SAP GRC/Application Security Consultant
Information Systems Security Security Admin IT Controls Audit & Compliance
John is a team-oriented SAP Security and GRC Professional with strong analytical, problem solving, communications, business development and great interpersonal skills. He has a career history of over 6 years of combined experience in Information Systems Security, Governance, Risk and Compliance (GRC), SAP Application Implementation, Finance and General Management. Well endowed with sound knowledge and hands-on experience and project management skills in all stages of systems development efforts including requirements definition, design architecture, testing and post go live support using best practice standards.
John has successfully managed and delivered multiple full life cycle of SAP security and GRC implementations, managing teams in both onshore and offshore settings. He has extensive experience in costing, scheduling, managing and executing projects from inception to go-life.
Engagements Performed
SAP Security and Controls
Information Systems Audit
Change Management
Governance, Risk & Compliance
Segregation of Duties
Risk Assessment/Impact Analysis
PROFESSIONAL EXPERIENCE
SAP Security Design
Security Design Remediation
Security Design Risk Mitigation
APPSCOMPLIANCE LLP
Role: Senior Specialist, Security & Controls
Various Industries 2013 - Present
Worked with the business to identify and validate functional roles and the to-be system roles and related activities within SAP before deployment into the system.
Worked with respective application SMEs to translate functional role activities to technical transactions codes within SAP and created both functional and technical design document.
Designed and configured custom roles (PFCG) such as master, derived and composite roles based on approved functional and technical design documents.
Performed smoke testing to validate configured roles and worked with SMEs during system integration testing and troubleshoot and resolved security related issues using SU53 and ST01.
Helped with restriction of Orgs and Non - Org authorization values in master and derived roles.
Worked on Role creation and/or modification based on UAT issues logged including complex restrictions of unauthorized activities and transactions.
Assisted with User administration tasks such as direct assignment of roles to users using PFCG and SU01.
Creating User groups and assigning users to groups and maintenance of mass users using ECATT and SU10
Mitigating and remediating roles based upon change requests.
Generating reports for user specific needs using SUIM transaction code
Maintenance of Authorization Objects using SU24
Working on Remedy ticketing tool and resolving all user incidents
Developed solutions surrounding system administrator functions such as evaluating user access, and segregation of duties analysis at the user, role and activity levels.
Performed post Go-live support by troubleshooting user related issues, leveraging SU53, ST01, SU24, and SE16 transaction codes when appropriate.
GRC SME and Functional lead for global implementation of SAP Access Control ARA and EAM
Performed SoD checks for all PRD users using the Access Risk Analysis toolset.
Primary responsibilities were centered on SoD rulesets review, updating rules to reflect audit deficiencies, process improvements and recommending best practices where appropriate.
Tailored SoD policies based on client’s business process and validated SoD rulesets with key decision makers before deployment into ARA.
Analyzed Risks, based on issues detected, investigated and excluded identified false positives and worked with business process owners on risks and identified and reported interpretations.
Recommended ways to remediate and proactively mitigate against identified risks at the Role Design and User Assignment levels.
Involved in all clients’ environments (Development, Test/UAT and Production) and provided best practice for change management and SoD rulesets promotion in respective landscapes.
Applied advance mitigating control by deploying EAM for privilege and super user access monitoring.
Performed audit related activities using SUIM, SE17 and SA38 to review reports and provide information to internal audit.
NIGERDOCK PLC
Role: Project Engineer and GRC Admin 2011 – 2013
Project Engineer
Monitored project schedules and plans for all fabrication and installation activities.
Assigned projects and tasks to employees based on their competencies and specialties.
Followed through with competent execution of project plans by providing proper tools and equipment to all construction personnel.
Coordinate with Construction Manager on the daily work execution plan as per project work schedule.
Qualified competitive subcontractor bids prior to execution of contracts.
Carefully coordinated plans and specifications using marketing programming standards.
Facilitated processing of RFI's, submittals and samples among the general contractor, the owner and the owner's consultants.
Managed a team of onsite general contractors.
Reviewed and investigated Proposed Change Order Requests.
Performed construction site pre-inspections and coordinated post-construction audits.
Accurately provided status information on project progress to the project management.
Assisted the Project Manager with bidding new jobs and projects.
GRC Administration
Supported client’s effort to review the risks and controls matrices from various groups (Audit, SOX, & ITGC Groups)
Assisted with harmonization of risks and controls to produce final control matrix for the GRC Process Controls realization.
Participated in gathering business requirements for proposed roles
Created Transaction to Role Mapping document
Configured roles based upon business requirements with the aid of Tcode PFCG
Created users using Tcode SU01 in the ECC landscape and assigned configured roles to them
Performed post Go-live support by troubleshooting user related issues, leveraging SU53, ST01, SU24, and SE16 transaction codes when appropriate.
Maintained mass users using ECATT and SU10
Centrally managed users in the CUA (Central User Administration) landscape
Mitigated and Remediated over seventy (70) roles based upon change requests
Performed Post installation activities on GRC Access Control suite (ARA and EAM) using SPRO and NWBC
Set up Users, Controllers, and Owners of GRC Firefighter IDs
Modified existing roles based upon change requests
Worked on Solution Now ticketing tool and resolved all user incidents
Troubleshot all escalated issues during Testing and Go-live phases
Technical Skills Highlights
Tools: SAP GRC Access Control: ARA, EAM, BRM, & ACL and MS Office (Word, Excel,
PowerPoint, Outlook, Visio, Project)
Databases: MS SQL Server, MS Access, Oracle (9i, 10g & 11i)
Operating Systems: UNIX, MS Windows NT (2000 & 2003)
ERP Application: SAP R/3, ECC
Methodologies: ACT, SDLC, ASAP Methodology.
Regulatory/Standards: ISO 27002, FISMA, NIST, PCI-DSS, HIPPA, URAC, SAS 70, SOX, BASEL-II, GLBA
Frameworks: COBIT, COSO,
Education And Credentials
B.Eng. Mechanical Engineering - The Polytechnic Ibadan – Nigeria
QMIA – Quality Management Internal Auditor’s Course
AACEI – Certified Cost Professional
PMP – Project Management Professional