Security Sap
Resume:
Balaji K Jilla (BJ)
******@*****.***
SAP SECURITY GRC Architect
(US Citizen)
> Mr. Jilla has more than 15 years of progressive IT/Business
experience. He is a senior SAP Basis Security expert & an experienced
SAP Techno Functional consultant, specializing in brand new
implementations & upgrades.
> Involved in four full cycle implementations of SAP SD, MM, FI, HR, PP
and WM and five upgrades. (Global)
> Developed applications using ABAP/4 Workbench, Dictionary, Interactive
reporting, BDC and SAP script.
> Hands on experience within BIW, SRM, HR (ESS/MSS), CRM, Oracle, DB2,
Lotus Notes, Java, NT and UNIX. Prior IT experience includes Project
management, Business Analyst, Programming, Testing, Hiring &
Mentoring.
> Architect level experience in SECURITY includes: SoX, Segregation of
Duties (SOD), all components of GRC suit (RAR, SPM, CUP & ERM),
Redesigning Roles, Profile creation, modifications, User
Administration, Authorization objects, User reconciliation, Problem
analysis, CATT functionality and Custom authorization checks.
> Supported more than 22 SAP landscapes with more than 30,000 production
user ids.
> In depth experience in SAP R/3 3.1I, 4.0b, 4.5b, 4.6c, 4.7 Enterprise,
ECC5.0, ECC6.0, Netweaver 2004S, BI 7.0, CUA, Ent Portal, J2EE,
SCM(APO,P2P),SEM, SRM(EBP), IS-Retail, XI/PI.
> Managed and participated in complete planning and implementing
security policies, processes, methods, controls for security
optimization.
> Managed teams and handled internal and external audits.
> Knowledge of security principles and standards including SOX, SARM,
CISSP, COSO, HIPPA SIX SIGMA & ITAR.
> Handled project funding, budget allocations, steering committees and
reported directly to executive teams.
> Knowledge on GRC NFE.
TOP SKILLS:
. Overall SAP IT Management
. Excellent Communicator, Leader & Mentor
. Experience in FDA regulated environment
. Project Management
. GRC /SOX/Audit Specialist
. Expertise in Access Controls and Process Controls
Pratt & Whitney, East Hartford, CT May 10 -
Current
Sap Security & Security Weaver - Starpoint Solutions LLC
> Review the current security, audit and SOX processes
> Review the current Approva Rules and Configuration
> Prepare Proof of Concept to meet the client needs for Security weaver
(SW) implementation
> Implement SW, test the tool after implementation
> Build Rules at Authorization object level and sensitive transactions
> Conduct sessions and did knowledge transfer
> Redefine existing controls to meet SW standards
> Create and present the tool build to the executive committee for
approval
IBM Global Services, Poughkeepsie, NY Aug 09 -
April 10
Security Architect & GRC specialist
> Work on many IBM's internal and external customers' worldwide
providing daily support with user ids, roles/profiles, auditor's
enquiries, transports.
> Involved in role development on all SAP releases: SAP 4.5b, 4.6c,
4.7/ECC 5.0/6.0, BI, CRM, SRM, EBP, XI/ PI & GRC.
> Analyze Root Cause of Authorization Problems and fix the missing
authorizations.
> Support continuous improvement in existing and new environments by
contributing to the problem management process and ensuring execution
of corrective actions assigned to the team.
> Interacted with Business Analysts of the project to assess needs,
identify key challenges, and define project scope and deliverables.
> Establish detailed security upgrade plan, strategy and dual
maintenance procedure
> Supported developers on problems with queries, authorization object
checks etc.
> Supported implementation of GRC 5.3 suite of products RAR, SPM, CUP &
ERM.
> Knowledge and understanding of 3rd party bolt-on products (like
Cognos, Sabrix, Vendavo, etc.) within the security solution strategy.
> Closely work with Auditors in all periodic audit queries
> Ran Virsa reports and documented all SOD conflicts with mitigating
controls.
> Ran Approva for access list remediation.
> Document processes and procedures for the Security Team. Applied SAP
Information Processing guidelines ITCS 303, ITCS104, Application SOD
standards.
> Provide training, coaching, code review, co-authoring designs for the
team
> Provide technical leadership, direction and expertise to peers and
clients
> Keep other teams informed of work status and change that relate to
their activities
> Build collaborative relationships with customers and take actions to
meet the needs and concerns.
> Provide off-shift on call support
Fossil, Richardson TX July 09 - Aug 09
Security Specialist and Audit advisor
> SOX clean up - redesigning the Roles
> Helping the team to build the process documents for security/SOX
> Provided Post Upgrade Security Support for BW, SEM, SRM, IS-RETAIL,
CUA, Portal, ECC6.0
> Worked with Internal Audit and teams to design Mitigating Controls and
coordinate with the Business and the corporate Governance committee.
> Reviewing the existing Activity-Groups for better security controls,
the project involved a new position level security.
> Within BW/BI done Authorization trace through transaction codes like
RSSMTRACE, RSSMQ, RSUDO, RSSM, analysis and identifying Info Areas
Info cube, and created custom authorization objects.
> Fixed authorization issues encountered during the Unit and Integration
testing using the help of SU53 and ST01.
> Converted manual profiles to authorization groups/roles.
> Designed and created new roles according to the input provided by the
functional consultants for all the R/3 modules.
> Fixed authorization issues with the help of system trace and
authorization checks.
General Fund Enterprise Business Systems (GFEBS - US Army), VA April
09 - June 09
GRC Architect
> Lead in Designing the complete GRC 5.3 implementation of RAR, SPM, CUP
& ERM
> Worked with the functional design, technical build, configuration,
customization effort.
> Performed business process analysis, blueprinting, security design,
and segregation of duties analysis.
> Created Project plan, Scope, Architecture integration with their
current LDAP, EP and CUA model.
> Provided understanding of mapping of the solutions to the functional
requirements of each business client. Applied best practices to design
a total solution.
> Partnered with project team (Accenture) to analyze workflow,
processes, procedures, data sources, problems/pain points, and assist
with designing an enterprise GRC Design.
> Interpreted requirements data, map current and future state business
processes to the packaged application being implemented, and develop
plans to address functional gaps between the packaged application and
the redesigned processes.
> Participated in technical build effort. Gathered requirements from
infrastructure teams and coordinated next steps with sub-teams.
> Designed detailed project plan and scope for each release of the
project. Ensured that project activities are delivered on time.
> Documented key project related documentation (functional designs, data
sources, test plans, scope changes, etc.)
> Created relevant metrics to show progress of implementation work
effort. Communicated updates as needed to project team, management,
and army teams.
> Identified and prioritized issues to be worked and create
documentation to facilitate the process.
AMB Property Corporation, San Francisco, CA June 2008- Jan
2009
Lead Security/GRC specialist
> Architecting Security planning, designing, building & testing of Brand
New Implementation of ECC 6.0, HR, HCM, BI 7.0, EP 7.0, SOLMAN, SEM,
BCS, MDM & XI/PI.
> Lead in the development of the security framework and standards for
the SAP environment using ASAP methodology.
> Setting up Enterprise portal security 7.0 along with Windows Active
Directory.
> Setup of external directory services (LDAP) like Microsoft Active
Directory and its integration and deployment with SAP Central User
Administration CUA and SSO (Single Sign on).
> Implementing GRC 5.2 module (AE, CC &FF) Access Controls & Process
Controls
> Set up UME on Netweaver Webas server.
> Role designing, user set up, support process, setting up traces, work
with functional process leads.
> Specific role creation for BOBJ/PI integration and report publishing
within BI.
> Ensure compliance to Security Policies, Procedures, and Control Sets.
Working with internal/external auditors.
> Reviewing and setting up their complete SOX procedures.
> Created end user Master roles/Derived roles and production support
roles
> Assisted MDM functional lead with designing and building roles for
business expert and master data.
> Work with the test lead on Mercury tools.
> Developing Security Processes and Procedures for end user training.
Sealed Air Corporation/Crayovac, NJ June 2007 - May
2008
Security Lead/GRC/Sox Consultant
Project 1
> Principle consultant involved in all phases of GRC.
> Complete assessment of the existing security and successfully
completed SOD remediation for R/3, BW & HR.
> Implemented Virsa CC 4.0
> Planned, executed, and reported phases of audits in critical business
and IT processes and technology including Section 404 Sarbanes-Oxley
testing
> Performed audit procedures, including identifying and defining issues,
developing criteria, reviewing and analyzing evidence, and documenting
client processes and procedures
> Conducted interviews, reviewed documents, developed and administered
surveys, composed summary memos, and prepared working/training papers
> Worked closely with business process owners to gather information and
define security roles and controls.
> Developed new processes and procedures within security, redefined
roles and did knowledge transfer
> Created training materials and trained security team and support teams
involved.
> Overall project management, SOX remediation, Audits and process
administration
> Assisted SOX Director in all phases of project goal for total
compliance
Project 2
> Developed Security roles for implementation of NetWeaver 7.0
> Worked extensively on BI 7.0 security, Analysis Authorizations,
RSECADMIN
> Upgrade support for CRM 5.0 security and its portal integration.
> Extensive exposure working on Enterprise Portal security, iViews,
Roles, Worksets, assigning iViews to roles and user, roles and groups
maintenance.
> User Maintenance using CUA.
> Created and maintained new ECC roles, trouble shooting, extracting
data from the desired tables and analyze data for presentation
> Trouble shooting report errors in BI and Portal.
> Good understanding of BI Workbench, Cubes and Multi-Cubes, Queries and
Reports in BI.
Kraft Foods, NJ April 2007 - June 2007
Security Lead
> Overall security support and assisting team in all technical issues in
analyzing, providing solution, developing process, documentation etc.
> Assisted in upgrade to ECC 6.0
> Supported implementation of Solution Manager.
> Security support for implementing Recipe Management part of PLM.
> Assessed existing HR system to provide security support
> Global identities based on an HR issued unique employee id.
> True Role Based Provisioning meaning core permissions will be driven
by HR attributes (job code)
> Configured UME (J2EE Engine of Sap WebAS Java) set up SSO, uploaded
roles from ABAP systems.
> Involved in SOX remediation and clean ups.
AOL, VA Oct 2006- Mar 2007
Security/SOX specialist
> Involved in upgrade for VIRSA to 5.1
> SOX clean up - redesigning the Roles
> Helping the team to build the process documents for security/SOX
> Provided Post Upgrade Security Support for BW, SEM, SRM, CUA, Portal,
ECC6.0
> Assisted the team in incorporating SSO on Netweaver Portal.
> Mapped the users from Netscape Directory into Portal Server
> Developed Security roles for implementation of NetWeaver 7.0
> Worked extensively on BI 7.0 security & Analysis Authorizations.
> Extensive exposure working on Enterprise Portal security, UME,
Replication Manager (Sap J2EE Engine), iViews, Roles, Worksets,
assigning iViews to roles and user, roles and groups maintenance.
> User Maintenance using CUA, and Global Composites in the CUA.
Avaya Communications, Basking Ridge, NJ Sept 2005-Oct 2006
Lead -SAP Security
> Implemented VIRSA CC 4.0 from scratch and moved entire SOD rules from
CSI.
> Upgrade to ECC5.0 is on - prep support.
> Complete overall support and accountable for GLOBAL SAP security
includes design and implementation on R3, BW, HR, APO for all user ID
admin and Role builds for SOX compliance.
> Supported all modifications of existing role changes to retire risk
> Directed change activities within newly created team as well as all
activities to be supported by IBM contract resources within Production
Support, Maintenance Security, Transport Control teams.
> Represented all change needs in SOX compliance to all CCB reviews.
> Created, maintained and executed Project Plan for all activities and
documentation.
> Created and incorporated roles for newly acquired International
concern from acquisition for multiple functional areas introduced
after scope established for 400+ users
> Worked extensively on SU24 to redefine tables USOBT_C & USOBX_C.
> Worked extensively on HR structural authorizations, experience to
streamline authorization rules and utilize standard SAP structural
authorizations functionality
> Supported all users at "Go Live" for immediate access updates or
changes during mitigation and final role alignment by function
> Worked with the testing team using QA tools (test director & load
runner)
> Incorporated new functional user groups and template models for
immediate access alignments in accordance with new definitions and
compliance.
> Interfaced directly with external auditors on SAP in all phases of
review, planning and mitigation of new Model for quarterly reviews by
Process Owners (CSI) for SAP results
> Reported directly to the Director on a daily basis on all activities.
Unilever - HPC & BF - Trumbull, CT June 2005-July2005
SOX project lead
> Interacted with Business Analysts of the project to assess needs,
identify conflicts and redesigned roles.
> Reconciliation of Segregation of Duties (SOD) conflicts, to meet
compliance with Sarbanes-Oxley requirements.
> Worked extensively on VIRSA audit tool VRAT to find the segregation of
duties issues and performed Role remediation.
> Involved in setting up VIRSA VRAT, VFAT & Role Expert.
> Done FDA validation on all issues.
IBM Corporation - AMS Delivery & eprocurement Jan 2005 - June
2005
SAP Security Specialist.
> Involved in SOD and defining new authorizations for Lenovo, China
> Prepared the complete role structure as required taking the input from
BPO's.
> Implemented the VIRSA VRAT tool.
> Created the complete data for local matrices for reporting.
> Created all the procedures for successfully running the tool
> Trained the team members for running the reports and analyzing the
conflicts.
SAP America
Client Avaya, Basking Ridge, NJ Oct 2004 - Dec
2004
SAP Security Analyst
> Team member in a group of consultants that designed, implemented, and
tested solution for SOD conflicts identified by Internal Audit
partners
> Performed 3.1h profile and 4.6c role cleanup in R3 & 3.0 in BW to
mitigate Segregation of Duties conflicts in preparation for external
audit and Sarbanes-Oxley for Q4 2004 compliance and SEC reporting
requirements
> Worked with D&T and SAP team in helping them identifying the ways to
remove the conflicts without a valid tool.
> Removed more than 66,000 conflicted Tcodes.
> Completed validation and transports for mass generated roles.
> Created SAP Test User Accounts and modified roles using SAP CATT.
> Performed UNIT testing on created roles.
> Did knowledge transfer and laid security procedures for the team.
Eastman Kodak Company, Rochester, NY. Sept 2004 - Oct
2004
SAP Security Analyst
> Worked as part of SOX team for R3 & BW and assisted in elimination of
Segregation of Duties (SOD) conflicts inherent within the KODAK SAP
security model.
> Worked with Business specialists to help them understand what SAP
authorization objects are causing the conflicts and what all options
exist for mitigating the conflicts.
> User Administration for more than 100,000 users.
> Worked with profile generator (PFCG) in creating roles, profiles,
composite roles, derived roles, and global roles.
> Worked with VIRSA systems VRAT tool in identifying conflicts single
roles and composite roles.
> Manually modifying profiles and roles to remove the SOD conflicts
present in the roles.
> Using CATT script for mass generation of roles and User assignments.
> Perform UNIT testing on created roles.
> Used Derived activity groups to create new activity groups and to
transfer transaction codes from old ones to new ones.
> Effectively analyzed trace files and tracked missed authorizations for
users' access problems and inserted missing authorizations manually.
> Transported the generated roles and profiles using SAP transport
management system.
> Created users and maintained user master and established security
policies and procedures.
IBM Global Services, Poughkeepsie, NY. Oct 1999 -
Aug 2004
SAP Basis Security Specialist
> Worked on many IBM's internal and external customers (PFIZER, PIERSON
PUBLISHING, UNITED TECHNOLOGIES CORPORATION) worldwide providing daily
support with user ids, roles/profiles, auditor's enquiries,
transports.
> Established detailed security upgrade plan, strategy and dual
maintenance procedure.
> Completed Security upgrades from 3.1H to 4.6 C, 4.5 to 4.7 using SU25
and Profile Generator (PFCG)
> Redefined check/maintain status via SU24.
> Converted manual profiles to Activity Groups.
> Extensively worked with the Profile Generator on 4.5B, 4.6x and 4.7
systems as well as manual creation of profiles in 3.1I, 3.1H level to
create roles/profiles for the ABAP, Basis, Security, Configuration
teams and End Users
> Added authorization objects and values to Customers custom objects
> Worked on EBP user id administration via USERS_GEN and SU01
> Scheduled jobs for PFUD.
> Setup Traces for authorization purposes and Security Audit Logs for
audit purposes
> User Ids administration for worldwide supports on R/3, BW, EBP, CRM &
HR systems.
> Supported developers on problems with queries, authorization object
checks etc. Closely worked with Auditors in all periodic audit
queries.
> Extensively worked on Transport Management. Transported Roles/Profiles
using STMS across systems
> Documented processes and procedures for the Security Team
> Maintained security standards for providers of Network and Computing
Services - ITCS204.
> Applied SAP Information Processing guidelines ITCS 303.
> Performed quarterly Health Checking on production and non-production
systems
> Using IBM's UAWEB Admin tool, created User IDs request webpage for
Customers
> Worked with VRAT tool
> Mentored team members.
IBM Global Services, Poughkeepsie, NY Oct 1998 - Sept
1999
SAP Basis Team
> Administered SAP production and non-production environment.
> Client creation, Client copying (Local & Remote) and Client
Export/Import
> Performance monitoring/ trends, such as monitoring SAP buffers,
aborted updates, locked entries, setting up printers for global SAP
users.
> Configured the Transport Management System
> Supported job scheduling, archiving, and outbound faxing solutions.
> Applied Support packs and OSS notes
> Performed client copies
> Assisted in SAP upgrades and installation.
> Provided day-to-day technical support and issue resolution
Nabisco Inc. Bilkes Barre, PA April 1996 - Oct
1998
SD Functional Consultant
> Performed Customization and Configuration aspects in SD module.
Analyzed needs for conducting business process and provided detailed
requirements for configuration.
> Member of the SD team responsible for configuring the system in Sales
order processing and assigned various functional units to company code
using SAP implementation guide.
> Worked extensively on creating sales data, master data in sales
document types, processing inquires, quotations, sales orders, partner
functions and output determination.
> Assigned schedule line and item categories, contracts, scheduling
agreements, determining dates cancellation rules and in-completion
logs.
> Developed pricing procedures using various condition types, condition
techniques. Defined pricing agreements for different customers.
> Consulted with the client's SD team members and directed the client
process teams through entire functional, training, and business
process decisions. Also, developed several change-management
scenarios for SD.
> Assisted technical team members in the development of coding standards
and uniform layout reports (such as Bills of Lading, Carrier Final
Instructions).
> Worked on different sections of shipping, transportation, billing and
packing documents.
SKILLS
SAP R/3 3.1I, 4.0b, 4.5b, 4.6c, 4.7 Enterprise; ECC 6.0, Ent Portal,
Netweaver 2007S, SAP EBP; APO, SCM, BW, SEM. CUA, XI; Audits, SOD, Sarbanes-
Oxley, GRC & Approva.
SAP Modules SD, MM, FI-CO, WM, PP, PS, HR, PM, CRM, BIW
Microsoft Office Suite, Microsoft Project, Visio, Lotus Notes & MS Access.
Java, JavaScript, J2EE, HTTP, HTML & XML
MSWindows, NT, UNIX, AIX, HPUX, Citrix, DB2 & Oracle.
EDUCATION & TRAINING
> Masters in Computer Science.
> Masters in Business Administration.
> Masters in Commerce & Finance.
> Masters in Marketing & Sales Management.
> Successfully completed training course in SD module offered by SAP
America.
> Successfully completed training course in BIW - Authorization offered
by SAP America (BW365)
> Succesfully completed training course in Sap Enterprise Portal and
System Administration offered by SAP America (EP200)
> Pursuing CISA certification
[pic]
Contact this candidate