Summary:
SAP GRC Certified **.* Security Consultant with 10+ years of experience in SAP R/3, BI, HR, FIORI, BOBJ, Portal, GRC 5.3 and GRC AC 10 & 10.1.
Extensively experienced in Profile Generator (PFCG), Composite roles, Derived roles, Authorization Groups, Custom Authorization Objects & Fields, Mass Processing of roles & users (CATT / eCATT).
Created roles using automatic profile generator. Performed transports and mass transports of roles.
Extensively worked with NWBC roles and created roles based on NWBC client as per requirement.
Used SUIM report extensively.
Expertise in fixing user access related issues using SU53 & ST01.
Extensively worked on CUA for User creation, Role assignments/removals, Password management, locking and unlocking of users.
Expertise on all SAP security related tables (USR* & AGR*) and reports.
Activities include design, implementation, development & maintenance of roles and performing unit testing, system and integration testing.
Worked on GRC 5.2 (Risk Analysis & Remediation, Super User Privilege Management & Compliant User Provisioning).
Designed BI Analysis Authorizations and BI Roles
Built Analysis Authorizations using the transaction RSECADMIN.
Exclusively worked on objects S_RS_COMP & COMP1 to restrict access for reporting users.
Setup security at the Info objects level RSD1 (field-level security).
Created roles restricting access to Info cubes, ODS objects, specific queries and workbooks.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
Troubleshoot authorizations related problems using RSECADMIN.
Made the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID “authorization-relevant” in the info object maintenance tool RSD1.
Worked with auditor to find users that are assigned to the critical transactions/roles and to Mitigate SOD issues.
Day to day support of production system.
Provided developer access key and maintained OSS connections as per requirements.
Involved in creating and handling transport change requests.
Used SUIM report regularly to check for locked users and users with incorrect logons
Performed reconciliation of user master records and roles using transaction code PFUD.
Extensively worked on SU24 transaction making changes to proposal values and maintaining object and their values as per the requirements
Good understanding of SU25 transaction code and its functions.
Knowledge on HR security includes structural authorizations and indirect role assignment.
A committed team player with excellent communication, interpersonal, strong analytical and problem solving skills with an ability to work under stress.
GRC 10.0 Skill Set:
Proficient in functionally implementing and technically configuring SAP GRC Access Controls 10.0 modules such as the Access Risk Analysis(ARA), Access Request Management(ARM), Emergency Access management (EAM)and Business Role Management (BRM) tools.
Performed business process analysis, security design, and segregation of duties analysis using GRC 10 ARA.
Worked with application teams for the design, implementation and maintenance of SAP roles and authorization, utilizing GRC.
Develop knowledge transition plan and Created ARA/EAM/BRM training documents after go live.
Good Knowledge on GRC AC 10.0 pre and post-installation activities.
Created Custom functions, risks in ARA.
Implementation exposure and good understanding of MSMP Workflows and BRF+ rules.
Uploaded SU24 & SAP GRC Rule to RAR and maintained Risk level & Status for Risk ‘ID based on SOD matrix and created custom function ID.
Assigned Risk ID’s to mitigation control and monitor id & rule set.
Implemented Decentralized fire fighter concept.
Configured EAM and Created FFID’s.
Set Up SPM (Fire Fighter) users, Manage access, Transaction usage reports, change log and other reports
Created Reason codes and Critical T-codes for FFID and Generating Fire-Fighter Reports.
Configured CUP Pre Workflow, Workflow and Advanced workflow & created & uploaded roles to CUP and Maintained approvers.
Creating various types of CUP Requests based on business requirement and performed CUP support level day to day activities.
Checking security checks & forwarding CUP requests, canceling requests, performing Risk analysis.
Generated various types Security & Audit reports for internal & external audits.
Technical Skills:
SAP Releases: SAP R/3, ECC 5.0, ECC 6.0, ECC6 EHP7
Technical Skills: SAP R/3 and Approva Security, GRC 5.3, 10.0 & BI& HR Security.
Hardware: Windows XP/2008/2003
Databases: Oracle 9i/10G.
Packages: MS Office.
Professional Experience:
Client/Industry: Utilities
Project: Implementation
Role: Senior Security & GRC Consultant Duration: Nov 16 – Till Date
Environment: SAP ECC 6.0, GRC 10.1, BI, HR, FIORI & FLM
Responsibilities:
Initial discussions with business leads from Client side on project requirement.
Conducted workshop for IT users on Authorization concepts & its usage
Modules involved are FLM (File lifecycle Management), MM, FICO, PM, PS, HR, QM, BW, Portal & GRC 10.1
Implemented roles with Composite roles based on the positions in organizations, Master/Derived concepts to restrict plant wise access to all the modules.
Created users and provided privileges based on their requirements in BOBJ
Created roles based on SAP FIORI with Tiles & Catalogs
Implemented Indirect assignment of roles to Position id’s by inheriting relationships in PO13.
User ids are mapped to position ids and composite roles have been assigned to Position ids to avoid manual work for Customers.
Created roles on FLM and restricted based on their positions in organization structure & assigned to all the end users in order to access Files that are circulated in their business.
Implemented ESS & MSS concept and payroll process successfully.
Created roles to all the ECC & BI modules based on the requirements collected by team leads and implemented successfully.
Implemented 4 components of GRC ARM, ARA, and EAM & BRM successfully with Standard SAP provided workflow & some custom workflows.
Client/Industry: Smith & Nephew, Memphis, TN
Project: Support
Role: SAP Security & GRC Consultant Duration: Dec 2014 – Oct 2016
Environment: SAP ECC 6.0, GRC 10.0
Responsibilities:
User maintenance through CUA & Normal ECC (User creation /modification / Password management).
Locking and unlocking the user accounts.
Mass user maintenance through SU10.
Various roles Assignment and maintenance to users account
User Creation & Role Mapping in Portal
Used SU53 extensively for analyzing users access problems and assign missing authorizations.
Analyzed trace files and tracked missed authorizations for users’ access problems through ST01.
Extensively Work on Profile Generator (PFCG) in creating/Modifying roles, effectively analyzed trace files and track missing authorizations for user access problems and inserted missing authorizations manually.
Exclusively worked on Parent/Derived Roles & Composite roles
Worked on Mass Transportation Various Concepts of roles
Worked on SU24 to Check/Maintain Authorization Values.
Managing and Maintaining USOBT_C and USOBX_C tables by using SU24
Worked on different types on Login issues
Exclusively Worked on SQVI & SQ03 for Table mapping to extract reports &
Creating/Assigning the Query groups to Users
Worked on Mapping/Restricting the SAP accounts to different Organization Structures through PPOME
Worked on creating ESS/MSS accounts in EHP and mapping accounts to PERNR through PA30.
Creation of Mitigation Approver, Mitigation Monitor & risk owner in SAP GRC 5.3.
Security checks & forwarding requests, cancelling requests, performing Risk analysis.
Assigning SPM User ID’s to Fire-Fighters based on Business Approval.
Experience in creation, configuration and maintenance of Fire-Fighter ID’s.
New User setup and granting additional access to existing users across the SAP landscape involving SOD Risk analysis and approval process.
Checking user level SOD analysis for new user set up and user simulation for additional access assignment for existing users.
Viewing & Sending Log report details for only critical transactions.
Eliminated all the SOX violations within the roles and mitigated the violations at user level.
Teamed with Controls team for providing GRC reports to functional leaders, roles owners and Auditors.
Made changes to the roles for the modules FICO, MM, PP, QM, HR, SD etc.
Re-designed roles with SOD issues and completed role cleanup process.
Client/Industry: Arlon Graphics, Placentia, CA
Project: Implementation
Role: Security Consultant Duration: June 2014 – Nov 2014
Environment: SAP ECC 6.0 EHP6, Net weaver Business Client (NWBC)
Responsibilities:
Interfaced with management to discuss security requirements and implementation strategies.
Translate functional requirements into technical design for SAP security roles
Created roles with proper naming convention on SAP ECC system.
Created all roles based on NWBC for easier path identification for end users using Net weaver Business Client (NWBC)
Created and maintained the custom authorization objects based on functional requirement.
Managing and Maintaining USOBT_C and USOBX_C tables by using SU24.
Mass Transports handling.
Created Authorization group and mapped to customized tables.
Initiated in Creating Project Process & Support Documentation.
Developed SAP Security Test plans, created Test user accounts and Unit Testing of all the roles.
Coordinated with developers and functional teams to integrate the Application.
Used SU53 & ST01 extensively for analyzing users access problems, and assign missing authorizations.
Transporting & Role Distribution.
Client/Industry: Littelfuse, Chicago, IL
Role: SAP Security Consultant Duration: May 2013 – May 2014
Environment: ECC 6.0
Responsibilities:
Done troubleshooting for existing user roles, security objects and authorizations to resolve security conflicts, supporting users, setting up new accounts, password resets, put users in appropriate groups and resolve any issues in production system
Worked on SAP Check Indicator Defaults, Field values, and maintained check indicators for Transaction codes using (SU24)
Extensively used Profile Generator (PFCG) to create single roles and derived roles/profiles for various modules such as FI, CO, MM, WM, PP, SD.
Assisted users with access problems and questions related SUIM and SU53.
Used System Trace (ST01) to record authorization checks in different sessions.
Used Transport Management System (STMS) to perform transports between various systems in the landscape.
Created and used CATT scripts for mass creation/maintenance of users.
Involved in the day to day production support issues.
Handling tickets in CRM tool, which is centralized ticketing system, synced up with MS outlook to resolve authorization issues based on approvals.
Implemented the GRC 10.0 Access Control
Working as a security lead from offshore coordinating with client.
Created Custom functions, risks in ARA.
Implementation exposure and good understanding of MSMP Workflows and BRF+ rules.
Created Custom Notifications in ARM.
Implemented Decentralized fire fighter concept.
Uploaded & Created UME Roles for AC users, Created AC Administrator user, and Assigned respective roles to AC Administrator and Maintain JCo destination.
Uploaded SU24 & SAP GRC Rule to RAR and maintained Risk level & Status for Risk ‘ID based on SOD matrix and created custom function ID.
Assigned Risk ID’s to mitigation control and monitor id & rule set.
Set Up SPM (Fire Fighter) users, Manage access, Transaction usage reports, change log and other reports
Created Reason codes and Critical T-codes for FFID and Generating Fire-Fighter Reports.
Creating various types of CUP Requests based on business requirement and performed CUP support level day to day activities.
Checking security checks & forwarding CUP requests, canceling requests, performing Risk analysis.
Client/Industry: VITA-COCO, New York, NY
Project: Implementation & Roll Out
Role: SAP Security Consultant Duration: Dec 2012 – April 2013
Environment: ECC 6.0 EHP6
Responsibilities:
Interfaced with management to discuss security requirements and implementation strategies.
Translate functional requirements into technical design for SAP security roles
Created roles with proper naming convention on SAP ECC system
Created Parent/Derived roles as per the Segregation of Duties.
Mass Generation of the Parent and Child Roles.
Created and maintained the custom authorization objects based on functional requirement.
Mapped associated fields and activities to custom authorization objects
Managing and Maintaining USOBT_C and USOBX_C tables by using SU24.
Mass Transports handling.
Created Authorization group (SE54) and mapped to customized tables.
Initiated in Creating Project Process & Support Documentation.
Developed SAP Security Test plans, created Test user accounts and Unit Testing of all the roles.
Coordinated with developers and functional teams to integrate the Application.
Introduced Parent-Derived roles concept and created roles as per the functionality
Creating new derived roles as per the new naming Conventions by imparting with Parent roles.
Restricted Derived roles by Company & Plant Codes as per the client requirement.
Analyzed ABAP dumps and re-routed to appropriate team.
Used SU53 & ST01 extensively for analyzing users access problems, and assign missing authorizations.
Transporting & Role Distribution
Weekly call with Client Service Delivery Manager.
2 Roll-out’s After Implementation in 2013 & 2014
Responsibilities:
Created new derived roles with new company codes & Plant codes by inheriting the existing Parent roles
Created new composite roles by differentiating Functional and IT roles and segregated the roles as per functionality of the user.
Implemented new functional module roles in roll-out sessions.
Go-live have been successfully completed after continuous testing and received lot of appreciations from clients.
Client/Industry: Avid, Burlington, MA
Project: SAP Security Support & ITGC Audit
Role: Security Consultant Duration: Mar 2012 – Nov 2012
Environment: SAP ECC 6.0, BI, HR
Responsibilities:
Exclusively worked on CUA for User creation, Password management and locking and unlocking of users
Assignment of various roles user groups to users accounts.
Expert on analyzing authorization issues with SU53 and User Trace ST01.
Locking of transactions using SM01.
Work on creating/Modifying roles, through PFCG on R/3, BI& HR modules.
Expert in restricting access to users for particular Authorization groups and tables with S_TABU_DIS & S_TABU_NAM authorization objects
Exclusively worked as Admin user on BI environment with S_RS_COMP & S_RS_COMP1 to restrict users by Info areas, Info cubes & Queries for business end users & Reporting users as well
Worked on Analysis Authorization(RSECADMIN) for low level restriction of Queries and performing BW trace on SAP accounts to provide access to missing activities and Info providers
Creation of ESS & MSS accounts in SAP and assigned roles as per the functionalities.
Worked on Critical objects like P_ORIGIN to restrict users by Personal area and Info Types.
Maintaining & Mapping of ESS accounts to Personal number in PA30 with Info type 0105 & Sub Info type 0010
Creating new firefighter ids and Mapping firefighter ids to regular ids
Mapping firefighter ids to Firefighter ID owners& Controllers
Generating Log report for Firefighter Ids in Production systems
Worked on security related reports.
Role Imports through STMS_IMPORT.
Worked on SFDC as Sales force Administrator by Creating Sales force accounts as per the requirements.
Assigning the requesting roles and profiles as per the functionality of the user.
Worked with Auditors to remove the critical transactions & objects from roles
Cleanup activity on all the existing roles by removing conflicting access
Created new FFID’s and roles with critical transactions & objects and mapped with VIRSA 4.0
Had good exposure on Audit related activities and process while working with PWC team
Client/Industry: John Deere, East Moline, IL
Project: Support Project
Role: SAP BASIS & Security Consultant Duration: July 2008 – Feb 2012
Environment: ECC 6.0
Responsibilities:
User maintenance (User creation /modification / Password management).
Various roles Assignment and maintenance to users accounts.
Used SU53 extensively for analyzing users access problems and assign missing authorizations.
Analyzed trace files and tracked missed authorizations for users’ access problems through ST01.
Extensively Work on Profile Generator (PFCG) in creating/Modifying roles, effectively analyzed trace files and track missing authorizations for user access problems and inserted missing authorizations manually.
Worked on SU24 to Check/Maintain Authorization Values.
Locking and unlocking the user accounts.
Mass user maintenance through SU10.
Running the Biz Rights to find the user violations.
Used SUIM report extensively.
Involved in handling the tickets from the end users.
Scheduling Background jobs as per the priority basis like classes (A-critical, B-high & C-medium)
Exclusively Worked on UC4 tool to monitor and schedule background jobs for SCM(Supply Chain Management) with Chain Management
Monitoring the critical background jobs on 24*7 basis
Re-scheduling and releasing the failed jobs as per the requirement.
Daily Production system health check
Acknowledging and handling the CA (computer associate ticketing tool) tickets from end users.
Education:
B. Tech - Ganapathy Engineering College in 2010.
Certification’s& Trainings:
GRC 10.0 Certified Consultant.
Conducted trainings & workshops to clients on R/3 & GRC implementation.