RAIS AHMED
SAP SECURITY CONSULTANT
SUMMARY
• Security Consultant with over nine plus years of SAP functional and technical support experience. His experience includes creating user accounts, creating test ID’s, troubleshooting issues for end user support, audit analysis, role redesigns, role design documentation.
• He has implemented and supported SAP application security for multiple deployments. These implementations cover various industries covering many government regulations in areas including public sector, consumer products and construction.
• Expert experience in developing and configuring security roles using profile Generator tool, maintained project documentation outlining security setup of roles and composite roles, and worked with project teams to complete unit testing for many successful deployments including 2 upgrades.
• Experience including working in SAP ERP R/3 3.1H through ECC 6.0, CRM, BW 3.0 to BI 7.4, HR, SRM and GRC. Rais is a team player with leadership abilities who has successfully built excellent working relationships with clients, coworkers, managers and senior executives.
TECHNICAL
• Implement IT risk management controls as well as authorizations in SAP application landscape.
• Highly proficient with the profile generator, central user administration (CUA), security debugging along with classic SAP security administration.
• Experience in analyzing SAP security requirements, design and configuration of mySAP Business Suite solutions across the full SAP Implementation life cycle. Troubleshoot security related issues using SU53, SUIM, ST01, ST03 and ST22.
• Updating transactions via SU24 (managing authorization objects) and SU25.
• Working knowledge of SAP GRC tools (RAR, CUP, SPM) and segregation of duties (SOD) or management of system roles.
• Experience in SAP Netweaver and IBM Tivoli Identity Management.
• Expertise in SAP Security administration in ERP modules of BW/BI, CRM, HR and SRM, and developing high level security designs in SAP, Working closely with the business teams to meet the requirements of their functional areas.
• Good Knowledge of SAP Security administration of BI, BW, CRM, HR, SRM and GRC (Risk Management, Access Control and Process Control).
• Strong in troubleshooting, performance tuning and developing security polices in R/3 ECC 6.0, identifying and resolving segregation of duties and SOX compliance issues.
• Strong experience in Go-Live and Post Implementation support.
• Upgrade projects from R3 3.1I to 4.6C, R/3 4.6C to ECC 6.0 and BW 3.0B to BI 7.4.
• ERP Skills – SAP ECC (6.0), BW (2.0B and 3.0B) CRM, HR, SRM and GRC (Access Control)
• Software – SAP, Internet Explorer, Netscape, Virsa VRAT & VFAT, Oracle 9i & 10g, MS Word/Excel/Access/PowerPoint/Project, Word Perfect, MS Outlook, Tivoli Service Desk
EDUCATION
University of Mumbai
BS in Information System (1992)
EXPERIENCE/PROJECT WORK
Tate & Lyle, Decatur, IL
Role(s): SAP Security Consultant Mar 2012 – Present
Project Description/Scope: SAP security production support project included development, maintenance and enhancement of SAP system from a functional and technical standpoint of user security roles and heritage authorization profiles. Main scope of the project was to act as internal consultants, providing technical guidance or business process expertise on the most complex Security and Roles requirements – Building new role, end-user administration, provide support during GO-LIVE and work to identify user requirements, assess available technologies, recommended solutions related to those requirements.
Responsibilities:
• Accountable for SAP roles development, security administration and security monitoring.
• Identified root SAP authorization issues using SU53 and implemented solutions to security or access problems.
• Provide technical guidance or business process expertise on the most complex security and role requirements.
• Worked closely with all the BW, BI, HR and other IT Functional and technical groups to determine authorization objects and their values.
• Provided operational support of production SAP Security incidents.
• Supported Go-Live and SAP implementations for more than 9 locations globally.
• Worked with internal Auditing Department and external auditors to research audit issues, requests, and problems as needed. Provided support and assistance for all SOX compliance issues.
• Involved in different projects, based on customer’s requirement.
• Worked with IBM Tivoli Identify Management for user access provisioning.
SAP CRM: Version 4 - 7.x
• Developed and implemented processes, procedure and implemented integration of CRM Solutions.
• Act as a lead of resources of the corporate CRM application, including gathering design and data requirements for data capture, dashboard setups and reports.
• Served as a lead resource for integrating PeopleSoft CRM Enterprises Help Desk 9.1 as integrated with PeopleSoft HCM 9.1
• Request and document changes using People Code/Application Classes and Integration Brokers
• Manage application customization and modification for system data capture fields, reports and dashboards.
• Developed and provided ongoing system audit procedures to ensure adherence to correct end-user procedures and guidelines.
• Ensure proper user security is setup, checked and maintained all the users.
• Provide first and second level support and acted as a primary contact for all CRM issues.
• Involved in administrating and configuring CRM application working with workflows, page layouts, users profile, roles, security access, data validation, upgrade/installation and reports/dashboards.
• Involved in 2 full system lifecycles (Design, Development, System Test, QA, Implementation and Maintenance)
Achievements:
• Contributed to more than 30 percent of the overall work of the team on daily basis.
• Development of custom SAP Authorization and profiles for security of enhancement, bolt-ons and users exits.
• Supported more than 38000 end users and 25 SAP client systems in this production support project.
Sloan INC, Franklin, IL
Role: SAP Security Consultant Feb 2011 – Jan 2012
Responsibilities:
• Gathering design information from team members to develop end user production master, derived and composite role, including organizational level information and sensitive field values.
• Building master, derived and composite role for end user production access.
• Creating test IDs and documentation for unit testing of end user production roles. Verifying testing of the roles and modifying roles accordingly.
• Creating users and configure SPM configuration table.
• Super user roles assign to the users for emergency access, monitored and audited their activities.
• Used RAR to easily execute, create, maintain and manage risks use to generate rules.
• Used RAR to apply controls to mitigate any risks associated with a user Role or a Profile.
• Assign Firefighter IDs to users in emergency situations when required.
• Working on SOX compliance and considering Segregation of Duties from audit perspective, working on reducing Role and User level violations report by applying Mitigation control if required in GRC system.
• Working on Compliance User Provisioning (CUP).
• Working with Controls Team to resolve SOD conflicts and issues around sensitive transaction codes.
• Working with OCM Team and Business Team Leads to gather end user access requirements for production system.
• Coordinating with Business Team Leads to gain approval of role design and end user requirements for production systems.
• Involved in weekly Project Status meetings to update security development progress.
Achievements:
• Identifying risks with current production roles.
• Working on proposal for complete role-design and establishing SAP Best Practices guidelines for role maintenance going forward.
• Successful go-live for merchandise and pricing of approximately 600 end users.
Kraft Foods, Glenview, IL
Role: SAP Security Consultant Apr 2009 – Jan 2011
Responsibilities:
• Resolved security issues received for project support including, user provisioning and role change in ECC 6.0.
• Handling end user day to day BW/BI security support.
• Maintenance of info object using RSD1.
• Working on RESECADMIN – Analysis Authorization.
• Working on creating roles in BW/BI system.
• Working on BW/BI tables.
• Working on adding workbooks to roles based on business requirement.
• Providing authorization for info objects.
• Troubleshooting Missing Authorizations.
• Changes to analysis authorizations and roles during UAT testing in BI.
Kiewit Engineering, Omaha, NE
Role: SAP Security Consultant Aug 2007 – Mar 2009
Responsibilities:
• Created project plan for security portion of upgrade project from 4.7 to ECC 6.0.
• Completing tasks for upgrade project: review of production roles new authorization objects and new or obsolete transaction codes, standard security clean-up of production users. Oversee unit testing of production roles by business team, testing of GRC, and maintaining team member’s access.
• Running LSMW scripts for bulk user creation and modifications.
• Pulling reports and analyzing issues using SUIM.
• Clean-up of quarterly audit issue, such as removal of SAP_ALL from the end user accounts, working with business teams and developers to add authority checks to customs transaction codes, eliminating issues in roles because of sensitive IT authorization objects, and review of batch sessions to identify specific security requirements.
• Create weekly FireFighter reports to gather information from users for procedure compliance.
• Worked in a team to gather information from RBE and team members to design Basis, support staff, and FireFighter master, derived and composite roles.
• Presented roles change proposals for audit findings for segregation of duties and SOX compliance.
• Helped develop procedures and reports around security tasks, annual review processes and FireFighter administration.
Achievements:
• Elimination of audit issues on time for scope of project.
• Reduced the number of FireFighter users and the usage of the existing users.
AG Technologies, Noida, India
Role: SAP Security Consultant May 2006 – July 2007
Responsibilities:
• Participated in the development of the project plan and statement of work for the implementation of ECC 6.0 (including CRM and HR), BW/BI 3.5 (BCS).
• Assisted with Controls Team to install and implement GRC components (Risk Management, Access Control and Process Control) including portal connections and authorizations.
• Gathered design information from project team members to develop end user production master roles and composite roles, including organizational level information and sensitive field values.
• Built master roles, derived roles and composite roles for end user production access.
• Create test IDs and documentation for unit testing of all end user production roles. Oversaw testing of the roles and modified roles accordingly.
• Worked with Controls Team to develop SOD matrix. Utilized SOD ABAP tool to analyze master and composite roles, and users for conflicts. Worked with Business Teams to alter access or create mitigating controls.
• Coordinated with Controls Team with Virsa implementation to develop workbooks. Utilized workbooks to run SOD analysis on all production roles and end user accounts prior to go-live.
• Updated security/controls project plan and status reports throughout project.
• Create templates for test documentation and role configuration design used in the project deliverables.
• Worked with Change Management and Training Team and the Controls Team to gather end user access requirements for production system.
• Managed three R10 (India) resources and various shadow resources to complete role design for ECC, BW/BI, CRM and HR.
• Coordinated with Business Team Leads to gain approval of role design and end user requirements for production systems.
• Worked on HR authorizations, assigning info types to roles.
• Worked on PA20, PA30 transaction.
• Worked on PPOMA_CRM and PP01. Restricting and maintaining authorization in interaction center.
• Web UI Authorization assignment and troubleshooting missing authorizations.
• Coordinated with client’s third party IT Support Team throughout project for knowledge transfer and development of IT support roles for production systems.
• Completed assessment of clients SAP Security environment, including role development, security parameter settings, policies and procedures, organization structure, end user maintenance, and use of Virsa for segregation of duties and Sarbanes-Oxlay issues.
• Involved in weekly Project Status meetings to update security development progress.
• Worked with Controls Team to secure project team access accordance to General Computer Controls.
Achievements:
• Was able to catch high risk issues prior to go-live and have them cleaned up before risks were available in the production system.
• BI upgrade completed on time.
• Upgrade work for ECC 6.0 and installation of GRC documented and passed over to client.
• Successful go-lives of all systems.
Kaar Technologies, Chennai, India
Role: SAP Security Consultant Apr 2005 – May 2006
Responsibilities:
• Creating, changing, deleting, locking/unlocking and password resetting of Dialog type users.
• Assigning Authorizations to users, using profile generator based on user request. Configured profile generator.
• Worked on profile generator in creating single, composite and derived roles and profile implementing SOX standards.
• Supported users for security issues in all functional modules.
• Worked with CUA (Central User Administration to process the request such as creation of new users, deletion and lock/unlock.
• Maintenance of User Master Records, Profiles, Authorizations, Role Creation, Testing and Implementation.
• Created User Groups for easy administration & maintenance. Mass maintenance of users like assigning roles to mass users.
• Changed existing roles, removed transaction to resolve critical access and SOD conflicts in System.
• Worked on Central User Administration (CUA) to manage multiple systems/clients.
• Troubleshooting missing authorizations, assigning missing authorizations to the users.
• Analyzing user information system using SUIM transaction. Generating reports and security tables.
• Performed user comparison in PFCG.
• Performed transportation of newly created/modified roles.
• Analyzing missing authorizations based on screenshot sent by the user.
• Optimizing the authorization checks by utilizing the SU53 and system traces (ST01)
• Locking and changing the validity date for the expired users
• Working with tables like AGR* and USR*.
• Analyzing and solving the missing authorizations and day-to-day security issues that are being raised by the users.
• Authorization checks using transaction SU24 and maintained check indicators for transaction codes.
• Assigning additional roles to the existing users based upon the request.
• Created base roles and company specific roles based upon request
• Evaluated production sensitive transaction list to include IMG transactions.
• Evaluated SOX configurable controls document to include specific SAP transactions.
• Reviewed IT specific controls with Change Management Team for their SAP 4.6C system.
Achievements:
• Reduction of outstanding help desk tickets.
• Successful go-live of new roles.
• Was able to catch high risk issues to Go-live and have them cleaned up before risks were available in the production system.