Security Sap
Resume:
FERNANDO ROMERO
**** ****** **, ************, ** 46240 - 317-***-**** - ********.********@*****.***
SAP SECURITY CONSULTANT
** ***** ** ** ********** in Network Security Administration and Application Security projects with 10 years involved in evaluating, designing, and developing SAP Security Architecture and user provisioning.
KEY SKILLS
Security planning for all SAP modules.
User Administration, User Reconciliation, role design and Custom Authorization Checks over SAP Netweaver, ECC, SRM and CRM
SAP GRC Access Control 5.3, GRC 10.0 and 10.1
Enterprise Portal for User and Content administration
SAP BW Security and SAP BI analysis authorization concept
SAP BO BI and BPC authorization concept
HCM security model
Identity Management IDM 7.1 and 7.0.
PLM authorization concept
Active Directory Services for network user administration
Solution Manager for Transport Management and Request for Changes
CATT scripts for massive user changes
SAP Success Factors RBP security authorization concept
SAP FIORI application security and user administration
Privileges, Catalog role & Repository role authorization concept for SAP HANA
PROFESSIONAL EXPERIENCE
Gyansys Inc, Carmel, IN Jul 2015 – Feb 2017
SAP Security Consultant
Assigned as Subject Matter Expert to support projects in the following 3 organizations:
Roche Diagnostics, Indianapolis, IN
Validated and incorporated an SAP system into Roche SAP Internal Security Standards.
Completed SAP role clean-up and created new roles for DMS/EHS business areas. Used GRC 10.1 for risk analysis and remediation and Emergency Access Management for firefighter access.
CITRIX, Fort Lauderdale, FL
Provided daily support to business users including role changes, role access, user creation, user provisioning, password resets through ticketing system to ECC, BI & CRM for the global organization. Used GRC Access Control 10.1 for Role Access Management and Risk Analysis.
Allison Transmission, Indianapolis, IN
Adjusted composite role redesign for Finance business job roles.
Contributed in role redesign and testing for new Payroll authorization concept.
Redesigned a new authorization concept for HCM Department.
Cleaned up report access through enabler roles for new restriction access on HCM.
Helped during daily support to business project users for test user access. Used Approva for GRC Risk analysis, role assignment and Firefighter accounts.
Capital Group, Irvine, Ca Jun 2014 – Apr 2015
SAP Security Administrator
Supported the Financial Systems Transformation (FST) Project for business user access and test scenarios in non- prod systems and during Global APD Cutover plan.
Enabled daily operations to business users for SAP BW, BOBI, BPC, ECC, SolMan & HCM landscape.
Remodeled reporting roles in SAP BI and defined BPC teams, task profiles, data access profiles for Reporting users.
Administered user access and provisioning in Portal systems for ECC and BI environments.
Implemented monthly report consolidation load to SAP platform for BOBI/BPC team.
Used GRC AC 10.0 for risk analysis and Emergency Access for firefighter accounts.
Johnson Controls, Glendale, WI Mar 2013 – Dec 2013
SAP Security Consultant
Supported the user access and role tests during integration and regression phases during production migration for SPS Project -Upgrade and migration of Production ECC Enhancement Support Pack.
Supported the Dolphin project for the integration of Cofax app with SAP prod system.
Designed the Security for the NWBC PLM environment including PLM roles over NWBC.
Collaborated on the EAD projects for the SAP platform globally through Help support and Remedy tickets.
Worked as a main security architect for Internal Auditing adjustments for preparation of 2014 audit and completed the External Auditing Project for ECC & BI environments.
Utilized GRC Access Control 10.0 for conflict risks on user and Role level as part of role configuration or user provisioning in production.
Shire Pharmaceuticals, Wayne, PA May 2012 – Nov 2012
SAP Security Consultant
Helped during the upgrade of SAP GRC Access Control 10.0 and adjusted the new generated risks with business managers and role owners.
Defined report roles based on analysis authorizations and assigned users with new security authorization concept during Upgrade and migration of BW system to BI 7.3.
Adapted the new authorization concept during the upgrade of SRM system and migration by providing access support to current users and provisioned new users.
Supported Role Test phase of SRM upgrade project.
Created new roles for HCM and APO during upgrade and supported role testing phase.
Supported the user provisioning through Help Desk Support and Remedy tickets for Shire global SAP environment.
Bayer CropScience, Raleigh, NC May 2010 – Mar2012
SAP Security Consultant
Commissioned to constant improvement of SAP authorization administration by cleaning up unused roles, updating roles with new transactions and assigning and removing access to users on the SAP Global landscape including ECC, BW, APO, Solution Manager, CRM and SCM.
Created 155 new roles updating Org. values on child roles and assigned roles to users during Athenix project.
Changed Naming convention of 46 existing roles, and added new tcodes to 24 roles based on new authorization concept.
Implemented Dart roles for NAFTA users and QA Management Approver of Change Management Tool test cases to comply with Standard of Procedures (SOP) during Dart Project: Data Retention tool.
Supported BW team with BW role assignment and RAVTC updates to users.
Coca Cola Enterprises, Atlanta Feb 2010 – Apr 2010
SAP IDM Consultant
Participated as a liaison between the SQL development team and IDM support team.
Worked with SAP Identity Management 7.1 to handle authorizations to employees, new positions in the organization, and de-provisioned inactive users. Monitored privileges that control access to tabs in the IDM portal associated with the correct roles currently assigned to users.
Created Business Object users in the SAP environment. These IDs contained validity, role and printer settings and communication date like telephone number, fax and email address.
Balchem Corp, New Jersey Aug 2009 – Jan 2010
SAP Security Consultant
Utilized GRC Access Control 5.3 for SOX and SoD clean up in all SAP platforms and analysis of the possible security problems in pre-implementation GRC process.
Participated in defining the implementation strategy for RAR.
Assisted in defining risks, security roles, and mitigating controls on GRC AC.
Resolved critical & sensitive authorizations, implemented improvements to meet audit requirements
Empresas Polar (Polar Enterprises), Caracas, Venezuela May 2009 – Jun 2009
Security Administrator
Administered users for ECC 6.0 platform through CUA and Active Directory Services user permissions for the Global organization.
Created, changed user access based on help desk support tickets through HP OpenView.
Provisioned and deprovisioned network and SAP users in Active Directory Services and SAP SRM and ECC.
Wyeth Pharmaceuticals, Guaynabo, Puerto Rico Nov 2008 – Mar 2009
Senior Security Consultant
Opened SAP GRC 5.2 extensively for handling SOD conflicts. Worked with GRC EUP to define all Firefighter IDs with owners/approvers. Mapped Fighter IDs to users and configured various options to include tracking of Successful/unsuccessful sign on of approved users during Fire Fighter mode of operation.
Worked with SAP GRC RAR to produce Role Definition and change history reports for Internal/External Auditors. Handled the comparison of Role definition with actual Roles created by PFCG to ensure integrity using Role Expert.
Reichhold, Inc. Durham, NC Jul 08 – Sep 2008
Senior Security Analyst/Admin
Supported the Security Team with best practices on post-upgrade activities related to authorizations assignments to users from SAP R/3 4.6C to ECC by using the upgrade tool tcode SU25 and Authorization checks.
Closely worked with the Functional, Basis and ABAP Staff for the implementation of special business modifications and SAP enhancements as part of upgrade to ECC.
Monitored user and management activity, error, and other exception reports to ensure security is being maintained consistent with the Information Security Policies and Procedures.
Assisted in identifying gaps in security administration processes and procedures as well as areas for improvement, optimization and automation during upgrade.
Teamed as a liaison between the R/3 Development Team, Basis and Security Team.
Honeywell, Minneapolis MN Oct 2007 to Jun 2008
Senior Security Analyst/Admin
Participated in analyzing, and writing security related standard procedures for the new Composite role concept and User Master Records.
Designed and maintained user authorizations in single, composite and derived roles including critical & sensitive authorizations and organizational levels.
Implemented improvements to meet audit requirements for CRM systems due to different user groups with access to CRM data. Internal employees were assigned roles for the internal CRM system, and external partners were provided access to CRM data via portal.
Handled SAP and OSS ID administration. Provided developer’s key and opened service connection.
Configured users in Enterprise Portal with Single sign on functionality, exchange role information with ABAP based systems, uploading SAP Roles into the SAP Enterprise portal.
Phillips Medical Systems, Seattle, WA Aug 2007 to Oct 07
Senior Security Analyst/Admin
First contact for the Security Team between Seattle and Eindhoven, Netherlands as part of the test and validation phase of new role assignment. Supported Live security for the entire SAP Landscape. Responsibilities included Controlling Access to Restricted Transactions, daily security checks, monitoring unsuccessful logons, monitoring inactive users and locking inactive users in non-prod systems.
Komatsu America, Chicago Illinois Feb 07 to July 07
SAP Security Consultant
Designed and provided the SAP R/3 security support for SAP R/3 4.6c. Generated role matrixes and created end users as per the Organizational Structure.
Modified and assigned roles for CRM, APO, SEM, SRM components in DEV and QA systems.
DHL Express, Plantation, FL Aug 06 to Jan 07
SAP Security Consultant
Lead Security changes and recommendations as per PWC Security Audit for SOX Compliance on HCM system.
Designed HR roles and went through complete phase from designing the roles, supporting unit and integration testing support. Secured the roles by Personnel area and Employee subgroup. Implemented security for ESS, Benefits, Time, Training & Events, Personnel Administration, Personnel Management, and Payroll. Deployed security by using Structural Authorizations in tandem with regular R/3 roles.
Implemented and modified existing HR structural authorizations. Redesigned existing HR composite Roles and single roles.
Administered security throughout Central User Administration (CUA).
Performed troubleshooting for tickets, Plant Maintenance and Role Development.
Coordinated with Functional Business Owners in preparing mitigation documents.
Provided support to off-shore team on security related issues.
Tesoro Petroleum, San Antonio, Tx Apr 2006 – Jul 2006
SAP Security Consultant
Worked closely with Audit team for user-role conflict removal in SAP BW.
Created BW security Authorizations. Created BW Reporting authorizations.
Designed BW roles for MM, SD, FI, CO and HR modules and went through complete phase from designing the roles, supporting unit and integration testing, going live and post go live support.
Business role specific authorizations for power users and Reporting users.
Provided reporting authorizations based upon data values.
Accumulated the user requirements and designed the Global Security for the Business.
Movistar - Telefónica (Caracas, Venezuela) Jun 2005 - Feb 2006
SAP Basis/Security Administrator
Performed daily system health checks, weekly checks, and responsible for overall system tuning, getting involved with problem escalation and resolution, Setting up of RFC connections. Analyzed system performance, database performance, system health checks, implemented tuning improvements, established OSS connections where appropriated.
Modified user profiles using PFCG for users all over their branch offices in Venezuela.
Defined and maintained authorizations for FI, CO, MM, PP HR and SD modules.
Created new or edited the existing Roles as per the requirements coming through Help Desk.
Designed new Roles with grouping of transactions and Controlling Access to Restricted Transactions.
Defined New Printer Devices related Authorizations with controlling access to printers.
Maintained Authorization Periods for users for limited time use.
Developed R&C Matrix by Risk, Impact and likelihood, mitigating controls to support assertions.
Provided reported authorizations based upon data values. Implemented Info-object level BW security. Created BW security Authorizations, created Authorization objects through RSSM, business role specific authorizations for power users, provided read access to info providers, restricted the end-users in BW at Geographical/Functional level.
Supported Internal and External Security audits in production systems. Worked closely with Audit Team for User-role conflict removal.
Scheduled the security background jobs that generated the reports.
Handled the maintenance of existing HR Roles using PFCG.
Worked with Infotypes, subtypes and HR master data to adjust HCM profiles.
Assigned roles indirectly through HR – ORG in local systems. Supported users at different levels for the security issues in MDM module and analyzed Business Scope and developed User Roles for the better understanding of Security Authorization plan.
CONSEIN, C.A, Caracas, Venezuela Feb 2004 - Jun 2005
(NON SAP) IT Consultant
Designed, Installation and configuration of Microsoft Technologies (MOM, SMS, ADS, SBS, SQL Server, MS Exchange server, ISA Server and IIS) for Banking, Manufacturing and Telecommunications sectors.
Installation and configuration of various HP, COMPAQ and DELL Servers.
TCP/IP connectivity and troubleshooting.
System maintenance disaster recovery planning for NT, NOVELL, WIN95 and DOS systems.
Lourtec C.A. Caracas, Venezuela Jun 2002 - Jan 2004
(NON SAP) Network Administrator
Installation and configuration of Windows NT, Microsoft Exchange and NOVELL networks. Installation and configuration of Active Directory Services.
TCP/IP connectivity and troubleshooting.
SITEC, C.A . Caracas, Venezuela Jun 2000 - Mar 2002
(NON SAP) Security Administrator
Developed Network Security policies and procedures for Banking sector company.
Setup access to internal resources, user permissions on Active Directory Services.
Administered Microsoft ISA Server.
EDUCATION AND TRAINING
B.S. Systems Engineer. University of Los Andes, Merida city, Merida, Venezuela, 2000.
Training: SAP EP 6.0 Administration and Configuration at Prosoft Technology Group, Chicago, Il. 2004.
Certification: MCSE (Microsoft Certified Systems Engineer) at Microsoft Venezuela. 2001.
Certification: MCSA (Microsoft Certified Systems Administrator-Messaging) at Microsoft Venezuela. 2001.
Miscellaneous
-Authorized to work anywhere in the US.
-Available to travel as requested. Open to relocation.
-Multilingual English, Spanish, Portuguese.
References:
Available upon request.
Contact this candidate