Sign in

Security Sap

Houston, Texas, United States
February 17, 2018

Contact this candidate


Bhasker Koneti



Technical Hands on SAP GRC Security Consultant with over 10 years of SAP security experience working with clients to

design / Re-design, implement and deliver high-performance SAP Security technology solutions. Skilled in all phases of the project life cycle, from initial feasibility analysis and conceptual design through implementation and support.

Key Highlights

SAP Security End to End Implementations

Experience in SAP Security Requirements Gathering, Design, Build / Test, Go Live / Support

SAP Security Testing (Unit, Functional, Integration, Performance and UAT)

Audit / GRC / SOX / SOD Compliance Projects

GRC Access Controls – 4.0/10

SOD Identification / Resolution

Previous Roles - SAP Security Admin and Security Support Lead

Implementation, Go Live Support (Risk analysis, Troubleshooting, Issue Resolution, Ticket Maintenance)

Successfully trained new team members in the team

Leading / Managing release activities as part of Go live.

Working with Clients /Business and Project Management to direct and report scope of security work

Involved in work load analysis, escalation and deliverables management.

Background Job Scheduling and Troubleshooting and Transport Management via Rev-Trac.

Generating SOD Reports and reviewing the SOD conflicts, remediation as per the SOD approvals.

Have been onsite to Russia (2013) JUNE to manage a Release activity, where my interaction with the clients earned good reviews and appreciation and ensured successful Go-live during R.3.3.6

Awarded with Delivery Excellence award for having continuously managed the team to achieve good SLA and Compliance to customer demands.

Technical skills


ADD-ON’S: Fiori, GRC 4.0/10

Platforms : Windows XP, Windows NT, Windows 2000

and Windows2003 Enterprise Edition


SAP Security Support

SAP Security Feasibility Studies

SAP Security Role Redesigns

SAP Initial Feasibility, Design, Build and Maintenance of the following components:

ECC all components

GRC - Access Controls

Business Warehouse




Audit / SOX / Compliance

Magic /Service now (Ticketing)


Client: Centrica Direct Energy, Houston, TX April 2015 -till date

Role: Sap Security / GRC Consultant

Project Description:

British Gas is the leading residential and business energy and services provider in the UK and they supply energy and services to millions of homes and businesses, keeping them warm and working by offering customers the most up-to-date energy efficient technology.

Direct Energy is one of North America's largest energy and energy services providers with more than 6 million residential and commercial customer relationships. They are active in energy supply and trading and downstream delivery of electricity and natural gas to homes and businesses. Centrica Energy is an international business operating in the UK, Europe, North America, Trinidad and Tobago, delivering shareholder value and energy security through a balanced mix of gas and oil production, power generation and energy trading. Centrica Storage operates the Rough offshore gas storage facility in the Southern North Sea, and the associated Essington Terminal. Our Rough storage facility is the largest in the UK, and represents over 70% of UK storage capacity.

GRC 10. Implementation of Access Request Management with Integration of Business Role Management Workflow

Configured and Implemented GRC 10. Access Control

Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues

Worked with the business role identify SOD mitigation

Extensive experience in User administration and Role assignment in CUA.Produced Analytical Reports to provide real-time data to management

Collaborated with cross-functional teams of SAP business IT, SOX and internal audit teams to analyze security risks and develop mitigating strategies

Designed, built, tested and supported the SAP security model within the following components:


Actively involved in generating several security related reports as those of 90 Day User lock, Performance Metrics of Production Systems, Security Audit Log, Client Customization and E-buy Weekly Performance.

Created analysis authorizations in BW systems and created new roles as part of business requirement.

Post go live support

Updated MSMP workflows to help improve the flexibility of the system

Created Training / Work Instructions to help facility the GRC system maintenance to the security team.

Created Users, Roles, Privileges, Packages, Schemas as part of HANA Security and Development.

Responsible for all security surrounding standing up a new plant.

Work with the business to created design

Defined Organizational elements

Created business roles

Coordinated security testing and defect remendiation

Security point for EBP Optimization Project

Identifying security requirements for custom transactions

Worked with Development to identified authorization requirements

Supported the business through UAT testing

Environment:ECC 7.0,GRC 10,BI,SRM,FIORI and Transport Express.

Ticketing tool Service Now

Client: Mars 2010 Nov-2015 April

Sap Security Consultant, McLean, Virginia

Project Description:

SAP Operations Team (SAPOPS) is a Global Support Team, a part of GSM (GSM is part of ISI organization responsible for support of globally used application systems). Our team provides Level 3 support for MARS IS. Mars is an $18bn Business Organization operating in over 65 countries. Mars, Inc. now operates its three core businesses - snack food, pet care and main meal food - under the Master Foods name in most parts of the world. MARS landscape is basically a implementation with all major SAP applications like R3, BW, HR, CRM, APO and EBuy systems. It has a vast landscape of 120 SAP servers. Major activities include Security – Users and Roles administration; Transport management; Background Job Scheduling; Printer Setups; OSS Connections and Authorizations.

We provide 24 X 5 supports globally to all 3 regions of MARS – Asia Pacific (Australia, New Zealand, and Asia), Europe and America. Also, provide weekend support for special activities like Outages & Productionizing.

Worked on various projects, supporting project teams.

Conducted security workshops to define security requirements

Reviewed functional and technical specifications

Configured and Implemented GRC 10. Access Control

Extensive experience configuring GRC Access Controls components (ARA, ARM, BRM AND EAM)

Worked with business teams to create organizational models

Implemented SAP security roles and user provisioning processes

SAP HANA Security including User Management, Roles, and Privileges.

Maintained and configured users through CUA.

Printer’s definition in SAP.

Opening OSS Connection.

Opening systems for Customization

Used SU53 & ST01 extensively for analyzing users access problems, and assign missing authorizations.

Worked on SAP Check Indicator field values, SU24 authorization concepts and maintaining Check indicators.

Project documentation on SharePoint for knowledge transfer

PWC audit related tasks & internal audit tasks like extracting reports on different TEMP from production.

Daily checking results from RFC health check report.

Adding and removing a client or system to a target group.

Environment:ECC 7.0,BI,SRM,GRC Compliance Calliberator 4.0(Virsa Tool),GRC 10, Rev trac

Ticketing tool Magic

Client: Asian Paints Bangalore, India 2007 FEB-2010 OCT

Role: Associate SAP Security Consultant

Project Description:

Asian Paints BSE: 500820 is India's largest paint company based in Mumbai India. It operates in 17 countries and has 23 paint manufacturing facilities in the world servicing consumers in over 65 countries. Besides Asian Paints, the group operates around the world through its subsidiaries Berger International Limited, Apco Coatings, SCIB Paints and Taubmans.

Extensive experience in User administration and Role assignment in CUA.

Extensive experience on SAP authorization management and restricting the user authorizations in various levels.

Authorization investigations - Analyzing and resolving missing authorization and role assignments in CUA.

Actively involved in the administration of VIRSA Firefighters, Roles, Mitigation ControlsGenerating SOD Reports and reviewing the SOD conflicts, remediation as per the SOD approvals.

Creating and providing the FFID Access, periodically generating the FFID log reports.

Creating and transporting the TRs from DEV to QUA and PRD systems as per the requirements.

Generating User Groups for user administration and restricting users.

User administration: creating, restoring, deleting, locking/unlocking and password resetting of users.

Working on Compliance Calibrator for finding out SOD conflicts.

24/7 Support for users in security issues.

SPOC for PWC audit from offshore generating the TEMP reports for PWC audit (like sensitive t-codes, etc.). I am also involved in organizing PWC audit related tasks by coordinating the offshore and onsite reports.

Generating AGR* & USR* reports

Extensive use of SAP Query to generate reports quicker than usual.

Maintenance of SAP defaults - Inserting missing authorization objects and maintaining check indicators/field values manually.

Created analysis authorizations in BW systems and created new roles as part of business requirement

Environment:ECC 6.0,GRC Compliance Calliberator 4.0 (Virsa Tool),Rev Trac and MAESTRO .

Ticketing tool Magic

Education details : Btech from JNTU Hyderabad India

Contact this candidate