Security Sap
Resume:
Fernando Romero
Email: abpoan@r.postjobfree.com
Address: 6514
City: Carmel
State: IN
Zip: 46033
Country: USA
Phone: 317-***-****
Skill Level: Experienced
Salary Range: $176,000
Primary Skills/Experience:
See Resume
Educational Background:
See Resume
Job History / Details:
FERNANDO ROMERO
6514 Paddle Dr - Carmel, IN 46033 - abpoan@r.postjobfree.com
SAP Senior Consultant with expertise in SAP systems development and security administration. Over 10 years of IT experience with more than seven years of SAP security administration. Involved in Network Security Administration and Application Security projects, evaluating, designing, and developing SAP Security Architecture. Strong expertise in user administration and authorization concepts, Risk and Control Management, compliance and Service Oriented Architecture (SOA) Business and Application Support role designing and modification.
TECHNICAL SKILLS
* Security planning for all SAP modules.
* Experience with SAP Security strategies and guidelines for GRC.
* Experience on the IBM and Bearingpoint Phased Model.
* Knowledge on Sarbanes - Oxley Compliance.
* Applied Segregation Of Duties (SOD) within all SAP Implementations.
* Extensive experience in CATT scripts.
* Experience with SAP security reports (SUIM).
* Experience in SAP Netweaver 2004s, ECC 6.0, mySAP, R/3 4.6c, CRM.
* Experience using Virsa tools: Compliance Calibrator, Access Enforcer, Role Expert, Firefighter.
* Knowledge on SAP Process Control 5.2
* Experience on SAP GRC Access Control 5.3 and GRC 10.0
* Experience with User Administration, User Reconciliation and Custom Authorization Checks.
* Expertise through Audit Information System (AIS) and Management of Internal Control (MIC).
* Experience on Identity Management IDM 7.1 and 7.0.
* Experience with Enterprise Portal 6.0 security administration.
* Experience with SAP BW Security and SAP BI analysis authorization concept.
* Experience with HR Security and knowledge on HCM security model.
* Active Directory Services for network user administration.
Key experience
Shire Pharmaceuticals, Wayne, PA May 2012 - Present
(Consultant4Less, LLC) SAP Security Consultant
* I have participated in the upgrade of SAP GRC 10.0, adjusting the new generated risks with business managers and role owners.
* Supporting the SAP platform globally through Help support and Remedy tickets.
* I`ve participated in the upgrade of SRM system and migration by providing access support to current users and provisioning of new users.
* Upgrade and migration of BW system to BI 7.3, this included creation of new report roles based on analysis authorizations and provisioning users for the new security authorization concept.
* Provided support to SAP HCM users. Creating new roles for HCM during upgrade.
* Have used Solution manager to create Requests For Changes and document transport requests from development systems to production.
* Have provided support to APO systems by creating new roles, changing roles and provisioning user access.
Bayer CropScience, Raleigh, NC May 2010 - Mar2012
(Consultant4Less, LLC) SAP Security Consultant
* Worked on Authorization support of internal users for the Global Organization (Over 12,000 users) on ECC6.0, BW, APO, Solution Manager, CRM and SCM. The CRM data was classified according to the required level of protection. Control solutions were defined on the basis of protection requirements for this data, which were integrated into a comprenhensive security strategy ensuring that only authorized users had controlled access to it.
* Athenix project: creation of 155 new roles for new Company code, updating Org. values of parent roles, assignment of those roles to users.
* Changed Naming convention of 46 existing roles, and added new tcodes for 24 roles based on new naming convention concept.
* Dart Project: Data Retention tool, creation of Dart roles for NAFTA users.
* QA Management Approver of Change Management Tool test cases to comply with SOP (Standard of Procedures).
* Participated in constant improvement of SAP authorization administration by cleaning up unused roles, transactions, updating roles with new transactions and assigning and removing access to users on the SAP landscape.
* Supported BW team with BW role assignment and RAVTC updates to users.
Coca Cola Enterprises, Atlanta Feb 2010 - Apr 2010
(Consultant4Less, LLC) SAP IDM Consultant
* Participated as a liaison between the SQL development team and IDM support team.
* I participated on the testing of new user accounts created. Revised current procedures and workflow processes. I provided an efficient method in SAP IDM 7.1 for system -actioners- to access work queues and manage access requests. Monitored privileges that control access to tabs in the IDM portal associated with the correct roles currently assigned to users. Assisted on user support tickets through Remedy tool.
* Worked with SAP Identity Management 7.1 to handle authorizations whenever an employee was assigned a new position in the organization, and de-provisioning for inactive users.
* Created BO (Business Object) user for logon and work in the SAP environment. This ID contained the validity, role and printer settings and communication date like telephone number, fax, email address etc.
Balchem Corp, New Jersey Aug 2009 - Jan 2010
(Consultant4Less, LLC) SAP Security Consultant
* Worked with Access Control 5.3 for SOX and SoD clean up.
* Analysis of the possible security problems in pre-implementation GRC process.
* Participated in defining the implementation strategy for RAR.
* Responsible for GRC user administration.
* Assisted in defining risks, security roles, and mitigating controls on GRC AC.
* OSS Administration
* Prepared Standard Operating Procedures.
* Restricted access at Program and Table level Security
* Review critical & sensitive authorizations, implement improvements to meet audit requirements
* Maintained Level 2 security across various functionality like Company code,plant, Distribution center.
* Created roles, worksets, pages, iviews & Delta Links as required for EP administration.
* Assigned User Groups and UME roles to portal users.
* Uploaded SAP Roles into the SAP Enterprise portal
* Transferred Portal roles to SAP Systems.
* Supported day to day authorization issues on SAP Netweaver 2004s platform.
Empresas Polar (Polar Enterprises), Caracas, Venezuela May 2009 - Jun 2009
(Independent) Security Administrator
* Administered users for ECC 6.0 platform through CUA and Active Directory Services user permissions for the Global organization.
* Created, changed user access based on help desk support tickets through HP OpenView.
* Provisioned and deprovisioned network and SAP users.
* New Display role Design - Created a new display job role for all Buyers, Planners and General Material Users by merging all existing Job roles into a single job role. Data of transaction usage was collected by generating reports from RBE tool on the usage of transactions for all the users assigned to existing display roles. Appropriate authorization objects were restricted to display functionality. This job role contained transactions like MM03, MM04, MM06, MMBE, ME2C, ME2L etc and the corresponding authorization objects - M_RAHM_BSA, M_MATE_BUK, M_MATE_LGN, M_MATE_MAT, M_BEST_BSA etc.
Wyeth Pharmaceuticals, Guaynabo, Puerto Rico Nov 2008 - Mar 2009
(Consultant4Less, LLC) Senior Security Consultant
* Worked with Sarbanes-Oxley Compliance - Strategy management related to SAP business processes, transactions, control infrastructure, financial reporting process. SOX Section 404, remediation of Segregation of Duties (SOD) within SAP implementation. Used Virsa tool extensively for handling SOD conflicts for each user. Worked with VIRSA Firefighter to define all Firefighter IDs with owners/approvers. Likewise, mapped Fighter IDs to users and configured various options to include tracking of Successful/unsuccessful sign on of approved users during Fire Fighter mode of operation.
* Worked with VIRSA Role Expert to produce Role Definition and change history reports for Internal/External Auditors. Handled the comparison of Role definition with actual Roles created by PFCG to ensure integrity using Role Expert. Assigned roles using Virsa RE.
* VIRSA Compliance Collaborator 5.2 tool. Used Virsa tool for handling SOD conflicts for each user. Run reports for Risk Access remediation and mitigation controls.
* Performed training on Virsa tools for internal auditors.
Reichhold, Inc. Durham, NC ( Bearingpoint, Inc) Jul 08 - Sep 2008
Senior Security Analyst/Admin
* Supported the Security Team with best practices on post-upgrade activities related to authorizations assignments to users from SAP R/3 4.6C to ECC 6.0 by using the upgrade tool tcode SU25 and Authorization checks.
* Closely worked with the Functional, Basis and ABAP Staff for the implementation of special business modifications and SAP enhancements as part of upgrade to ECC.
* Checked important tables to determine changes and synchronization of authorizations in user profiles.
* Monitored user and management activity, error, and other exception reports to ensure security is being maintained consistent with the Information Security Policies and Procedures.
* Assisted in identifying gaps in security administration processes and procedures as well as areas for significant improvement, optimization and automation during upgrade.
* Worked as a liaison between the R/3 Development Team, Basis and Security Team.
Honeywell, Minneapolis MN ( Bearingpoint, Inc) Oct 2007 to Jun 2008
Senior Security Analyst/Admin
* Participated in analyzing, and writing security related standard procedures for the user administration, roles and profile generation following SOX compliance and Sod for the new Composite role concept and User Master Records.
* Designed and provided the SAP R/3 security support for SAP R/3 ECC 6.0 and Netweaver 2004s. Generated role matrices and created end users as per the Organizational Structure.
* Created and maintained user authorizations in single, composite and derived roles and profiles, this also included to review critical & sensitive authorizations, defined Level 2 security across various functionality like Company code, plant, Distribution center, etc.
* Implemented improvements to meet audit requirements for CRM systems due to different user groups with access to CRM data. Internal employees were assigned roles for the internal CRM system, and external partners were provided access to CRM data via portal.
* Supported Help Desk security for the global SAP Landscape (DEV, QA, PRD) through Remedy tickets.
* Administered Central User management (CUA) for non-production systems.
* Worked with web based and infoset queries.
* Supported unit and integration testing, going live and post go live support in ECC 6.0 environment.
* Used the TMS system to transport the objects and roles from Development system to Quality Assurance system.
* Wrote CATT scripts for creating, deleting mass user ids, creating and generating roles.
* Handled SAP and OSS ID administration. Worked on ID Administration for SAP and OSS users. Provided developer`s key and opened service connection.
* Used VIRSA Compliance Calibrator 4.1 to run reports for segregation of duties conflict between roles and users software to satisfy the requirements of the company for GRC during developing and migrating to new composite roles concept for ECC 6.0 Plant Maintenance and Role Development.
* Used Mercury tool during composite roles testing phase.
* SSO configuration for the development and validation systems, configured the users in Enterprise Portal with Single sign on functionality, exchange role information with ABAP based systems, uploading SAP Roles into the SAP Enterprise portal.
Phillips Medical Systems, Seattle, WA ( Bearingpoint, Inc) Aug 2007 to Oct 07
Senior Security Analyst/Admin
* First contact for the Security Team between Seattle and Eindhoven, Netherlands as part of the validation phase of new role assignment.
* Ensured consistency of security access across functional areas.
* Ensured job role security access testing matched security architecture design
* Participated in analyzing, and writing security related standard procedures for the user administration, roles and profile generation following SOX compliance and SoD.
* Supported Live security for the entire SAP Landscape (DEV, QA, TEST, PRD).
* Created new or edit existing roles as per the requirements coming through Help Desk which involves the inclusion of transactions in the menu tree or editing the activities as per SU53 results. Troubleshooting the authorization problems.
* Responsibilities included Controlling Access to Restricted Transactions.
* Created Authorization groups for execution of Special SAP Reports.
* Responsible for daily security checks, monitoring unsuccessful logons, monitoring inactive users and locking inactive users in production system.
Komatsu America, Chicago Illinois (Prosoft group) Feb 07 to July 07
SAP Security Consultant
* Participated in analyzing, and writing security related standard procedures for the user administration, roles and profile generation following SOX compliance and SoD.
* Designed and provided the SAP R/3 security support for SAP R/3 4.6c. Generated role matrices and created end users as per the Organizational Structure using PFCG.
* Responsible for Creating and Maintaining user authorizations, roles and profiles and also created and modified single, composite and derived roles.
* Worked closely with Audit Team for User-role conflict removal.
* Coordinating with the Functional Business Owners on new role requirements and reviewing the transactional access within the roles.
* Modified and assigned roles for CRM, APO, SEM, SRM components in DEV and QA systems.
* Authorizations for business data and tcodes for mySAP CRM were defined and implemented using PFCG. For Channel Management, ACE rules were enabled for distribution of authorizations to users complementing the CRM authorization concept.
* Created Authorization groups for execution of Special SAP Reports.
* Tested development systems (portal & R/3 backend) to ensure SAP protection strategies are properly implemented and working as intended. Designed roles for Strategic Enterprise Management sub module business planning and simulation. Secured the BSP (Business Server Page) and Planning Folder roles by trial balance code and BPS objects Planning Area, Planning Level, Planning Package, Planning Functions. Configured the users in Enterprise Portal with Single-Sign On Functionality.
* Created new or edit the existing roles as per the requirements coming through Help Desk.
* Responsibilities included Controlling Access to Restricted Transactions.
* Created Authorization groups for execution of Special SAP Reports.
* Responsible for daily security checks, monitoring unsuccessful logons, monitoring inactive users and locking inactive users in production system.
DHL EXPRESS, PLANTATION, FL (Prosoft Group) AUG 06 TO JAN 07
SAP Security Consultant
* Lead Security changes and recommendations as per PWC Security Audit for SOX Compliance on HCM system.
* Designed HR roles and went through complete phase from designing the roles, supporting unit and integration testing support. Secured the roles by Personnel area and Employee subgroup. Implemented security for ESS, Benefits, Time, Training & Events, Personnel Administration, Personnel Management, and Payroll. Deployed security by using Structural Authorizations in tandem with regular R/3 roles.
* Implemented and modified existing HR structural authorizations. Redesigned existing HR composite Roles and single roles. Investigated and replaced manual HR Profiles with Roles.
* Made a requirement study, finalized the user authorization matrix for SoD.
* Adjusted HR roles and user provisioning based on solutions for the following risks: Considered risks to unauthorized access to personal data, unauthorized execution of master data reports and unauthorized downloading of personal data that should be particularly protected, unauthorized personal data with DB tables.
* Defined New Printer Devices related Authorizations with controlling access to printers.
* Troubleshot the authorization problems.
* Administered security throughout Central User Administration (CUA).
* Used the SAP Transport Management System (TMS) extensively for migrating changes to other systems and clients.
* Responsible for daily security checks, monitoring unsuccessful logons, monitoring inactive users and locking inactive users in production system.
* Performed troubleshooting for tickets, Plant Maintenance and Role Development.
* Coordinated with Functional Business Owners in preparing mitigation documents.
* Provided support to off-shore team on security related issues.
TESORO PETROLEUM, SAN ANTONIO, TX (Prosoft group) APR 2006 - JUL 2006
SAP Security Consultant
* Worked closely with Audit team for user-role conflict removal in SAP BW.
* Implemented Info object level BW security as Analysis Authorizations concept.
* Coordinated with the functional and business team.
* Created BW security Authorizations. Created BW Reporting authorizations.
* Designed BW roles for MM, SD, PP, FI, CO and HR modules and went through complete phase from designing the roles, supporting unit and integration testing, going live and post go live support.
* Business role specific authorizations for power users and Reporting users.
* Provided read access to info providers for Information users.
* Provided reporting authorizations based upon data values.
* Accumulated the user requirements and designed the Global Security for the Business.
* This was implemented by coordinating with the eleven local countries on what functionality and authorizations and security need to be in place for the design of the Global Security Architecture.
* Part of the security team that developed the security profiles, system maintenance /operation and Performance monitoring.
* Created Roles and Profiles using both conventional methods and profile generator utilizing all the modules across the SAP Environment: FI, CO, MM, PP HR and SD Logistics, Basis, Supply Chain, Quality and Reliability, and Manufacturing to meet Sarbanes-Oxley and Internal Audit Controls. Created new change management processes for IT Applications, Security, New Hires, and Terminations.
* Business role specific authorizations for power users and Reporting users.
* Provided read access to info providers for Information users.
* Provided reporting authorizations based upon data values.
Movistar - Telefonica (Caracas, Venezuela) Jun 2005 - Feb 2006
SAP Basis/Security Administrator
* Performed daily system health checks, weekly checks, and responsible for overall system tuning, getting involved with problem escalation and resolution, Setting up of RFC connections. Analyzed system performance, database performance, system health checks, implemented tuning improvements, established OSS connections where appropriated.
* Modified user profiles using PFCG for users all over their branch offices in Venezuela.
* Defined and maintained authorizations for FI, CO, MM, PP HR and SD modules.
* Created new or edited the existing Roles as per the requirements coming through Help Desk.
* Designed new Roles with grouping of transactions and Controlling Access to Restricted Transactions.
* Defined New Printer Devices related Authorizations with controlling access to printers.
* Maintained Authorization Periods for users for limited time use.
* Developed R&C Matrix by Risk, Impact and likelihood, mitigating controls to support assertions.
* Provided reported authorizations based upon data values. Implemented Info-object level BW security. Created BW security Authorizations, created Authorization objects through RSSM, business role specific authorizations for power users, provided read access to info providers, restricted the end-users in BW at Geographical/Functional level.
* Supported Internal and External Security audits in production systems. Worked closely with Audit Team for User-role conflict removal.
* Scheduled the security background jobs that generated the reports.
* Handled the maintenance of existing HR Roles using PFCG.
* Worked with Infotypes, subtypes and HR master data to adjust HCM profiles.
* Assigned roles indirectly through HR - ORG in local systems. Supported users at different levels for the security issues in MDM module and analyzed Business Scope and developed User Roles for the better understanding of Security Authorization plan.
CONSEIN, C.A, Caracas, Venezuela Feb 2004 - Jun 2005
(NON SAP) IT Consultant
* Designed, Installation and configuration of Microsoft Technologies (MOM, SMS, ADS, SBS, SQL Server, MS Exchange server, ISA Server and IIS) for Banking, Manufacturing and Telecommunications sectors.
* Installation and configuration of various HP, COMPAQ and DELL Servers.
* TCP/IP connectivity and troubleshooting.
* System maintenance disaster recovery planning for NT, NOVELL, WIN95 and DOS systems.
Lourtec C.A. Caracas, Venezuela Jun 2002 - Jan 2004
(NON SAP) Network Administrator
* Installation and configuration of Windows NT, Microsoft Exchange and NOVELL networks. Installation and configuration of Active Directory Services.
* TCP/IP connectivity and troubleshooting.
SITEC, C.A . Caracas, Venezuela Jun 2000 - Mar 2002
(NON SAP) Security Administrator
* Developed Network Security Management.
* Setup access to internal resources, user permissions on Active Directory Services.
* Administered Microsoft ISA Server.
EDUCATION
B.S. Systems Engineer. University of Los Andes, Merida city, Merida, Venezuela.
Additional education
Training: SAP EP 6.0 Administration and Configuration at Prosoft Technology Group, Chicago, Il. 2004.
Certification: MCSE (Microsoft Certified Systems Engineer) at Microsoft Venezuela. 2001.
Certification: MCSA (Microsoft Certified Systems Administrator-Messaging) at Microsoft Venezuela. 2001.
Miscellaneous
- Authorized to work anywhere in the US.
- Available to travel as requested. Open to relocation.
- Multilingual English, Spanish (native), Portuguese.
References:
Available upon request.
Contact this candidate