions to eliminate existing violations/risks Worked with the IT
department and business units on key new systems projects to ensure the systems design includes
necessary automated controls
• Good Understanding of Audit Log Files and Set Standards for Audit Log Alerts ( SM19, SM20)
• Analyzed business requirements and existing processes
• Experience in SAP Security Maintenance (PFCG), maintained the roles for all the instance (DEV, QAS
and Prod.
• Setting up SAP system for auto log-out, password length and expiration and specifying impermissible
passwords.
• Activated some descriptive flex fields to capture additional information not available in standard Oracle
forms
• Performance Troubleshooting existing user roles, security objects and authorizations to resolve security
conflicts, supporting users, setting up new accounts, password resets.
• Prepare appropriate documentation at every milestone of the project's life cycle
IT Auditor 1
Millennium Staffing Services
Las Vegas, NV
July 2008 to July 2009
• Documentation of IT processes and controls, assessment of current IT processes to identify control gaps
and efficiency improvements, including any additional special projects to improve IT operations as
requested
• Utilize Active Directory, to ensure maintenance of technical security controls
• Worked with the IT department and business units on key new systems projects to ensure the systems
design includes necessary automated controls
• Test plans/scripts meet the Company standards
• Analyzed business requirements and existing processes
• Analyzed a third party application and outlined how it interfaced with Oracle Payables as part of an overall
plan to minimize data entry
• Mapped the Future Process Requirement into Oracle AP module and identified the gaps
• Activated some descriptive flex fields to capture additional information not available in standard Oracle
forms
• Set up approval security controls and a three-way purchase order matching
• Enabled most payable/financial options radio buttons to meet client's business requirements
• Developed functional conversion specifications to extract suppliers' information from legacy system and
convert to Oracle
• Leverage AD objects for resource security access management, authorization and authentication
Supervised the data cleansing and transfer/conversion
• Prepare appropriate documentation at every milestone of the project's life cycle
IT Auditor
Barclys Industries
Las Vegas, NV
January 2007 to Nov 2008
• Utilize Lightweight Directory Protocol and Directory Services independently
• General computing controls, application control, environmental controls, and system security audits
• Reviews and ascertains organizational compliance to Sarbanes Oxley act, COBIT and COSO frameworks
• Obtains a clear understanding of client's organizational structure, business processes, procedures,
policies, practices and regulatory obligations concerning information system audits
• Designs flowcharts diagrams representing the business narratives and identified risks/control points.
Mapped COBIT control objectives/COSO frameworks to the risk points and identified gaps
• Ascertains the integrity of the operational effectiveness and efficiency of client's information systems
including mainframe, servers, workstations, networking, and. telecommunications
• Obtains sufficient/relevant evidential matters through sampling, interviews, observations, review of
previous documentations
• Investigates IT security incidents and identify vulnerability that exist in the client's network environment
• Actively utilize outstanding communication skills to interact well with external clients and team members
EDUCATION and TECHNICAL SKILLS
• MS Office Suite
• Microsoft Access
• SAP Secuirty/GRC
• Net Weaver 2004 SR1
• Critical Path Method (CPM)
• WBS Levels I, II & III
• Java
• MainFrame
• Active Directory Users and Computers
• Visual Basics (VB) Scripting
• Microsoft Management Console ( MMC)
• Power Shell
• Solution Manager 7. EHP1
• SAP Portals (EP 5.0/6.0/7.0
Educational Background
B.B.A University of Nevada- Las Vegas