Security Management
Resume:
MANSOOR SIDDIQUI
[pic]+1-202-***-****
[pic] *************@*****.***
[pic] 7125 N Ames Ave, Kansas City, MO 64151
Personal Profile
Extensive and proven experience in SAP security, IT Auditing, Risk and
Compliance and Governance with major organizations and an exceptional
technical proficiency and astute application of Sarbanes-Oxley as well as
other audit directives. Performed various technology analysis and conduct
projected study to compare multi-possible solutions for the organizations.
Project management skills combine with demonstrated ability to develop and
implement technical solutions to meet critical business needs. Outstanding
leadership and interpersonal skills result in productive working
relationships and top performance among staff. Leadership, communication
and collaboration skills developed in a progressively responsible career as
well as International experience working in multi-national and high-tech
Corporations.
Technical Details
. ERP Technology & Business Applications
SAP R/3 (3.1, 4.0B, 4.5B, 4.6C and 6 Years
4.7Enterprise)
ECC 6.0 8 Years
MDM (Materials Data Management) 5 Years
CRM / SRM / SCM 6 Years
Business Object (BO) / Business 12 Years
Warehouse (BW) / Business
Intelligence (BI)
SAP GTS (Global Trade sphere) 2 Years
SAP GRC 5.2, 5.3, 10.0, 10.1) 8 Years
Governance, Risk and Compliance
AIS / AMS (Audit Information 10 Years
Systems / Audit Management System)
SAP Net weaver Business Client and 7 Years
Portal
SAP HANA - Hands on but no 2 Years
implementations
SAP c Folders - Data Management 4 Years
SAP Afaria - CRM Platform 2 Years
ACEVA 4 Years
IDM (SAP, Maxtel, Sun) 6 Years
Approva BizRights - Compliance 5 Years
SAP BASIS / SECURITY 14 Years
SAP ABAP - Inter / cross 4 Years
functional
. Platforms
Windows NT, Windows 2000, Windows 2003, Windows XP and UNIX, A+, Network+,
CCNA, C++
. Internet
ASP, XML, HTML, JAVA Script
. RDBMS
SQL Server 2000, Oracle - 8i, Sybase and DB2
. Other
SAP Retail Management Tool (GROC)
. Audit Tools
CAAT, IDEA, Smart Exporter, TeamMate
. Microsoft
Words, Works, Access, Excel, PowerPoint Presentation, Project, SharePoint
. Technical
Web Page Development (HTML)
. Management Courses
Business Management
Project Management
Cost Accounting
Sales and Distributions
Financial accounting
International Media and Development
Statistics
Key Skills and Trainings
[pic]
. Business Objects Administration & Security
BOE310
. GRC Access Control 10.0 GRC300
. Identity Management 7.1 TZNWIM
[pic]
. SAP Administration
. SAP Business Objects Overview
. IT Project Management Essentials - Introduction to IT
Project Management
. Transitioning from Technical Professional to Management
. The fundamentals of Globalization - The Global Context
[pic]
. Certified Risk Analyst (CRA )
[pic]
. Intermediate IT Audit School
ITG241
Industrial Experience
[pic](www.hallmark.com) Kansas City, MO, USA July 2014 - To
Date
Senior Technical Specialist
> Formulated detailed worldwide implementation plans and release strategies
for the Security changes according to the global release strategy.
> Worked extensively with business teams from Europe, China, Mexico, Brazil
and the US to design global and local roles based on job
responsibilities.
> Conducted business analysis and aggressive research to identify gaps and
fulfil them with the help of global tools to present to the higher
management.
> Perform global risk analysis to develop Mitigations and Controls to
eliminate possible financial losses.
> Worked with the business entities to develop a user role matrix and
Organizational chart.
> Created Standard Operating Procedures reflecting the approval flow and
policies for User Access management, Role Management and Transport
management.
> Actively support various projects with various business to identify and
analyse the need of various resources both technically and functional
needs, such as ABAP, Configuration and Integrators.
> Created custom roles for Solution Manager based on job duties and
activity within Solution Manager for basis, security and operations team.
> Synchronized the Single Sign-On mechanism with the Enterprise Active
Directory (LDAP).
> Worked on all the major go live activities (integration, upgrades,
support, SAP Notes) including Mass user creations and role assignment by
using Ecatt Scripts.
> Managed a team of four resources from off shore and provided direction on
resolving the tickets.
> Created a detailed Project Plan and Implementation Strategy for
implementing Analysis Authorizations.
> Gathered detailed requirements and user matrices for all Reporting areas
in order to determine the best possible approach.
> Worked with the various Business stakeholders and Audit teams in
identifying risks, mitigation controls and approval workflows in
consideration with current processes.
> Provided reports to the internal and external auditors and created custom
audit roles based on audit needs.
> Created documentation and trained the audit team and off-shore support
security team in all aspects of the GRC Suite to provide for a seamless
transition.
> Configured Access Enforcer and defined the user access request process.
> Configured main, forked and parallel workflows and identified escape
routes for approval process.
> Defined custom attributes, workflow paths, initiators, stages for complex
site based scenarios.
> Configured Owners, Controllers and security setup along with various
configuration parameters in Firefighter.
> Configured Firefighter background jobs for running in hourly to ensure
the controllers get the Login Notification and Log Reports.
> Cleaned up SOD conflicts for one client by separating conflicting info
types, Timesheet entry & payroll access, restricting PA20 and other
access.
> Involved in mentoring and knowledge transfer on Security subordinates,
business and stakeholders.
o Major Achievements and completed projects:
> Security design and technical support for Hallmark Legacy systems
inventory conersion including financial postings.
> Customer integration project for Accounts Receivables, Vendor pricing and
Sales and Distribution.
> Design logical security for divisional payment advices as well as credit
postings for customers.
> Manage CRM integration project as well as integration of mobile
infrastructure for customer mobile devices ordering system.
> Manage auto provisioning for global customer creation adopting position
based security.
[pic] (www.ingredion.com) Westchester, IL, USA Feb 2014 -
July 2014
Senior Systems (IT) Auditor - SME SAP Security/GRC
> Evaluate SAP Security landscape for global implementations including
technical evaluation and SOD's issue.
> Played advisory role to improve SAP Security standards and GRC
requirements.
> Provided expertise for SAP Security and GRC upgrade and implementation
standards.
> Performed and generate SAP transactional level data for Roles and Users
to ensure compliance issues.
> Coordinated SOX IT Testing with Business Units and IT department and
liaised with external auditors to communicate status and address findings
during SOX audits.
> Administered continuous audits, evaluating the operating effectiveness of
controls leading to increased assurance of controls in place and reduced
risks.
> Performed risk assessment, general controls oversight and review to
ensure compliance with SOX regulations and standards.
> Utilized risk assessment methodology to assist in establishing the annual
audit plan for areas of core competency.
> Performed analysis of Systems Development Life Cycle (SDLC) and evaluates
risk in the design, testing and QA phases of Software Implementation and
Upgrades.
> Prepared audit scopes, reported findings, presented recommendations and
coordinated with various departments to create remediation plans for
deficiencies found during audit.
> Prepare and publish written IT audit results to senior management.
> Developed audit presentations, and prepared professional, clear and
concise reports of findings.
> Assisted business process owners with documentation of new and changed
processes on an ongoing basis.
> Identified risks and related controls for new, changed and existing
processes.
> Advisory service towards the implementations of various ERP Modules in
terms of risks associated, SOD issues, best practices, change control and
business and financial impacts in combination of various transactional,
technical and functional aspects.
> Performed initial level data analysis utilizing MS Excel VLOOKUP
functionalities.
> Audits performed: ITGC for various regions ERP systems for the
organization, SAP Vendor Master (MM, FI, CO) and Customer Master (SD),
SAP Security, Post SAP Implementations, SOX Testing with KPMG on ITGC
refinement.
[pic] (www.kaust.edu.sa) Jeddah, Saudi Arabia Jan 2013 -
Feb 2014
Associate IT Auditor - SME SAP
> Managed engagements to scope, facilitate, and perform procedures to
prepare clients for external IT audits and compliance with the Internal
Information Security Policies (ISP) by overseeing the performance of risk
analyses, documenting control gaps, developing action plans to address
control gaps, and designing and executing test procedures based on the IT
Audit framework.
> Managed multiple audits over the testing of IT General and Application
controls in support of external IT, Financial and Operations audit
engagements. Audit projects include those requiring compliance with SOX
utilizing UNIX, SAP, Oracle, and Microsoft / Windows environments.
> Participated in SAP Transaction Code testing to perform security testing
of segregation of duties to assist the organization in improving their
user management, authentication management, authorization management,
access management, and provisioning capabilities.
> Performed consulting for business in establishing IT compliance solutions
based on company policies and standards, industry best practices,
industry standards, and regulatory requirements.
> Assist in determining the overall direction and focus other audit
engagements to which assigned.
> Prepares scope of audit and audit programs/procedures for own audit
engagements or, as appropriate, for areas assigned.
> Perform walk through with process owners, vendors, and consultants to
assess the design and operating effectiveness of KAUST IT controls.
> Analyse data from SAP and other application databases utilizing computer
assisted audit techniques (CAATs).
> Execute SAP audit and controls assessment projects to validate compliance
with business policies and controls as well as design and perform
advisory service to establish SOD controls and align the processes to
implement GRC 10.0 and Access Management.
> Perform testing to conduct an Audit on various SAP modules, such as
Basis, MM/ SD (Vendor Management), FI/CO (Customer Master) and Resources
Derivation utilizing the SAP HCM and non-SAP Solutions.
> Areas audited include Windows OS, Exchange Servers, Virtual Servers
(Hypervisors), UNIX, SAP ABAP, SAP Security, SAP GRC, SAP IDM, Project
Management Methodologies and Windows based software.
> Perform fieldwork, works with non-IT audit resources to execute
integrated audits of key business areas and fundamental KAUST information
systems.
> Use company and audit software to analyse data, set audit scopes and
complete test work.
> Communicate audit findings in meetings and formal reports.
[pic](www.kaust.edu.sa) Jeddah, Saudi Arabia Aug 2011 - Dec
2012
SAP Technical Specialist - Lead
> Bring all Systems under one team and one area of responsibility.
> Develop and ensure a simple and consistent approach to user
administration.
> Involved in SAP GRC 10.0 implementation for KAUST.
> Design and developed the strategies for SOD and Security Matrix for the
implementation of GRC.
> Use of SAP GRC Access Control tools across the SAP landscape.
> Help facilitate and provide necessary information and support to external
and internal auditors.
> SAP License administration ensuring licenses are correctly assigned.
> Gives direction to any Projects regarding Security, Roles &
Authorizations.
> Engages and supports, as applicable, future IT/Business projects and
initiatives.
> Manages the Authorisations Helpdesk queue, ensuring all authorisation
issues are addressed and resolved in a timely manner.
> Primary point of contact for escalated SAP security incidents.
> Responsible for periodic review of all security policies, standards and
guidelines to ensure they remain accurate and current.
> Participate in the SAP system development lifecycle to ensure that
security concerns are addressed
> Monitor compliance with the information security policies, processes and
procedures (SAP and non-SAP).
> Leads the SAP Security consultants offshore as well as onsite.
> Identifies, recommends and promotes appropriate internal and external
best practice across the SAP systems.
> To oversee design of SAP Security Solutions, ensuring their long-term
stability and suitability into the KAUST environment.
> Consider impact on security when SAP Support Packages and Hot Fixes are
being implemented and coordinate/complete security and authorisation
testing as applicable.
> Integrate additional security-based initiatives into the already Live SAP
environments without disruption to the business user.
> Contribute to the SAP Change Control process where applicable.
> Ensure that Customers (business) needs are balanced against the long-term
strategic vision of KAUST.
> Implemented and setup SAP Audit Information Systems (AIS) for Internal
Auditors.
> Ensure correct controls in place for the business and ensuring
IT/Business users all abide by the correct SAP Security standards and are
all SOD Compliant.
[pic](www.kaust.edu.sa) Jeddah, Saudi Arabia March 2009 -
July 2011
SAP Technical Analyst-Lead
> Analysed and design of SAP Module specific roles.
> Co-ordinate comprehensive testing of all profiles and authorizations to
ensure accuracy and segregation of duties.
> Designed a comprehensive security Matrix that documented the security
design and controlled the user requests in the production environment.
> Developed, maintained and controlled the access of the project team
members in the all environments.
> Work closely with the implementations of various modules and applications
such as MM, SCM, SRM, PM, PS, RE, IDM, BI, SLCM, SEM, FI, CO, Treasury,
AIS, PI, and SLcM (Student Lifecycle Management).
> Perform user management and role management on daily basis as per the
standards.
> Provide assistance to Team Lead on various occasions in terms of employee
development, planning of implementation, support requirements,
rephrasing, etc.
> Provide training sessions to Audit and IT Security.
> Managed other individuals who are part of team, such as BASIS, IDM, GIS,
ABAP, etc.
> Worked on configuration controls for Access Control (GRC) in
collaboration with business process owners and Business Analysts. Conduct
various sessions for establishing policies of Audit, Infrastructure, and
HR.
> Create standard naming standards for user and role creation.
> Designed the IT controls with main focus of eliminating redundancy in
quarterly assessments. Saved millions in this regard.
> Assisted in preparation of IT security standards / procedures to comply
with control criteria that included daily monitoring and escalation of
exception / closures.
> Guided and trained IS teams in preparation for performing 'assessment and
review of IT General controls Documentation' in IT Processes that
included determination of Scoping and Planning, Risk Assessment
Framework, Infrastructure areas like Change management, Problem
management, IS processing, Network, Operating systems and Databases.
> Developed proactive plans to manage open issues, avoid known issues in
the mitigation process. Provide guidelines to contractors and colleagues
to perform various tasks.
> Introduced KAUST Connect with renewed password policies and procedures.
> Review and analyse the effectiveness and efficiency of existing systems
and develop strategies for improving or further leveraging these systems.
> Managed and implement IDM application implemented with SAP EP and AD
which includes self-service for employees, SSO, reset and unlock account
capabilities, users account provisioning and roles provisioning with
detailed approval workflow.
[pic] (www.commscope.com) Joliet, IL, USA Oct 2005 - March
2009
Former Andrew Corporation
Applications Security Analyst
> SAP 4.6C and 4.7 - Security Administration, BW 3.5, CRM 5.0
> Studied the Organization structure, jobs, custom transactions, roles and
the SOD matrix for the Security developed in SAP.
> Used extensively in-house developed tools & SAP tools (MDM, ACEVA, and
APPROVA BIZ RIGHTS) for analysing SOD conflict, T-code assignment to
roles and roles assignments to users.
> Working closely with Audit team for user-role conflict removal in SAP R/3
and SAPBW (Especially in FI/CO and MM Purchasing conflicts).
> Work with profile generator (PFCG) in creating roles, profiles, composite
roles, derived roles, and global roles.
> User Administration for more than 12,000 users.
> Creating new users and maintaining users on day to-day basis (Single
roles, Composite roles (jobs) and Derived roles).
> User master maintenance through Central User Administration.
> Use CATT script for mass user creation and mass roles creation for global
implementations as a team lead for security.
> Supported audit team for generating audit reports (SM18, SM19, SM20/SM21)
y using security Audit Logs.
> Worked with process experts, head of departments, and engineers for SOD
conflicts.
> Perform UNIT testing on created roles.
> Used Derived activity groups to create new activity groups and to
transfer transaction codes from old ones to new ones.
> Effectively analysed trace files (ST01) and tracked missed authorizations
for users access problems and inserted missing authorizations and objects
manually
> Transported the generated roles and profiles using SAP transport
management system (ST01).
> Created users and maintained user master and established security
policies and procedures.
> Lead several in house projects such as MDM, ACEVA, Company
implementations, Mini SAP Upgrades and provide several tasks for post go
live support.
> Worked on a remedy ticket system as per Audit purpose for any
authorizations issues and user management issues.
> Work closely with HR security as time management roles, payroll and ESS.
Maintain objects and authorizations as per implementation requirement for
personnel area, plan version or company org levels.
> Also help implementing GTS system to manage the government trade sphere
system.
> Ran and manage several projects as internal and external conflicts of
FI/CO, Government Cost Accounting System and Cost Centres security to
prevent access reporting.
> Supports Business Objects (ver. 2.0 and 3.0)
> Custom Configuration for Approva Biz Rights.
> Support and implemented SAP GRC 5.3
> Configure SAP GRC to define Risks, Functions and Actions.
> Create process documents for the future support for SAP GRC. Modify risks
and identify controls to mitigated roles and users.
[pic] (www.sglgroup.com) RTP, NC, USA Oct 2003 - Oct
2005
SAP Security Administrator
> Extensive use of Profile Generator using PFCG.
> Developed fire fight roles for Production Support users to access the SAP
transactions that would have otherwise cause Separation of Duty (SOD)
violations.
> Implementation of SOD audit recommendations by removing the SOD violating
transactions from roles.
> Assist users with access problems and questions using SUIM and SU53.
> Developed firefight roles for Production Support users to access the SAP
transactions that would have otherwise cause Separation of Duty (SOD)
violation.
> Implementation of SOD audit recommendations by removing the SOD violating
transactions from roles.
> Created CATT Scripts for various activities such as creating mass users,
deleting mass users, renaming users etc.
> Writing SCAT scripts for mass changes in the system.
> Review critical and sensitive authorizations, implement improvements to
meet audit requirements.
> Post Go Live support to resolve all security-related issues.
> Implementation of compensating controls for critical roles.
> Transported user profiles to QA and Production and Assignment of profiles
to the users in the Basis, security, technical, functional and production
support roles.
> Tested technical, functional and production support roles with a list of
SAP transactions corresponding to these roles.
> Worked on bugs fixing and troubleshooting of access of SAP transactions.
> Analyzed user SU53 outputs and corrected security deficiencies.
> Separated regional roles based on their own Sales Organizations, Company
codes, Purchasing Organizations, Warehouses, and Plants and their own
unique access to certain SAP transactions.
> Created test users in Development and Quality Assurance environments.
> Created transports for mass transports of roles.
> Setting of HR security authorization objects for structural
authorizations based on Info Type and allowed functions / activities
(e.g. Help Desk staff were only allowed to display structural
assignments, not change users assigned to positions, etc.)
> Created CATT scripts for HR related data entry.
> Created and maintained activity groups and custom authorization objects.
> Implemented Info object level BW security and created BW security.
> Authorizations using RSSM transaction.
> Developed workbook security.
> Created roles for restricting access to queries, workbooks, info cubes
etc.
> Involved in testing of the roles along with the BW team members.
> Troubleshoot authorizations related problems using RSSMTRACE / RSSM.
> Solve various solutions in SAP R/3 environment.
> Used Excel and Access for the implementing a solutions of security
environment
> Create detailed functional and technical designs that meet both user
requirements and internal documents procedures.
[pic] (Interstate Brands Corporation) Fairfax, VA, USA Feb 2002 -
Sep 2003
SAP Security Administrator
> SAP 4.6C and 4.7 - Security Administration.
> Studied the Organization structure, Jobs, roles and developed role matrix
for security mapping.
> Creating roles using Automatic Profile Generator.
> User Administration for more than 15,000 users.
> Supported users for the security issues in all functional modules.
> Supported Audit team for SAP Security Audit.
> Creating and maintaining user authorization, roles and profiles for SAP
R/3.
> Used Transport Management System (TMS) for Transporting of Roles.
> Performing routine check for Security related issues and trouble
shooting.
> Created and modified Single roles, Composite roles and derived roles.
> User master maintenance - creating users, deleting users, and renaming
users.
> Used scripts for generating user profile reports.
> Worked with process experts on Segregation of Duties (SOD) issues.
> Revamped existing activity groups to make them compliant with SOD.
> Created new activity groups as per Segregation of Duties requirements.
> Interacted and had discussions with all levels of users for defining and
developing user roles.
> Developed procedure manual for the Security of the system, database, user
authorizations, backup & recovery.
> Extensively used Ms-Access and Ms-Excel for creating role matrix and Ms-
PowerPoint for presentations to the users.
> Conversant with all security related tables in SAP.
> Worked closely with Audit team for SAP Security Audit and generated Audit
Information Systems logs.
Education
* Bachelor Of Commerce University of Karachi, Pakistan 1994-
1997
References
Available upon request.[pic][pic][pic]
Contact this candidate