Certified SAP Security and GRC Consultant
Resume:
Siva Matta
Ph: 973-***-****
ac1r3a@r.postjobfree.com SAP GRC Controls and Security Certified Architect
Professional Summary:
With an industry experience of having 11 years, I have been working as a Solution Architect on SAP GRC/Security for over 11 years along with GRC implementations and have recently completed 6 (SIX) - GRC AC/PC/RM-10x implementations as a one-person team for some of largest GRC US customers along with multiple large-scale SAP Security implementations hands-on. The GRC implemented components - Emergency Access, Access Risk Analysis, Access Risk Management, & Business Role Management, Manual/Automated Controls, Policy Management, Surveys and Control design assessments amongst other things like BRF-Plus, MSMP Workflows etc and exposure on RSA Archer.
While implementing GRC, liaised with SAP labs to assess GRC AC10x Access Control design and functionality to support HR integration for use of trigger functionality, reviewing the User Interface for an enhanced User Experience prior to product’s general availability.
Have completed multiple security deployment and SOX 404 audit compliance on SAP ECC: databases – SQL and Oracle for the following functional areas and modules in SAP namely SD, MM, PP, FI/CO, BI, SRM, SCM, PI, CRM-6.0, HR, PM, CO, MDM, MDG, HANA, Solution Manager, Enterprise Portal, GTS & GRC 5.2, 5.3, 10.0 Access Control & Transport Connect along with all new dimensional products offered by SAP. Worked on SOX Audit Preparation on SAP systems and provided consultation and remediation on SOX 404 compliance findings.
Made recommendations on best practices and helped customers understand the need of monitoring password usage through failed login attempts, changes and resets along with last-used/changed and helped them define monitoring procedures on the Standard Operating Procedures document. Conducted SOX 404 analysis and privileged access cleanup along with remediation related to the annual audit and control findings.
In summary, most new and upgrade GRC projects undertaken have required work on SOX 404 where SAP may have already been in use and authorization risks extensive. Such work required a pre-analysis of what was assigned, what assignments collectively constituted risks, what the usage frequency of these risks were while providing time estimations for what it would take to remediate or mitigate going forward.
Work experience of 10 years specializing in information technology and various other business areas like Insurance, Banking, Retail, Public Sector, Oil and Gas, Automotive, pharmaceuticals, manufacturing, shop floor processing, sales & distribution, inventory control, Education and Financial Services.
Worked on assisting System Integrators put together RFP’s for GRC and Security Implementations while presenting to end-clients.
Experienced with R/3 releases versions 4.6c through ECC5.0 & ECC6.0 Netweaver on various modules like MM, PP, SD, FI, CO, PS, PI, BI, BW, HR & CRM, Solution Manager Security, Identity Management (IDM) Integration and Enterprise Portal knowledge.
Performed SAP Security related task such as Role development using Profile Generator, Activating-setting up Profile generator and upgrading, Corrections and transports.
SAP Identity Management deployment in a Regulatory Environment. Train all Security User Administrators and Local Security Stewards on new security process. Connect to all Production, Dev, and QA systems.
SAP User Administration: Create and maintain role groups in IDM and GRC/CUP. Maintain User accounts and ensure all security access is assigned without SOD conflicts.
Hands-on strong experience with working on profiles, authorizations and objects for access management and authorization control.
Experienced and strong with Security Audits, SOX Section 404 compliance and Audit Information System. Used SAP audit transactions and configured audit and reporting through SM18, SM19 & SM20.
Implemented and performed multiple IT compliance and security controls in the space of user access administration, segregation of duties, and change & release management.
Spearheaded and managed IT Risk and Compliance improvement projects; Coordinated with stakeholders at all levels for timely and effective implementation and ongoing maintenance of IT Risk and Compliance activities.
Implemented most projects as a Solution Architect while drafting Business Blue Prints, Project Planning, providing a sustainable Technical Architecture to support Functional Requirements and driving it successfully through Realization and Post-Implementation Support.
Supported business and IT segregation of duties analysis and maintained coordination with business and IT stakeholders around user role definition and security design.
Lead business discussions in streamlining business user authorization process and recommend user roles based on leading IT Risk and Compliance and Sarbanes-Oxley practices.
Held business discussions in improving control processes and recommend best practices for overall process improvements
Experienced with reading ABAP code to analyze authority checks and calls with programs.
Extensively used and proficient administered third party utilities and tools like Transport Connect, RBE, VIRSA (VRAT, Compliance Calibrator & Access Enforcer), SAFE (PWC) and KPMG tools to analyze assigned access, to simulate and monitor user authorizations and reporting.
Strong ability to diversify and understand new technologies and applications and grasp them in order to stay in tune with the tech sector and its requirements and Exceptional communication & interpersonal skills.
Work Experience
SAP GRC and Security Lead Consultant
Cooper Tire and Rubber Company, Findlay, OH Jan’16 – Till date
Responsibilities/Deliverables:
Implemented GRC AC10.1, Configured GRC AC Emergency Access Management (EAM), Access Risk Analysis (ARA) and Access Request Management (ARM) components.
Configured MSMP workflows for addressing various user request types in Access Request Management.
Successfully integrated LDAP active directory with SAP GRC Access control system.
Configured the MSMP Firefighter log report workflow for getting the logs to firefighter controllers.
Successfully implemented various MSMP Mitigation control workflows like mitigation control setup and assignment.
Configured various BRF+ rule kinds like Initiator rule, Agent rule, Routing rule and Notification and variable rule.
Successfully configured User Access Reviews (UAR) for assessing the user’s access in all production environments.
Security Responsibilities:
Analyzed security design in ECC, CRM, BI, BOBJ, and HANA provided recommendations for improvement.
Prepared HANA Security design document with Client’s role naming convention standards.
Designed and Build HANA Business, Non-Business roles and Analytical privileges in HANA Studio.
Set up UAT test users to test out HANA security roles.
Implemented Dynamic analytical privileges concept by using custom authorization table and custom stored procedures.
Implemented design time role concept to well organize the HANA custom roles.
Used delivery unit concept to transport HANA Design time roles across HANA landscape.
Designed XS engine HANA application roles (ICAT) and designed Portal roles to access the XS application links from Client's portal.
Involved in creation of CRM Role matrix for new CRM roles with the help of Business process owners without any SOD violations.
Created Various Business roles as per the business requirement.
Created and maintained the various PFCG roles and their authorizations and assigned various services based on customer requirement
Assigned multiple positions to users by using organizational management approach.
Assigned Business Roles to position in CRM by following different approaches.
Created Various Value based analysis authorizations and Hierarchy level analysis authorizations for HR Specific Characteristic values in BI environment.
Worked on HR position based security like creating authorization profiles and restricting access by using authorization objects P_ORGINCON.
Worked on MDM repositories and created users and worked role setup.
Worked on MDG environment and setup roles and worked on Web dynpro Applications adding in to roles and worked on NWBC authorizations in MDG system
Created and maintained BI Reporting roles and Analysis authorization roles.
Built Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Troubleshoot authorizations related problems using RSECADMIN
Set up BOBJ security and authorization concept at folder level.
Set up authorization / security at info cube / info objects and creating new analysis authorizations
Worked with portal user / role administration.
Gathering business requirement to setting up BOBJ/ BI security with analysis authorization
SAP GRC Access and Process Control Lead Consultant
SPX Corp, Charlotte, NC Oct’14 – Dec’15
Responsibilities/Deliverables:
Implemented GRC Process Control 10.1 and Gathering inputs from Business for designing of automated controls.
Configuring the Process Control system as per the client requirement.
Building of Data Sources and Business Rules which included sub scenarios like Configurable and ABAP Reports.
Creating of Master Data – Regulations, Business Process Hierarchy, Organizations, Risk Templates
Used MDUG for mass uploading of Master Data into the system.
Worked on First Level and Second Level Authorization concepts
Creation of Surveys, Questions and Manual Test Plans
Involved in Planning, Implementation & Support of Security administration for a complex and well integrated SAP landscape with ECC 6.0, BI 7.0, and BOBJ, CRM, SRM and MDM securities.
Worked on GRC Access Control components like Access Risk Analysis, Emergency Access Management and Access Request Management.
Implemented BOBJ 4.1 Security for Universe / Folders / Groups in CMC console.
Imported BI ABAP roles to SAP Business Objects Enterprise systems.
Worked on internal SAP Security controls. Provided Knowledge Transfer to SAP Security team members on various SAP Security controls.
Created new roles in MDM repository as well as perform user administration activities in MDM system.
Created new ECC Derived roles based upon the company codes as part of the Japan and Nordic regions releases.
Created various Analysis authorizations roles in BI system as part of release project.
Created and maintained users for various consoles in BPC system.
Involved in regular support activities along with the support team.
SAP GRC Access Control Lead Consultant
Atmel Corporation (Microchip), San Jose, CA Apr’14 – Sep’14
Responsibilities/Deliverables:
Designing Implementation guidelines for all four products under the SAP GRC Access Controls 10.1.
Software installation guidance to Basis team & Blue print Designing and Post installation & Base line Configurations
BC sets activation for Rules and Guiding Basis to installation of Migration tool
Data export using migration tool & Data Validation after Migration.
Creation of functional specifications of applications which were integrated to SAP GRC and providing technical requirements for the same
Involved in master data management, risk documentation & analysis, preparing UAT scripts, SOP documentations for business & core team users, and strategy documents for future phases.
Expertise in analyzing and translating business requirements into technical specifications in collaboration with application developers
SAP Identity Management for a global SAP implementation. Provide SAP IdM integration with Active Directory.
SAP Portal and ECC systems and Provide IdM implementation strategy, and integration architecture and road map.
Involved in project plan preparation, review at critical points, and regular status reports for senior management.
SAP GRC Access Control Lead Consultant
TiVo, San Carlos, CA Aug’13 – Mar’14
Responsibilities/Deliverables:
Implemented GRC AC10.0, Configured GRC AC Emergency Access Management (EAM), Access Risk Analysis (ARA) and Access Request Management (ARM) components.
Configured MSMP & BRFplus logic to enable workflow usage as an add-on to the existing design. This BRFplus logic was setup to support multiple levels of approvals driven by request types & conditions contained within the request.
Conduct meetings and working session workshops to discuss and implement the approved design
Draft design documents to cover all functionality configured for ongoing support
Work with the technical development teams to create custom function modules to enhance standard functionality to fit the complex cross process-id usage requirement.
Built complex usage of multiple custom document objects using standard same message class and building custom notification template id's.
Integrate SAP IDM 7.2 with GRC AC 10.0 for Centralized User Provisioning across multiple systems
Acted as Liaison with internal & external Audit teams to establish and review various SAP instances & implement improvements & risk remediation to meet audit requirements
Security Responsibilities:
Involved in Planning, Implementation & Support of Security administration for a complex and well integrated SAP landscape with ECC 6.0, BI 7.0, and BOBJ, CRM and SRM Security.
Design and Implement Business Objects (BOBJ) Security.
involved in BOBJ administration, creating user groups, linking back end BI roles to user groups, troubleshooting real time issues in BOBJ
Worked on BI Security creating, maintaining Analysis Authorizations using RSECADMIN tool.
Troubleshooting BI authorization related problems using RSECADMIN, RSD1 and RSA1 T-codes.
Performed unit testing and system integration testing for the newly created & Modified Roles.
Coordinated overall UAT testing of the Re-Design Security project.
SAP GRC Access Control Lead Consultant
AIG Insurance, Jersey City, NJ May’12 – July’13
Responsibilities/Deliverables:
Performed complete migration from Virsa 3.0 to GRC 10x and Virsa 4.0 to GRC 10x
Performed the required post installation steps GRC Access Control 10 Suite.
Build a connection in between all Backend systems and GRC system by setting up connectors, Connector groups and maintaining target connectors information’s in each groups.
Created various Mitigation Controls for mitigating the Risks based on Business process and maintained the Mitigation approvers and Mitigation Monitor.
Scheduled various synchronization jobs for fetching the backend data to GRC system for ARA and EAM components.
Created and Maintained Various Risks and Functions based upon the requirement comes from the business.
Performed Emergency Access Management configuration in GRC AC system like setting up FF user id’s, FF owners and FF controllers.
Configured MSMP workflows for addressing various user’s requests types in ARM.
Successfully created various custom notification templates to meet the business requirements.
Successfully Integrated LDAP with GRC Access Control system
Configured the MSMP FF Log Report workflow for getting the Logs to FF Controller
Scheduled Firefighter log synchronization jobs for pulling the Firefighter log.
Determine cause and find solution to a variety of GRC issues in Access Risk Analysis and Emergency Access Management.
Develop SoD rules based on audit findings and recommend best practices to client.
Attend customer meeting with business stakeholders to understand their business requirements and provide solution designs.
Conducted User Acceptance testing and Train the trainer sessions
Conducted sessions to IT team regarding the best practices of job scheduling
Security Responsibilities:
Worked BIW to BI upgrade from BIW 3.5 to BI 7.0
Make the BI system ready for Analysis Authorizations specific environment.
Handling end user day to day BIW security support.
Creating Reporting roles and Authorization roles in BIW systems.
Creating new BIW authorization objects based on the business requirements.
Adding / deleting the reports and their technical names to / from Reporting roles at various authorization objects.
Set up authorization / security at info cube / info objects and creating new analysis authorizations
• Worked with portal user / role administration.
Built Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Troubleshoot authorizations related problems using RSECADMIN
SAP GRC Access Control Lead Consultant
Schneider Electric, Charlotte, NC June’10 – Apr’12
Responsibilities/Deliverables:
Led the Role Redesign project on ECC and CRM to address large number of SoDs within SAP security roles.
Build a connection in between all Back end systems and GRC system by setting up connectors, Connector groups and maintaining target connectors information’s in each groups.
Created and Maintained Various Risks and Functions based upon the requirement comes from the business.
Created various Mitigation controls as per the audit requirements.
Performed Emergency Access Management configuration in GRC AC system like setting up FF user id’s, FF owners and FF controllers.
Scheduled Firefighter log synchronization jobs for pulling the Firefighter log.
Determine cause and find solution to a variety of GRC issues in Access Risk Analysis and Emergency Access Management.
Develop SoD rules based on audit findings and recommend best practices to client.
Implement role changes based on SoD findings.
Created new roles in MDM repository as well as perform user administration activities in MDM system.
Created new ECC Derived roles based upon the company codes as part of the Japan and Nordic regions releases.
Created various Analysis authorizations roles in BI system as part of release project.
Created and maintained users for various consoles in BPC system.
Involved in regular support activities along with the support team.
CRM Implementation Responsibilities:
Involved in creation of CRM Role matrix for new CRM roles with the help of Business process owners without any SOD violations.
Created Various Business roles as per the business requirement.
Created and maintained the various PFCG roles and their authorizations and assigned various services based on customer requirement
Assigned multiple positions to users by using organizational management approach.
Assigned Business Roles to position in CRM by following different approaches.
Provided extensive support in hyper care period for various rollouts.
SAP Security/GRC Consultant
Carlsberg Group, Denmark Apr’09 – May’10
Responsibilities/Deliverables:
Compliance Calibrator (RAR), Access Enforcer (CUP), Firefighter (SPM) and Role Expert (ERM).
Documenting the whole strategy to be followed for the Implementation.
Mapping all the functionality/practical scenarios for which the tool can be used in the production environment as per the functional/organizational requirements
Identification of the transactions and authorizations necessary for the threat & Building of T-code & SOD object rules to discover the threat. Confirmation of Rules built, through analytical & MIS reports.
Successfully handled fine tuning and implementation of critical functionalities like User exits, cross integration of Access Controls applications, configuring Firefighter backend reports etc.
Created and maintained new company codes in GRC CUP system for new release countries.
Maintaining the CAD approvers in GRC CUP system during release 3 project and support activities.
Updating the Functions and Rule sets in GRC RAR as per the business requirements.
Periodic review of Mitigation control and inform the control owners on the changes and expiration
Define critical transaction access and defined custom SOX relevant SOD rule set in SAP GRC and review all custom transaction code and suggested appropriate authorization object
Customizing & uploading SAP default rule set based on requirement.
Firefighter logs and Audit logs, Firefighter login notification and Streamlined the firefighter access.
SAP Security/GRC Consultant
George Weston Foods (GWF), Australia Feb’08 – Mar’09
Responsibilities/Deliverables:
Designing the SOD compliant GRC roles by using the Segregation of duties matrix in ECC, SRM and Venus systems.
Created Business Authorization Matrix for various modules in ECC and for purchasing module in SRM as well as Venus systems.
Developing and maintaining the SAP security process design documentations during the implementation phase.
Created a core solution in ECC and SRM for enhancing/deploying the same solution to various delivery units.
Followed SAP best practices for creating master, derived and composite roles in various systems.
Created new master and derived roles as per the business authorization matrix without any SOD violations.
SRM Implementation Responsibilities:
Involved in end to end SRM Security rollouts for various countries.
Involved in creation of SRM Role matrix for new SRM roles with the help of Business process owners without any SOD violations.
Created new SRM roles as per the Rule codes mentioned in Authorization Matrix.
Activating the BBPSTART services for enabling the end users WEBGUI logon without any intervention.
Created new derived roles based upon the Organizational value, purchasing organization for various countries.
Assignment of attributes and value limits to user using PPOMA_BBP.
Provided extensive support in ELS phase of the all rollouts for various countries.
SAP Security/GRC Consultant
Southwest One, United Kingdom Apr’07 – Jan’08
Responsibilities/Deliverables:
Handling all security issues and providing security support on timely manner along with attending regular security team calls.
Streamlined most of the SRM roles by restricting at organizational values like purchasing organization.
Allowing fixed supplier fields for Employee and Requisitioner roles in SRM system.
Created Various Value based analysis authorizations and Hierarchy level analysis authorizations for HR Specific Characteristic values in BI environment.
Created and maintained BI Reporting roles and Analysis authorization roles.
Allowing fixed supplier fields for Employee and Requisitioner roles in SRM system.
Restricting the Info types at various Authorization profiles level, personal area level and sub type levels in HR area.
Maintained various roles in HR system and Setting up Idoc movement jobs from CUA system to child systems.
Built and troubleshooting Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
SAP Security Consultant
Lexmark, Lexington, KY Jul’06 – Mar’07
Responsibilities/Deliverables:
Modify customer menus as needed per security requirements
Creating a New Organizational Values to restricting users at different plant levels.
Creating Parent roles and their Derived roles and maintaining Organizational values as per the business requirements.
Creating the new authorization Groups and maintaining these groups in roles.
Providing the limited access to various Business Tables at S_TABU_DIS authorization object level by using authorization groups.
Extensively working with CUA (Central User Administration) to process requests such as creation of new users, change of role assignments to existing users, deletion/lock of terminating user and several other day-to-day operations relevant to the user administration.
Analyzing missing authorizations based on screen shot sent by the user.
Handling end user day to day BIW security support and Creating Reporting roles and Authorization roles in BIW systems and creating new BIW authorization objects based on the business requirements.
Adding / deleting the reports and their technical names to / from Reporting roles at various authorization objects.
Education:
Master of Computer Applications (M.C.A) from Osmania University, India.
Bachelor of Science (B.Sc. Computers) – Kakatiya University, AP, India.
Certified in SAP BusinessObjects GRC Access Control 10x.
ITIL V3 (IT Infrastructure Library) certified consultant.
Contact this candidate