Manager Security
Resume:
BARBARA J. SAHR, CISSP
********@*****.***
SAP SECURITY MANAGER
SAP Security ~ Implementations ~ Security Access Risk Assessment and Remediation~
~Troubleshooting ~IT Compliance ~ Project Management ~ Policies/Procedures ~ Staff Education
I am a dedicated, highly energetic, CISSP professional with 14 years SAP security, a wide range of skills including testing, programming mid-range and mainframe, hierarchy and relational database, Segregation of Duties, and GRC, with over 10 years’ experience and complex knowledge of risk and critical access remediation and mitigation. Performed SAP security for components FI, SD, PP, MM, PM, IP, PS, HR, BW (old and new concept), APO, CRM, and JAVA/Portal. I have implemented GRC versions 5.2, 5.3 as ramp up customer, and GRC version 10, PWC SAFE tool, and Security Weaver and performed many upgrades in SAP. I developed and negotiated a 9-day custom SAP certification course with SAP, Inc. for 10 people on my security team, covering 7 courses and saving HP over $150,000. Created and delivered sales presentation on GRCv10 and Nota Fiscal to win new business. Lead 5-day Proof of Concept of Security Weaver to a client in England, established key business relationships, and attained contract for new business. I also supported HP Internal business end users as a 3rd level Business Analyst to help troubleshoot a wide range of issues including HR PA20 records, WBS structures, and infotypes, CATS access, billing vendors and receiving payments for contractors involving Purchase Requisitions, Service Entry Sheets, Purchase Orders, posting of Goods Receipts and update of Invoice (IR) to verify 3 way match and check payment.
PROFESSIONAL EXPERIENCE
Industries Served:
Pharmaceutical/Health- Express Scripts - 2002; Halyard Health-2015
Aerospace & Defense - Spirit Aerospace – 2014-2015
Manufacturing- Reichhold Inc. - 2009-2014
Construction - Turner Construction - 2013-2014
Hi-Tech- HP Internal IT - 2013-2014
Consumer Packaged Goods (CPG) - Proctor & Gamble - 2014
Public Sector/Government- Compass - 2010-2014
Food/Beverage - Kraft - 2009-2010
Chemical -Solutia - 2002-2009
Energy/Utility/Telecommunications - Southwestern Bell - 1998-2001
Medical - Cardinal Glennon Children's Hospital - 1989-1995; Quest Diagnostics - 1995-1998
PROJECTS:
2003-2005: Solutia: Implement PWC SAFE SOD tool and eliminated over 1,000,000 SOD conflicts in 3 years to become 100% SOD free for end users.
2006-2009: Solutia: Implement GRC 5.2 as Ramp up Customer. Performed pilot testing at GRC Labs in Palo Alto. Participated in bi-weekly meetings with GRC Customer Advisory Council to discuss functionality needs and benefit impact for future enhancements.
2005: Attended SAP GRC Conference in 2005 in Las Vegas with Solutia Security manager.
2003-2006: Worked closely with functional and technical teams to develop XIPAY and PCI credit card masking.
2006-2008: Reduced administration time with use of finance hierarchy security versus manual updates to individual cost centers via K_CCA and K_REPO_CCA.
2006-2007: Streamlining PR approvals moving from individual dollar limit roles to all-encompassing level roles.
2006-2008: Controlled access for new plants in China by moving authorizations to org level, and auditing CHINA users by monitoring AGR1251 authorizations and AGR1252 organization levels.
2003-2009 Solutia: Upgraded from 4.6C to 4.7 Enterprise and then to ECC.
~Page 2~ BARBARA J. SAHR, CISSP
314-***-**** • ********@*****.***
PROJECTS (continued):
2008: Converted all derived roles to push down roles to minimize role administration.
2009-2011: Reichhold: Discovered, worked, and completed HR Audit Cleanup project to clean up p_origen=* starred access and restricted info types, to properly restrict HR access.
2009-2011: Reichhold: Spearheaded 2 year Derived Role Cleanup of broken relationships preventing unexpected production outages.
2013: HP Internal: All team training Initiatives for 60 member team: Plan SAP/EC Team Training for for 2013 and 2014 by organizing skills inventory website survey, analyzing gaps in future technology needs, develop plans to address the team technology gaps, and submitting a budget.
2013: HP Internal: Requested by former Delivery Manager to create and deliver SAP Security sales presentation October 2013 to Reichhold owners on GRCv10 and Nota Fiscal. Won the contract for the Add on Business implemented in 2015.
2013: HP Internal: I developed and negotiated a 9-day custom SAP certification course contract with SAP, Inc. development management directly for 10 people on my security team, covering more complex pieces of 7 SAP security classes, saving HP over $150,000. Acquired necessary funding from budget, determined class schedule, and arranged back-ups for client delivery. Oversaw logistics of study material shipments, travel for onsite training, and all components necessary (computer, connections, and sufficient conference rooms).
2013-2014: Turner Construction: Security Consultant on SAP Security Assessment to find gaps in security design, and recommend solutions and best practices.
2014: Proctor & Gamble: Proof of Concept (POC) for Security Weaver in England with 36 hour notice.
2014-2015: Proctor & Gamble: Security Weaver Implementation to about 300 clients.
2014: March-August: Spirit Aerospace: Implement GRCv10 Access Control (ARA, PC, UAR, EAM).
Senior SAP Security Consultant, Hewlett Packard (transitioned from Electronic Data Systems) 1998-Present
Supported multiple industries and global clients in several capacities of support, leadership, development and implementation including Kraft, HP Internal, Reichhold, Turner, P&G, Spirit Aerospace, Southwestern Bell, Express Scripts, Solutia and Halyard Health.
Performed user administration, single, composite and derived role maintenance, authorization changes (PFCG), security transports, custom authorizations, user exits, and parameter transactions.
Experience in the use of structural authorizations, position based security/role assignment, and restriction to HR data
Business Analyst for HP Compass Sustain Team - Perform third level triage troubleshooting for HR PA20 record and infotypes, CATW access, SAP access as well as business process changes like Mixed Orders, data transfer between numerous systems and processes, month end support, yearend support, billing and receiving payments for contractors process from start to finish (P2P) including HR employee system, data process transfer to PA20 record, PA20 info type configuration, PR, PO, SES creation and error resolution, Posting of Goods Receipt (GR) and posting of Invoices (IR) for three way match and check payment. Involved in IT changes and escalations for deployment accounts from the business perspective.
Supported Business End Users during SAP migration in areas of time keeping of employees and contractors, PA20 records, WBS Elements, CADO, time reports and reconciliation reports.
Work directly with Business Leads, SAP Security Manager, Process Leads, Approvers, and Auditors to define segregation of duties rules, coordinate review, and resolve by applying mitigating controls, modifying roles and user access, fixing complex rule definitions, or changing business processes.
Experience in the creation of eCATT and SCAT
Understand SSO, LDAP/Directory services and authentication use of these
Lead Cobol/C Developer for Express Scripts Mail Order Quality Assurance Development 2002
Only programmer to create Mail Order QA environment used until 2012. Delivered in the time with 1/3 resources with only 50% of the skills at the project start.
Learned Dec/VAX, TCP/IP and ability to call to COBOL from driver C program over a weekend.
~Page 3~
BARBARA J. SAHR, CISSP
314-***-**** • ********@*****.***
C/Oracle/Unix Scripts Programmer/Business Analyst/Payroll Tester at Southwestern Bell 1998-2001
Managed application development and primary production support of Procurement Ordering System.
Recognized by Southwestern Bell Vice President for successful execution of Telecom project enabling affiliates to enter orders into the procurement application avoiding impending fines.
Created and executed test plans and performed unit, system, integration and user acceptance testing.
Database Administrator, EDS contract at Quest Diagnostics 1997-1998
Performed all phases of software development, including project management, requirements determination, system feasibility analysis, development, testing, implementation, and documentation.
Medical Technologist at Quest Diagnostics and Cardinal Glennon Children’s Hospital. Prior 1997
EDUCATION & CERTIFICATION & LEADERSHIP
Magna cum laude, in Biology and Medical Technology, St. Louis University, St. Louis(SLU)
Salutatorian of McCluer North High School out of 425 students.
Certified Information System Security Professional (CISSP)
Biology Teacher Assistant- St. Louis University
Volleyball coach – St. Angela Merici
Girl Scout Leader
Assistant Supervisor at Cardinal Glennon Children’s Hospital Laboratory
Volunteer work on RAMS Diversity website
TECHNICAL SKILLS and CLASSES
SAP Security Certification classes in 2013 with exam scheduled 2015.
Speaks, writes, and reads Spanish at a moderate level.
Fluent at Microsoft Office.
Major in Math.
Plays 2 instruments.
Contact this candidate