Information Security Sap
Resume:
Enterprise Security, GRC & IT Architect
Executive Profile
Innovative, methodical, and results-driven professional with 13 years of extensive experience in all facets of security administration, encompassing SAP cyber security, SAP HANA security, and SAP security. Expertise in SAP GRC Access Control, SAP GRC Process Control, SAP Audit, and SAP GRC Risk Management. Expert in troubleshooting, solutions integration, and software development. Managing multi compliance initiative to meet Organization objectives. Effective at cultivating positive relationships with individuals of different socioeconomic backgrounds. Expert in Regulatory Compliance SoX, GDPR, FERC/NERC.
Core Competencies:
SAP Access Control & Process Control
SAP HANA Security
IT Audit management
Enterprise Security Operations and Implementation
Regulatory Compliance SoX, NERC, GDPR
Security Police design & Implementation
Design and implement Data governance policies, standards and processes.
Professional Experience
Project Title: SAP GRC Architect Date: Current
Role: SAP GRC Upgrade 12.0 Client: Avantor Sciences
Guiding SAP Basis team on GRC 12.0 software component selection
Blue Print design for GRC AC 12.0 upgrade
Post installation Steps
New BC Sets Activation (S4HANA, Fiori )
EAM Configuration for HANA DB
SAP GRC EAM Configuration for Enterprise Ware House systems
Password Reset Workflow Configuration
Project Title: SAP Security & GRC Support Date: June 2018 – Oct 2018
Role: SAP GRC Architect Client: Applied Materials
SAP GRC UAR application Enhancement for HR Changes (Work Day) for periodical review of Changes.
SAP GRC EAM Controller approval workflow design
SAP GRC AC & Hybris Integration using Custom Web Service Calls for Provisioning and De-Provisioning
SAP GRC Access Request life cycle report design
SAP GRC ECC Support for end users
Documentation on HR Changes
New Rule set design to find out Critical Access (Roles & Users)
New Process Designed for Critical FF ID review process.
Wizni Inc., San Ramon, CA
Project Title: Information Security Program Management & Control Automation (SAP GRC PC) Date: June 2017 – Feb 2018
Role: Security Architect & GRC PC Consultant Client: VMware
Responsible for supporting the Global Chief Security Officer in the effort to develop a global information security program using an agreed upon framework for US and India. Ensures this framework works both locally and globally and addresses regulatory requirements
Business SoX Controls Automation through SAP GRC PC & Archer Application
Collaborates with senior leaders in the US and Japan, and India responsible for the operation and governance of information security program elements. Works to continue to mature global policy, minimum baseline standards, measures and processes for Global Information Security
Project Plan Design, monitoring and Implementation overview.
ITGC Controls Automation
SAP Data Preparation for GDPR
Identification GDPR PII Data objects (Tables & Tcodes)
Determine who can have access to this data (users, roles, groups)
Detect misconfigurations and vulnerabilities that may allow unauthorized access to the data under the GDPR
Restrict access to personal data
Eliminate vulnerabilities and misconfigurations
Monitor security of your systems
Coordinates and collaborates with the US and Japan information security areas in reviewing, developing, recommending, and implementing Global Information Security processes
Lead and coordinate the execution of the organization’s SOX Program, in partnership with the global Corporate Audit team members.
Facilitate the annual scoping efforts to ensure adequate coverage for SOX compliance in alignment with the financial statement risk.
Communicate on-going status of the SOX program to leadership.
Evaluate and recommend internal control enhancements, including opportunities to drive efficient and effective controls.
Lead cross-functional program teams in security remediation planning and execution of security programs by planning and tracking of tasks, schedules, resources and dependencies- facilitate & drive project meetings
Wizni Inc., San Ramon, CA
Project Title: SAP Access Control & Support and SAP HANA Implementation Date: June 2016 - Dec 2016
Role: SAP Solution Architect Client: CMS Energy
Complete support for SAP GRC AC
Implemented security at the HANA database level, along with HANA Analytics. Day to day support
Scheduling Back ground jobs with variants
SAP GRC Back ground job monitoring
Create New users/modify existing users in S4HANA
Identify the necessary object privileges / system privileges/package privileges/SQL Privileges required for each user (developer/functional/Business Users etc.) and add them to the roles/user profile.
Work with the application team to define analytical privileges on business data for each application and work on creating corresponding roles.
Establish security at HANA database level as well as on HANA Analytics.
Work closely with IT and key business thought leaders to ensure delivery of secured application access throughout the organization.
Define and maintain the secure coding standard
Project Title: SAP Asset Management (NERC CIP Cyber Assets Program) & SAP Fiori SSO Date: Jan 2016 - June 2016
Role: Solution Architect Client: PG&E
Oversaw various functions, including SAP security solution design for asset management tools and SAP enhancements for asset management module.
NERC & FERC Audit reports design and valuation
Completed integration design between SAP and Wizni AMPS tool, SAP Fiori single sign-on (SSO) configuration, SAP gateway configuration for SSO, and SAPU15 development and implementation.
Identify and assess significant information security risks. Plan, coordinate and maintain an Information Security program for Baird globally, including developing and monitoring of information security policies; facilitating information security governance; executing ongoing risk assessment processes; investigating breaches; managing relevant budgets and advancing the program in a culturally aware style that improves likelihood of success at Baird.
Identify, develop, and maintain information security and related third party due diligence processes across the organization to reduce risks, respond to incidents, and limit exposure to liability.
Assumed the role of SAP data migration expert, while handling data dictionary objects development.
Administered SAP and Oracle identity management integration; and OIM and AMPS integration design.
Conducted SAP security design from the NERC CIP requirement.
Project Title: SAP GRC Upgrade to 10.1 Date: July 2015 – Jan 2016
Role: SAP GRC Solution Architect Client: PacifiCorp
Managed the upgrade of SAP GRC for PacifiCorp, which involved formulating GRC landscape for SAP GRC 10.1; and post-installation and baseline configurations.
Performed configuration of the GRC 10.1 system, specifically ARA, EAM, and ARQ
Carried out configuration of human resources (HR) triggers to enable new user creation and termination through GRC 10 when the user was created in HR.
Configured HR triggers to allow new user creation and termination via GRC 10 when the user is created in HR
Configured MSMP workflows with custom BRF+ initiators and agents to address the client requirements, as well as to create customized workflows for customer needs
LDAP Integration (user details) & Portal Integration (user interface)
Cygtec Inc., Raleigh, NC (2012–2015)
Project Title: SAP GRC AC 10.0 Implementation (Identity Management Project) Date: April 2014 – July 2015
Role: SAP GRC Solution Architect Client: CMS Energy
Took charge of SAP Identity Management (IDM) and SAP GRC Access Control 10; which involved blueprint design, enterprise asset management (EAM) workflow design, and EAM creation and configuration for CMS Energy.
Accomplished mitigation controls creation, along with new initiator creation through Business Rule Framework Plus (BRF+) for multistep multi-process workflow.
Successfully migrated Bizrights SoD rules into SAP GRC AC 10.0 SoD rules.
Facilitated end-user training, writing of knowledge transfer (KT) documents, and test script creation and loading into the HP Application Lifecycle Management (ALM).
Project Title: SAP GRC AC 10.0 Implementation Date: Oct 2012–Oct 2013
Role: SAP GRC Solution Architect Client: PACCAR
Designed strategy & roadmap for SAP GRC 10 Access Control and role restructuring.
Creation of functional specifications of applications which were integrated to SAP GRC and providing technical requirements for the same
Involved in project plan preparation, review at critical points, and regular status reports for senior management.
Involved in technical workflow implementation of Compliant User Provisioning, Super-User privilege management, enterprise role management and Risk analysis & remediation.
Complete Setup of all AC component including workflow and SPRO settings
SAP Thailand, Bangkok, Thailand
Project Title: SAP GRC Risk Management 10.0 Date: Jan 2012- May 2012
Role: Business Process Senior Consultant Client: PTT&EP
Scope definition workshop with customer
Project plan designing & Bleu Print Designing
Master Data setup & Manual KRI setup & Risk Management Reports configuration
Scoring model risk assessment set up & Response plans and controls
Authorization model design for Risk Management Team
Capgemini, Bangalore
Project Title: SAP GRC AC 5.3 Support Date: July 2011 -Dec 2011
Role: Senior Consultant Clint: Target
Successfully handled fine tuning and implementation of critical functionalities like User exits, cross integration of Access Controls applications, configuring Firefighter backend reports etc.
Periodic review of Mitigation control and inform the control owners on the changes and expiration
Firefighter logs and Audit logs, Firefighter login notification and Streamlined the firefighter access.
SAP GRC AC owners Maintenance
Optimal Solutions India Pvt Ltd, Bangalore
Project Title: Application Auditing (Internal) Date: Feb 2011–June 2011
Role: IT Auditor Client: Hindustan Unilever.
Performs general IT and application control testing for simple to complex systems.
Conduct IT audits to ensure security, availability and confidentiality of the IT Systems and data.
Determine audit scope and objective and accordingly prepare audit work plan.
Identify critical risks and recommend corrective steps to address the risks.
Coordinate with business, finance, project and compliance teams to obtain inputs for audit processing.
Monitor security and segregation of duties for application users using tools such as Approva BizRights.
Identify best practices to meet audit requirements in a timely manner.
Prepare test plan, conduct testing and report audit findings to the management.
Identify the weaknesses in a systems network that could lead to potential breaches.
Perform data analytics using ACL and document the results.
Project Title: SAP GRC AC 5.3 Support & SAP PC 3.0 Implementation (POC) Date: Oct 2010–Feb 2011
Role: GRC Consultant Project Lead for PC Client: BSNF Railways
CUP workflow maintenance
Job scheduling on weekly basis for new user/role/profile sync
SPM jobs scheduling, monitoring report validations
Configuring SAP Process control for core business process, identifying automated & Manual controls for monitoring the business process at the transaction, master data and configuration level, Setup questions as part of Self-assessment questionnaire.
Configured IT Control to monitor client open and close
Configured Finance Control to monitor duplicate invoice and threshold limits.
Nagarro India Pvt Ltd, Gurgaon, India
Project Title: SAP GRC Product Development (V10) and Support (5.3) Date: Nov 2007– Oct 2010
Role: Module Lead Client: SAP Labs.
SAP GRC Access Control 10.0 Development (EAM, ARA, ARQ & BRM)
Support of SAP GRC AC 5.3 Application for End clients
Bug Fixing and New functionality developments
Helping customers for Configuration settings
Helped customer that how to use the RAR in effective way to detect, Identify and mitigate risk through SAP GRC RAR Application.
Helping Customer in Implementation Process.
Provide oversight capabilities for management to take responsibility for proper SoD conflict handling and efficiency of the internal control system inside organization.
Santronics, Bangalore
Project Title: SAP ECC Support Date: July 2005 -May 2007
Role: SAP ABAP Consultant Client: GCC (Gloucestershire county council)
Performed troubleshooting of various errors during unexpected behaviors of programs and program Update.
Completed the development of the following for Capgemini:
-Batch Data Communication (BDC) program to edit the customer’s address through the transaction, as well as to the transaction code, XK01; and
-ABAP List Viewer (ALV) report to present costing per page as well as to compare price of materials that were purchased in different months.
Education
Master of Science in Software Engineering: Stratford University, Falls Church, VA, USA
Bachelor’s Degree in Computer Science: Andhra University, Visakhapatnam, India
Credentials
Training:
COBIT v5 SAP Audit Information Technology Infrastructure Library (ITIL) SAP Cyber Security
Certifications:
CISSP -In process ( will be submitted before Hiring)
RABQSA-IS (Information Security Management Systems)
RABQSA-TL (Leading Management Systems Audit Teams)
SAP Certified Application Associate –SAP Business Objects Access Control 10.0
SAP Certified Technology Professional – Security with SAP NetWeaver 7.0
SAP Certified Development Associate – ABAP with NetWeaver 7.0
SAP Certified Application Associate – Financial Accounting with SAP ERP 6.0 EHP6
SAP Certified Technology Associate - SAP HANA 1.0
SAP Application Associate – SAP HANA 1.0
SAP Certified Application Associate - Business Intelligence with SAP NetWeaver 7.0
Sun Certified Web Component Developer for Java Platform.
Sun Certified Programmer for the Java Platform, Standard Edition5.0
Professional Affiliations
SAP SANS Institute ISACA Internet Systems Consortium (ISC) SAP Experts (http://sapexperts.wispubs.com/)
Technical Acumen
SAP ABAP SAP Security SAP Audit SAP GRC Access Control SAP NetWeaver SAP IDM SAP HANA JAVA
Contact this candidate