Sap Security
Resume:
Kimberly A Kinney
New Milford, PA *****
******@***.***
I have over 16 years of experience in supporting IBM's Global Procurement
organization in Security & Authorizations through 5 full cycle
implementations, Go-Live, Post Go-Live and Production. I am highly
skilled at analyzing business requirements and developing solution. I am
well organized, a self-starter, efficient, team player, professional,
dependable, and complete my work on time to meet schedules.
I have hands-on experience within SAP SECURITY including Sarbanes-Oxley
Section (SOX), Segregation of Duties (SOD) within SAP implementation, VIRSA
Systems VRAT tool, GRC 5.3, Profile Generator (PFCG), Role building,
Profile creation, modifications, parent/child and derived role concept,
building block concepts, user id creations, modifications and authorization
objects.
Nov 2010 to Apr 2014 - SAP Security Analyst
Client: CDI IT Solutions (Contractor with IBM for the Blue Harmony
Project)
. Responsible for all CPIC and ALE userids (nonloggables) and roles for
all 23 supporting systems within project
. Responsible for SAP defects within production
. Role creations using building block concepts, parent/child roles,
composites and single roles
. Ensure roles are free of SOD issues and audit ready by running through
GRC checking for issues before transporting out of development into
test system
. Maintaining and approving SPM and Firefighter roles and ids
. Segregation of Duties (SOD) within SAP implementation, VIRSA Systems
VRAT tool,
. Execute and analyze the following GRC 5.3 reports: Critical Actions,
Critical Permissions and Separation of Duties to identify issues for
customer with recommendations on how to update roles for compliance
purposes
. Ensure role database is kept up to date with audit ready documentation
including R20 reports, GRC reports, customer signoffs, mitigations and
any open risks
. Manage aggressive compliance quarterly testing for SAP ABAP systems
. Ensure compliance per corporate standards
. Work with Center of Excellence Office, Business Controls & Audit Teams
to ensure compliance
. In addition to the above, I continued to handle all SAP security
responsibilities listed below
July 1980 - July 2010 - SAP Security Analyst
Client: IBM Corporation
RESPONSIBILITIES
. Analyze Customer Technical Requirements and Apply Problem Solving
Techniques
. Create desk procedures and process improvements using Microsoft Word
. Creating and maintaining userids using SU01
. Defined and developed very complex user roles with extensive usage of
Profile Generator .
. Ensure role-building follows business guidelines, and adhere to the
controls requirement set forth by the internal audit/controls teams.
. Ensuring proper authority checks are in SU24
. Extensively worked on Authorization objects, fields, authorizations,
authorization profiles.
. Implement and communicate security policies and procedures.
. Improved customer roles by re-structuring and building very complex
user profiles to meet their role requirements. This allowed customer
to become compliant with corporate and industry standards including
SOX compliance.
. Manage Quarterly Health Checks and Quarterly Employee Validations on
SAP ABAP
. Participated in SAP system security audit.
. Support integration testing of Roles/profiles
. Transporting of generated roles and profiles using SE01/SE09
. Troubleshoot existing user roles, security objects and authorizations
using SU53 and running traces using ST01
. Verification of approvals regarding user access modifications
. Run all roles through VIRSA system to ensure SOD compliant before
audit
KEY SKILLS
Process and Functional Skills: Security Analysis and Design
Packaged Applications: SAP R3 3.1I, 4.7, 6.0, 7.0,
VRAT/Compliance Calibrator
Technical Skills: SAP Security
Computer skills: Lotus Notes
Lotus WordPro
Lotus 1-2-3
Microsoft Word
Microsoft Excel
EDUCATION -
SAP Authorization Class
SAP HR307 Security v4.7
SAP HR - OM - Organizational Management (4.7)
Contact this candidate