Resume

Sap Security Grc

Location:

Spring, TX, 77386

Salary:

Open

Posted:

January 16, 2024

Contact this candidate

Resume:

MOHAMMAD JAMAL

***** ****** **** **., ******, TX 77386

Tel: 409-***-****/ 346-***-****

ad2trg@r.postjobfree.com US Citizen

Certified Senior SAP Security/GRC & Audit Consultant Profile

• Over 20 years of IT experience with more than 10 years of SAP Security/GRC Administrations, Security Architecture, and Audit.

• Strong expertise in user administrations and authorization concepts, Risk and Control Management, Compliance and Service Oriented Architecture (SOA).

Technical Proficiency

• SAP GRC 10.1/ Authorizations in HR, FI/CO, MM, PM, PS, BW, ESS, SRM, MSS, IS-OIL, and Business Objects (BO)

• Completed SAP HANA S4 Fiori course.

• SAP GRC Access Control Administration (SAP Certified).

• Proficiency in ARA(SOD), ARM, BRM, ERM.

• SAP Authorizations and Auditing for NetWeaver (SAP Certified).

• SAP ABAP (SAP Certified).

• SAP FICO (SAP Certified).

• SAP Security and Roles Authorizations.

• SAP SRM & BI Security.

• SAP BO Dashboard Security for cost sheet reporting.

• End-User Training Coordination.

• SAP Change Management.

PROFESSIONAL SUMMARY:

Bank of America (Chief Technology Group, Cypress TX) - SAP Security/GRC/Audit Team Lead. Feb. 2020 – Current

• Currently working on conversion project from ECC6 to SAP HANA S/4 Fiori.

• Role building for various markets, restricting the user's access to their respective markets in line with the business needs, building roles for processes such as order to cash, procure to manufacture, make to deliver, procure to pay, record to reports, involving modules such as FI/CO, SD, MM, PM, PS, PP, SCM, CRM, HR BI-BOBJ using Profile Generator (PFCG) and Fiori launch pad and so on.

• Provisioning users using Central User Administration on multiple non-production systems.

• Resolving GRC issues and educating users, managers and owners with proper use of tool for Access Request submission, Risk Analysis..

• Maintaining SOD Rule sets and mitigating controls for Access Control to identify risks and notify violations.

• Created and maintained Mitigating Controls to exclude certain risks for which the business had, in system and out of system controls.

• Master Data setup for Emergency Access Management for approvers, controllers, internal auditors and users along with firefighter user ids for firefighters.

• Securing Firefighter user ids from unauthorized access by creating user exit for the firefighter user ids. Setup batch jobs for generating Crystal Reports, Table format reports for Risk Analysis, etc.

• Setup of batch jobs to synchronize roles, profiles, users and roles from repository.

• Configuration for automatic provisioning of users, roles directly to user master record.

• Configuring secret security questions for Password Self Service functionality.

• Master data setup for Access Control owners for ARM, EAM, BRM and ARA (RAR) both in GRC system and NetWeaver Business Client

(NWBC). Familiar with compliance act such as section 404 Assessment of internal control for risk assessment.

• Implemented SOX compliance by putting in place proper controls for change management such as for normal and emergency changes and approvals to move the changes to production.

• Implemented SOX controls for access to modifications of the SAP Security parameters.

• Ran UAR reports on annual basis to enable business owners to review and approve to retain, remove or assign additional access.

• Implemented operations control such as scheduled job creation, system configurations, backup and recovery and other system administration activities in line with SOX compliance.

• Implemented BI/BW Analysis Authorization using RSECADMIN, granting access to Multi-Providers and restricting access by company codes, plants, distribution channels and hierarchical restrictions.

• Assigned Analysis Authorization objects to roles using S RS AUTH Authorization object.

• Restricting access to reporting users by assigning display and execute permissions and power users by assigning maintain authorizations using S RS COMP & S RS COMP1 and other objects to grant access to relevant queries and reports.

• Created ODBC connections to source systems using driver, created Data Foundation layer and Business Layer to publish in the universe.

• Created project and established relational and OLAP connections to access tables and read data from tables.

• Imported and mapped the roles in BOBJ environment and granting permissions to relevant folders by assigning the groups permissions.

• Troubleshooting and rectifying the authorization and permission issues in BOBJ as well as in the backend using RSECADMIN.

• Designing Implementation guidelines for all four products under the SAP GRC Access Controls 10.1.

• Software installation guidance to Basis team & Blue print Designing and Post installation & Base line Configurations.

• BC sets activation for Rules and Guiding Basis to installation of Migration tool.

• Involved in master data management, risk documentation & analysis, preparing UAT scripts, SOP documentations for business & core team users, and strategy documents for future phases.

• Expertise in analyzing and translating business requirements into technical specifications in collaboration with application developers

• Involved in project plan preparation, review at critical points, and regular status reports for senior management.

• Involved in Planning, Implementation & Support of Security administration for a complex and well-integrated SAP landscape with ECC 6.0, BI 7.0, and BOBJ, CRM, SRM and MDM securities.

• Imported BI ABAP roles to SAP Business Objects Enterprise systems.

• Worked on internal SAP Security controls. Provided Knowledge Transfer to SAP Security team members on various SAP Security controls.

• Created new roles in MDM repository as well as perform user administration activities in MDM system.

• Created various Analysis authorizations roles in BI system as part of release project.

• Created and maintained users for various consoles in BPC system.

• Involved in regular support activities along with the support team.

• Detail Oriented, organized, customer focused individual, with strong professional integrity. Ability to establish and maintain high level customer trust and confidence, business relationships with excellent communication skills with both technical and business audience.

• Hands on Experience on HR/HCM Security, Organization Structures PA, PD, Payroll, Time, Travel, E-Recruiting and ESS and MSS Modules.

• Conducted User Acceptancy Tests (UAT) with business and technical teams and troubleshoot and resolved the issues.

• Experienced in working for Full Life Cycle Implementations, Go-Live, Post Go-Live, and Production Support projects.

• Experienced in Solution Manager, working with work centers, System Development Landscape (SLD), Change and Request Management (CHARM) and also used CTS+ and REVTRAC for change management process.

• Good understanding of ABAP Programming Language.

• Strong working experience with MS Excel, Visio, MS Project and MS Access for complex queries, data storage and data massaging.

• Strong ability to diversify and understand new technologies and applications and grasp them in order to stay in tune with the tech sector and its requirements and Exceptional communication & interpersonal skills. Implementation and configuration of GRC 10.1 with services for apps included in the ruleset.

• Configured to integrate SAP Enterprise Portal with GRC 10.1.

• Designing roles for Fiori apps by adding Catalogs and Groups to S/4 HANA roles.

• Activating services for the Fiori apps in /IWFND/MAINT SERVICE.

• Working with business users to identify the issues with Fiori apps and resolving the auth. issues.

• Optimizing the performance by removing the unwanted apps that are not enabled from the catalogs and reducing the number of tiles on the home page which reduces the load time there by improving the user experience.

• Providing support and issue resolution in quick turn-around during project implementation.

• Working on BODS security in CMC granting access rights to users for Information Steward and Data Services to create repositories, rules, profiles to extract data from sources systems and cleanse it.

• Also working on BOBJ, Design time studio, PI/XI, Redwood (batch-job scheduling) and so on.

• Implemented/support GRC AC10.1, Configured GRC AC Access Risk Analysis (ARA) and Emergency Access Management (EAM) components.

• Configured MSMP workflows for addressing various user request types in Access Request Management.

• Successfully integrated LDAP active directory with SAP GRC Access control system.

• Configured the MSMP Firefighter log report workflow for getting the logs to firefighter controllers.

• Successfully implemented various MSMP Mitigation control workflows like mitigation control setup and assignment.

• Configured various BRF+ rule kinds like Initiator rule, Agent rule, Routing rule and Notification and variable rule.

• Successfully configured User Access Reviews (UAR) for assessing the user’s access in all Aramco Oil & Gas Company - SAP Security/GRC/Audit/ Team Lead. Oct. 2003 – Jan. 2020