Shwetha R
SAP Hana Security and GRC Lead
PROFESSIONAL SUMMARY:
Over 8+ years of experience with proven expertise in SAP Security & SAP Business Objects GRC Access control 10.0, 10.1 along with SoX/SoD audit experience.
Involved in Complete ERP security implementations, multiple enhancements and production support in mySAP ERP ECC 6.0, ECC 5.0, Net weaver 2004s, SAP R/3 4.7, lifecycles from Design phase to Post-implementation phase on different projects in Manufacturing, Automotive, Financial, Pharmaceutical and Service industries.
Strong experience at designing security for SAP R/3 Modules SD, MM, FI/CO, HR, PP, QM, IS-OIL, BW with exposure to new dimensional products SRM 5.0, CRM 5.0, SCM 5.0, BI 7.0, PI 7.0, EP 7.0, SAP S/4 Hana On Premise Edition 1511
Comprehensive experience at maintaining, formulating Security Policies and Procedures, User maintenance, Activity group/Role maintenance using profile generator (PFCG), security TCODES and Security redesign strategy.
Hands- on experience in GRC – Access Control module- Emergency Access Management, Access Risk Analysis, Access request Management, Business role management
Design, develop and implementation of SAP HANA Security
Knowledge on design, develop and implementation of SAP S/4 HANA Security
Preparation of training materials for End Users, Approvers, GRC Admins, Security Admins
Provide training for End Users, Approvers (User Managers, Role Owners etc.,)
Worked on Greenlight adapter implementation for communication between SAP and non-SAP systems
Experience in Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorizations for various landscapes using profile generator including position based Security.
Prepare, Design, Develop, Implementation of New Analysis Authorization Concept for BI Component.
Hands on experience in Support and Maintenance activities of SAP IDM Integrated with GRC and SUIM tool.
Extensive knowledge on Authorization Objects, User Tracing, SQL Tracing, ABAP/4 Dumps and Troubleshooting.
Experienced in working with Transports Management Systems (STMS) to transporting the changes between SAP R/3 client systems in multi landscapes.
Strong Experience and knowledge of security procedures for user administration and central user administration (CUA).
Experience with resolving segregation of duties issues (SODs) for Sarbanes Oxley (SOX) compliance and enforcing Internal Controls using Access risk analysis.
Be a SAP technical resource for security issues to the rest of the SAP staff
Have experience in GRC - Internal Auditing
Have supported a variety of user base ranging from 8k-25k
Had experience in Handling/Supporting Multiple Clients at a time.
Worked on SAP modules like ECC, BI, HR, FI, GRC 10.0,10.1 & SoX/SoD procedures
Perform analysis for reporting/audit requests
Strong Knowledge and Experience with SAP Authorization Concept, Roles, User Administration and SOD conflict resolution
Knowledge of fundamental security concepts such as firewalls, IDS, vulnerability assessments, SSL encryption, network topologies
Good analytical and problem solving skills for resolving Security issues.
Excellent communication, interpersonal, leadership, Documentation, troubleshooting skills and flexible and ability to work in a team environment.
Proficient in using Microsoft Office tools – Word, Excel, PowerPoint, Visio for preparing training documents and presentations
Provided 24/7 On-call Support
Have knowledge on Basis Support Projects.
EDUCATION
Bachelor of Engineering (B.E.), JNTUniversity
CERTIFICATIONS
Won SAP ACE award 2011 for Compliance in Infosys
WORK EXPERIENCE
Hasbro Sep, 2016 – Present
Providence, RI
SAP Hana Security and GRC Lead
Solely responsible for all the heads-up/meetings with the client on a day to day basis.
One full lifecycle GRC Implementation, Ruleset design, Risk ID preparation, SOD Control Re-Engineering
Conduct meetings and workshops to discuss and demo solution functionality that best suits the customer
Draft project plan and process design documents to cover all functionality offered vs. what is needed
Workflow configuration, customization and Integration of GRC components such as Access Request management(ARM), Emergency Access Management (EAM), Access Risk Analysis(ARA) and Business Role Management(BRM)
Worked with the SOX team to discuss implementation strategies for custom transactions and programs and to enable/disable ruleset objects as required and approved
Configured MSMP and BRFPlus logic to enable workflow usage as an add-on to the existing design. This BRFPlus logic was setup to support multiple levels of approvals driven by request types and conditions contained within the request
Created and uploaded custom rule set for GRC ARA (Access risk analysis)
Determining and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID and addition of any Authorization object or tcodes to roles
Reviewed critical and sensitive authorizations, implementing improvements to meet audit requirements, made suggestion for security policies and standard/best practices.
Customized Rule creation for SOX audit tool SAP GRC ARA for action and permission level SOD violations in roles for various business processes and functions.
Recommended and created mitigation controls in SAP GRC
Worked with business managers in changing SAP roles and ensuring appropriate work flows in GRC Access request management
Extensively involved in role design/implementing/testing for Admin, Support and Business Roles
Analyzed usage of emergency Super users in Firefighter (FF)
Created and assigned Firefighter Controllers and Owners
Assigned super user roles to the users for emergency access & monitored & audited their activities in GRC 10.1.
Adhered to Emergency Access Requests (FF) procedures to ensure client's audit requirements are fulfilled and also provide the requested access to the customer as per the Service Level Agreement (SLA).
Worked with SAP for GRC Access control OSS issues
Lead GRC testing working with the test coordinator while being responsible for managing both Integration testing and UAT test cycles
Monitored test scripts and document test objectives, approach, and detailed plan
Identifying testers, aligning tester schedules for testing workflows, control testing and SOD tests
Make use of Role Creation [Role Change Request] form in order to create a new role or make changes to an existing role; Change Request Board approvals mandatory for transports, Simulate the role using GRC before moving the changes to quality environment.
Worked with Service now for ticketing purposes
SAP HANA Security:
Experience on SAP HANA security using XS Administration
Experience on design, develop and implementation of SAP hana security role design
Experience on provision/de-provision of SAP HANA access in Runtime as Admin
Experience on Integration of HANA with SAP GRC using HANA Plug Ins
Configure and provisioning to HANA DB and Applications
Assigned privileges to users in Hana
Worked on SAP BW on hana Security like creating DB users and checking consistency for users, assigning roles and generating authorizations in hana system
Created analytic privileges for BW analysis authorizations
N3twork Inc, Jan, 2016 – Aug, 2016
Maryland
SAP Security and GRC Lead
Single point-of-contact and solely responsible for all the heads-up/meetings with the client on a day to day basis.
Design, implement and optimize the SAP compliance solution to effectively support user management and reporting functionalities provided by GRC10 across various landscapes
Lead the compliance initiative, analyze and implement security controls in the user access administration space, streamline segregation of duties reporting, and change & release management
Implement Org Level rules to enable reporting by locations and weed out false positives provided by generic rule-sets
Support segregation of duties analysis and coordinate with business and IT stakeholders around user role definition and security design
Improvised reporting by implementing Emergency Access Review, User Access Review workflows and approval notifications
Identify and help apply corrective notes, report and work with SAP on issue resolution and upgrade support packs as approved by project management
Implemented AC10.1 Access Request Workflow to enhance the company's upgraded GRC system with additional functionality
Conduct meetings and working session workshops to discuss and implement the approved design
Draft design documents to cover all functionality configured for ongoing support
Built complex usage of multiple custom document objects using standard same message class and building custom notification template id's.
Workflow configuration, customization and Integration of GRC components such as Access Request management(ARM), Emergency Access Management (EAM), Access Risk Analysis(ARA) and Business Role Management(BRM)
Assigned super user roles to the users for emergency access & monitored & audited their activities in GRC 10.1.
Responsible for Security issues like creation of Roles (Single roles, Composite roles, Derived roles), Authorization Objects, and Assigning Roles to Users as per Documents provided by Management
Worked on Greenlight adapter implementation where it is created under HTTP connections to external servers and maintained connector and configuration settings in GRC
Used LSMW scripts for creating users, roles in the system
Had experience with USMM and license workbench
Extensively involved in role design/implementing/testing for Admin, Support and Business Roles
Determining and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID and addition of any Authorization object or tcodes to roles
Monthly users & roles analysis report using AIS & SUIM reporting
Managing user login and password resetting
CapGemini Jan, 2012 – Nov, 2015
Project 1: Atwood Oceanics
Texas
SAP Security and GRC Lead
Working as a single point of contact between the client and the offshore Security team.
Solely responsible for all the heads-up/meetings with the client on a weekly basis.
Used to analyze and maintain passwords in SAP notes recommendations in Early Watch Analysis (EWA).
Worked with SU01, PFCG, SU24, SU25, ST01, SU53, SU10, SE10, STMS_IMPORT etc.
Perform General System Monitoring of SAP security related to user administration
Worked with GRC Access Control Module - GRC 10.1
Mitigation and remediation of users and roles for SOX using User/Role Analysis in ARA.
Created function ID’s and Risk ID’s, Generated rules, Analyzed SOD violations, Mitigation control maintenance, and Alert monitoring for Risk Analysis and Remediation (RAR)
Made controlled modifications to rule set to reflect company’s true risks
Mitigated risks that could not be removed using mitigating controls
Scheduled periodic GRC jobs for SOD violations and Fire Fighter Logs
UME Role Creation for GRC Process, GRC User Access Management in UME
Created, configured and maintained Firefighter ID, roles & log reviews
Analyzed usage of emergency Super users in Firefighter (FF)
Created and assigned Firefighter Controllers and Owners
Have done Analysis Authorization in SAP BI to migrate the roles from 3x to 7x
Good working knowledge of AGR*, USR* tables
Worked on HR Security like linking the UserID with the PERNR, terminating the users based on their status. Also has experience in dealing with HR tables like PA0105, PA0001, PA0002, PA0000 etc
Created roles for SAP Basis, HR, FICO functional teams according to the requirements
Work with HR business process owners to build SAP authorization assignments and facilitate resolutions on segregation of duties (SOD) conflicts.
Created BP employees and assigned SU01 users to employees in T-code BP
Implemented Business partner security in CRM, SRM using authorization objects
Created Spending limit and approval limit roles for various geo’s in SRM
Created central goods receiver roles and buy on behalf roles for the users in SRM
Also had knowledge on SAP Hana Security
Worked on ticketing tool –Remedy to resolve the issues & problems in different kinds of Sap Security modules
User Access Provisioning Management
Skills
GRC 10.1, SAP security – ECC, HR, BW, SRM,
Project 2: GulfMark
SAP Security & GRC Administrator
SAP authorization troubleshooting (SU53 & ST01)
User Administration in all SAP Landscapes like Development, Quality, Staging and Production
A single point of contact between the client and the offshore Security team.
Solely responsible for all the heads-up/meetings with the client on a day to day basis.
Assigned super user roles to the users for emergency access & monitored & audited their activities in GRC 10.1.
One full lifecycle GRC Implementation, Ruleset design, Risk ID preparation, CAD architecture configuration, SOD Control Re-Engineering
Workflow configuration, customization and Integration of GRC components such as Access Request management(ARM), Emergency Access Management (EAM), Access Risk Analysis(ARA) and Business Role Management(BRM)
Responsible for Security issues like creation of Roles (Single roles, Composite roles, Derived roles), Authorization Objects, and Assigning Roles to Users as per Documents provided by Management
Created roles for SAP HR module–with the restrictions in P_ORGIN, PLOG, P_PERNR etc..
Strong experience in implementing and working with security with SAP HR module including Structural Authorizations including ESS & MSS and Position Based Security (PBS)
Created Structural authorizations using OOSP and maintained them using OOSB in SAP HR and BW systems
Also worked on SAP HR issues using PA20, PA30, PO13
Provide primary SAP Security support through daily operations for the SAP Net weaver, Recruiting, Portal & Solution Manager
Perform analysis of authorization issues in all SAP Systems.
Communicate and translate SAP HCM authorization requirements among business process owners.
Work with HR business process owners to build SAP authorization assignments and facilitate resolutions on segregation of duties (SOD) conflicts.
Ensuring that business roles does not have access to following basis critical authorization objects, S_TABU_DIS, S_PROGRAM, S_DEVELOP, S_USER*, S_CTS_ADMI, S_ADMI_FCD, S_BTCH_ADM, S_BTCH_JOB, S_BTCH_NAM, S_RS_AUTH and many others.
Enterprise Portal 6.0
Created project member roles for system administration, content administration etc.
Performed user administration activities such creating user ids, copying user ids, assigning roles, assigning groups etc.
Created mass user ids using the export and import method
Created groups and assigned roles and user id to groups.
Skills
GRC 10.1, SAP security-ECC, HR, BW, Enterprise Portal
Project 3: Nobel Bio Care (NBC)
SAP Security Consultant
User Access Provisioning Management
Modified existing parent and derived roles based on new business requirements
SAP HR user data maintenance & structural authorization maintenance/T&E access.
Also created Client specific customized roles for SAP standard roles and used to work on CHARM management which is a customized tool created for creating Transports in the System
SU24 object transaction maintenance
Coordinated with the BASIS team on CUA issues such as delinking clients and setting them up during system refreshes
Recommended and implemented values for profile parameters for controlling password rules, logon rules, established monitoring process for inactive users unsuccessful logons.
Created, maintained, and released transport request
Troubleshoot Authorization Errors using Transaction Code SU53 and ST01
Created VB Scripts, ECATT Script for mass activities such as creating users, assigning roles to users, assigning user groups to users
Worked with table authorizations and created new table authorization groups in SE54 to protect tables
Validate the authorization concept before and after upgrade
Perform SU25 tasks (2A, 2B, 2C and 2D) after upgrade
Identify list of transactions/authorizations effect from upgrade
Restricted access to SE16/SM30 by creating table specific custom transaction codes to the table using SE93.
Also used Basis tcodes like SM59, BD87 for RFC Connections, for checking IDOCs etc
Worked on creation of Client specific job roles which involves the integration of GRC, IDM and SUIM in one Central system
HR Authorizations:
Interacted with HR Business team to gather requirements for strategizing and implementation of HR authorizations
Maintained Structural Authorizations profiles using Transactions OOSP
Assigned the Structural Authorization Profile to positions (Infotype 1017) using T-code PO13.
Used the Report RHPROFL0 to create authorization profile assignments for users in an organizational structure
Worked with HR master data personal number check object P_PERNR to check authorizations for personal data.
Used the Object P_PYEVDOC to protect actions on payroll posting documents.
Worked with infotypes 0000, 0002, 0003, 0007 0008, 0009 and their associated tables PA0000, PA0002, PA0003, PA0007, PA0008 and PA0009.
Implemented security for HR module at Personnel Area, Info type levels and Employee Group level.
Integrated Logon user names and Personal Numbers and Positions for all HR Organizational management.
Environment: SAP R/3 ECC 6.0, FI/CO, HCM, NetWeaver 2004s (EP 6.0,SRM 5.0, SCM 5.0) Windows XP, Solution Manager
Project 4: Philadelphia Energy Solutions (PES)
SAP Security Administrator
Built roles for Admin (Security, Basis, and BW team) and functional support team
User Management like user creation, user termination, users locks etc
Interacted with the Role owners and the team leads for maintaining the correct restrictions on the Transaction codes and the activities within the Transaction codes
Worked on SAP HR, BI security
Extensively used Automatic Profile Generator (PFCG) to create and maintain Parent and Child/Derived roles and to upload and download of roles
BW Security:
Setup BW security for user roles (query users, administrative users and data extraction users)
Created Custom Reporting Authorization Objects using transaction RSSM.
Setup security at the Info Object level (field-level security)
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Troubleshoot authorizations related problems using ST01
Created Analysis Authorizations for upgrading the systems from BI3.0 to BI7.0
Built authorizations to grant access to data on various levels of detail
Setup security at the Info object level (field-level security) and key figure level
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Built analysis authorization in RSECADMIN and inserted them in the role using S_RS_AUTH.
Troubleshoot analysis authorizations related problems using RSECADMIN.
Environment: SAP R/3 ECC 6.0, FI/CO, HCM, NetWeaver 2004s (EP 6.0, BI 7.0, SRM 5.0, CRM5.0) Windows XP, Oracle and Solution Manager 4.0
Infosys April, 2010 - Oct, 2011
SAP Security Administrator
Creating Users based on request.
Assigning additional roles to the existing users.
Creation/Deletion of Users accounts based on the type with requested access after appropriate approvals
Locking and changing the validity date for the expired users
Performed User comparison in PFCG
Resetting Passwords for users and intimating password policy.
Addition, Removal of Transaction Codes, authorization objects by modifying existing roles based upon change request
Created Composite roles based upon request
Performed Transportation of newly created roles/ modified roles
Analyse missing authorizations based on SU53 screen shot sent by the user.
Central User Administration (CUA)
Recommended strategy and Implemented Central User Administration (CUA) within R/3, BI and Solution Manager Non-production systems.
Created eCATT scripts for creating mass users from central client.
Troubleshoot CUA relates problems using transaction codes such as SCUA, SCUL, SUIM etc.
Coordinated with the BASIS team on CUA issues such delinking clients and setting them up during system refreshes
Resolved production support tickets related to roles, User Access issues in Solution Manager
Created Service users for maintenance of CCM catalogs roles.
Environment: SAP R/3 ECC 6.0, CUA, HCM, NetWeaver 2004s (EP 6.0, BI 7.0, SRM 5.0) VIRSA, Windows XP, Solution Manager 4.0
Tech Mahindra June 2008- Feb -2010
India
SAP Security Analyst
SAP authorization troubleshooting (SU53 & ST01)
User Administration in all SAP Landscapes like Development, Quality, Staging and Production
Responsible for Security issues like creation of Roles (Single roles, Composite roles, Derived roles), Authorization Objects, and Assigning Roles to Users as per Documents provided by Management
Had experience with USMM and license workbench
Extensively involved in role design/implementing/testing for Admin, Support and Business Roles
Extraction of data (AGR_1251, AGR_USERS, AGR_1016 and joining of two or more tables) from SAP production systems for audit reporting
Created roles for SAP HR module–with the restrictions in P_ORGIN, PLOG, P_PERNR etc.
Strong experience in implementing and working with security with SAP HR module including Structural Authorizations including ESS & MSS and Position Based Security (PBS)
Created Structural authorizations using OOSP and maintained them using OOSB in SAP HR and BW systems
Skills:
ERP SAP R/3 4.0B, 4.5B, 4.6B, 4.6C, 4.7, ECC 5.0, ECC 6.0
Modules SAP security, GRC 10.0, GRC 10.1, SD, FI/CO, HR,BW
Interfacing technology ALE, IDOCS, RFC, LSMW
SAP NetWeaver SAP EP 6.0, BI 7.0, CRM 5.0, SRM 5.0, HCM
Programming Languages C, C++, Java, SQL, PL/SQL, HTML 4.0, Java Script
RDBMS Oracle 8i/9i/10g
Operating Systems Windows NT/98/2000/XP/Vista, UNIX, LINUX
Office Tools MS Word, MS Excel and MS PowerPoint