SAP Security And Grc Lead
Resume:
Email: *******.**********@*****.***
Cell: +1-312-***-****
Sandeep Parkhi
Senior SAP Security and GRC Lead
Experience Summary:
• 7.3 years of IT experience as SAP Security and GRC Consultant in SAP Implementation,
Support and Enhancement projects.
• Experience includes GRC AC implementation, production support for various SAP
components, system configuration, system testing, user training, documentation and post go
live support.
Skills:
• GRC Access Control(Version 10.0 and 5.3)
• SAP R/3 Security
• Central user Administration (CUA)
• SAP BI Security
• Business Objects (BOBJ)
• SAP HR Security
• SAP Portal Security
Details of work experience given below:
Project Details:
Project 1– SAP Security and GRC (Version -10.0) Lead
Client and
H.D Smith - Security & GRC implementation Team Size 3
Project Name
Start Date and
End July 2014 - Till date
Date
The scope of this project includes implementation of new SAP Security roles
for different modules in ECC 6.0, BI and PI systems
Description
And configuration and support of GRC 10.0 system.
• Discussing with the SMEs of different modules to set up/ modify security
Role &
role matrix
Contribution • Maintenance of SAP User Master along with Role Matrix
• Configuration of all components of GRC 10.0 system.
• Troubleshooting Security issues.
• Running Risk Analysis on the GRC Access Control tool
• Removal/ Mitigation of SOD violations
• Creating GRC access request for assigning additional access and
Firefighter access.
• Maintenance of workflow for access requests, Firefighter log review.
• Modifying GRC Rule set.
• Assigning firefighter Id to users.
• Implement Password Self Service (PSS)
• CUA Implementation is in progress
Technologies GRC 10.0, ECC6.0, BI 7.0, PI
Tools GRC Access Controls 10.0, HP Quality Center (QC)
Project 2– SAP Security and GRC (Version -10.0) Lead
Client and
Viacom - Security& GRC Support Team Size 4
Project Name
Start Date and Aug 2012 - Dec 2013
End
Jun 2014 - July 2014
Date
The scope of this project included configuration and support of GRC 10.0
system, ECC 6.0 along with SRM and BI 7.0 in Strategic Business Units in
Description
Viacom. That is, Security Consultant responsible for, creation of users through
CUA, modification of users and roles in R3,doing SOD analysis.
• Configuration of all components of GRC 10.0 system.
• Production support for ECC, SRM, BI systems and GRC Access control.
• User ID management done through CUA system.
• Creation and Maintenance of Roles.
• Troubleshooting Security issues.
• Transport of Security changes through Solution Manager
• Creation and Maintenance of Analysis Authorization.
• Maintenance of Business objects (BOBJ).
• Maintenance of CUA system.
• Performing below activities in GRC:
Creating GRC access request for assigning additional access and
Role &
Firefighter access.
Contribution
Maintenance of workflow for access requests, Firefighter log review.
Modifying GRC Rule set.
Assigning firefighter Id to users.
Creating Mitigating controls and assigning to Risk-ids.
Working with Auditors and generating different reports, like generating
Firefighter log reports, risk violation reports.
Generating the Risk Analysis reports for the management
• Allow SAP lab to test on the server for new bug fixing.
• Creating all the support documents like SOPs.
• SAP Portal security Support
Technologies GRC 10.0, ECC6.0, BI 7.0, SRM, SAP EP 7.0
Tools GRC Access Controls 10.0,Remedy, HP Quality Center (QC)
Key 1) Completed configuration for GRC 10.0.
Achievements
2) Added all the systems in CUA.
3) Implemented Password Self Service (PSS).
4) Implemented User Access Review (UAR)
5) Implemented Fire Fighter workflow.
6) Completed SOD logic change in GRC.
Project 3– Security Consultant
Client and
Atmel - Security Support Team Size 2
Project Name
Start Date Mar 2014 End Date May 2014
The scope of this project included support of ECC 6.0 along with SCM, BI, and
Solution manager. That is, Security Consultant responsible for creation and
Description
modification of users through CUA, modification of roles in R3, SCM, BI,
Solution manager.
• Providing SAP Gatekeeper approvals for Security access requests.
• Doing SOD analysis at user level using Virsa compliance calibrator
• Creation and Maintenance of Roles, Profiles and User groups
• User ID management
• Authorization group maintenance for tables and Programs
•
Role & Maintenance of Authorization checks on Transaction code
• Maintenance of Authorization checks on Authorization objects
Contribution
• Troubleshooting Security issues
• Hands on Trace
• Hands on Transport of Security changes
• Creation of transport request and importing them in quality and
production using Solution Manager.
Technologies ECC6.0, BI 7.0
Tools SAP R/3, Service Now
Project 4– GRC Consultant (Version – 10.0)
Client and COE, L&T Infotech - GRC10.0 Implementation
Team Size 3
Project Name (PoC)
Start Date Jan 2014 End Date Mar 2014
CoE has a 4-tier landscape which includes Competency, Demo/PoC,
Description Special and Production. Installation of GRC 10 has been performed for the
PoC and training prospective.
• Perform Post Installation Activity
• Configuration of all modules of GRC Access control.
•
Role & Design workflow for Access requests approval, Firefighter Log review,
Business role Management, User access review, SOD review.
Contribution
• Modifying SOD Ruleset
• Implemented Password Self Service (PSS)
SAP NW 700, SAP GRC Access Control 10.0, Oracle 11
Technologies
Project 5– GRC (Version -5.3) Consultant
Client and
Chevron – GRC Managed Services Team Size 3
Project Name
Start Date Apr 2011 End Date Jun 2012
The Chevron needs to perform the User Access Review and Segregation of
Duty (SOD) review to comply with the SOX 404 compliance. This is conducted
Description through the SAP GRC Access Control 5.3 module. All these are facilitated by
integrating/configuring different components of GRC Access Control 5.3 -
RAR, CUP and ERM.
• Production support for ECC and GRC Access control.
• Generating the Risk Analysis reports for the management
• Working on UAR / SOD removing, generating and reassigning.
• Analysis of the SOD approvals and removals.
• SOD logic Change in GRC Environment.
• Integrating of different components of GRC Access Control RAR, ERM
and CUP
• Configuring the Real Time Agents RTA in the SAP and different backend
with Production Environments connected to the GRC Access Control
Environment
•
Role & Maintain and extend user authorization.
• Allow SAP lab to test on the server for new bug fixing.
Contribution
• User ID and access management.
• Support packages and Enhancement packages application.
• User authorizations including role creations & role assignments.
• Testing the whole application based on the different types of the user
involved who will be part of the UAR/SOD process
• Creating all the support documents like knowledge transfer, Operation and
Configuration.
• Generate the authorization data and role usage data from the backend
system to the GRC Access Control to create the SOD and UAR requests,
which is distributed among Supervisors.
Technologies ECC6.0, BI 7.0, SAP EP 7.0
Tools GRC Access Controls 5.3, SAP R/3, Remedy tool
Key Completed Support Pack activity and SOD logic change successfully before
Achievements UAR/ SOD Round
Project 6– Security Consultant
Client and
Chevron – System Integrity - Security Team Size 10
Project Name
Start Date Feb 2008 End Date Mar 2011
The scope of this project included support of ECC 6.0 along with HR and BI
7.0 in Strategic Business Units in chevron. That is, Security Consultant
Description
responsible for creation, modification of users and roles in R3, HR and BI
systems.
• SAP R/3,4.X,6.0 Security, HR Security and BI Security
7) Creation and Maintenance of Roles, Profiles and User groups
1) User ID management
2) Authorization group maintenance for tables and Programs
3) Maintenance of Authorization checks on Transaction code
4) Maintenance of Authorization checks on Authorization objects
5) Troubleshooting Security issues (Trace)
Role &
6) Hands on Transport of Security changes
Contribution
7) OSS ID creation and maintenance
8) Creation of transport request and importing them in staging and production.
8) Creation and maintenance of Timesheet Access
9) Creation and maintenance of Manager desktop Access
10) Creation and Maintenance of Analysis Authorization
• SAP Portal security Support
Technologies ECC6.0, BI 7.0, SAP EP 7.0
Tools SAP R/3, Remedy tool
Key
Actively involved in the system upgrade and different process improvements.
Achievements
Professional Training Attended:
• SAP BASIS
• SAP BI Security
• SAP GRC Access Controls
Achievements/ Awards
9) Received Spot award for GRC project Chevron – GRC MSS.
10) Received Client appreciation certificate from Viacom.
Education:
Bachelor’s Degree in Computer Science.
Contact this candidate