JOSEPH AVELLINO
Management Consultant for SAP Security Strategies
Location
*** ******** **, ***** ** 19341
Telephone Number
Cell +1-610-***-****
**********@*******.***
Profile
Lead Management for SAP Security and Compliance Strategies. Experience with all types of business, both Private and Public Sector, Manufacturing, but with a concentration in the pharmaceutical Industry. Work with both internal/external auditors, SOX audits requirements, along with FDA audits. Able to lead teams of various sizes.
SAP Experience – Summary
–Project lead for Security and SOX Compliance for variety of SAP component implementations.
–Able to create and revise security protocols to fit a dynamic environment.
–Able to plan, design, and build security for implementations. This includes working with the IS Business Analyst to derive the requirements and Transport Management Systems.
–Creation and maintenance of SAP security profiles using the Profile Generator and keeping SU24 calls updated at all times. Able to perform thorough analysis of roles requiring changes and the impacts to current users. Includes user ID administration – adds, changes, and deletes.
–I have the ability to understand business processes and audit requirements and be able to recognize appropriate/inappropriate authorizations per industry standards. I am familiar with HR structural authorization.
–Creation and monitoring of SAP security controls to ensure company and regulatory compliance.
–I have experience with several releases of SAP, including the current ECC, BW/BI, XI/PI, EP, SOLMAN, CRM, APO, PPM, FIORI, IS, BOBJ, CMC, MDG-M, and MDG-S.
–17+ years’ experience in SAP Security.
–1-3 years’ experience in SAP HCM modules, including OM, PA, PY, E-Learning, E-Recruiting, ESS, MSS
–Solid background in SAP Enterprise Portal Security & Role Management.
–Experienced in SAP Central User Administration (CUA), SAP Single Sign-On (SSO), and Enterprise Identity Management (EIM).
–Experience with HP Service Center and HP ALM-QC, All Microsoft Office Products and SharePoint Administration.
–Team Leadership/Management experience; Strong project management skills.
–Managed teams of 2 to 8 people, depending on project.
–Specialist experience with SAP Security across multiple countries.
–Experience implementing and supporting audit controls and monitoring solution (e.g. GRC, CSI, Virsa, Approva, etc.), specifically in an FICO/HCM/Payroll environment.
–SAP GRC 10.1 Access Control - Access Risk Analysis (ARA), Access Request Management (ARM), Business Role Management (BRM), Emergency Access Management (EAM or FF).
–Experience working with internal and external audit audiences.
–Experienced in upgrades through all versions to current ECC.
–Participated in 9+ full cycle implementations.
Professional Experience - Detail
Shure Incorporated PM - SAP Security and Compliance 01/23/17 – 03/29/2017
Responsible for gathering Security requirements for system upgrade, along with all Continuous Improvement/BAU requests. Create security roles by organizing and facilitating role mapping workshops with functional team, in SAP ECC, BI, APO, CRM. Translate functional requirements into technical design for SAP security roles. Develop and oversee test plans for security enhancements. Assess and report upon impact and ramifications of proposed security changes. Utilize security policies and procedures already approved by parent company, and updated for SAP. Serve as primary focal point for new SAP security requests. Implement and maintain Controls and Compliance infrastructure to support audit activities. Work with a team of SAP security professionals, providing direction, guidance, and coaching.
Pfizer Pharmaceuticals PM - SAP Security and Compliance 03/15/11 – 01/20/17
Responsible for gathering Security requirements for new deployments within Pfizer and newly acquired Wyeth Laboratories, along with all Continuous Improvement/BAU requests. Create security roles by organizing and facilitating role mapping workshops with functional team, in SAP ECC, BI, APO, CRM, SOLMAN, MDGM, MDGS, PPM, IS, FIORI, and Information Steward. Translate functional requirements into technical design for SAP security roles. Develop and oversee test plans for security enhancements. Assess and report upon impact and ramifications of proposed security changes. Utilize security policies and procedures already approved by parent company, and updated for SAP. Utilize SAP CUA for user access across multiply environments. Serve as primary focal point for new SAP security requests. Implement and maintain Controls and Compliance infrastructure to support audit activities. Manage a team of eight people across multiple world wide sites. Work with a team of SAP security professionals, providing direction, guidance, and coaching. Provide Cutover Guidance and leadership during various Go-lives of plants/sites within Pfizer.
Carlisle Interconnect Technologies PM - SAP Security and Compliance 07/12/10 – 03/14/2011
Responsible for gathering Security requirements for new implementation, lead by Dickenson & Associates consulting team. Create security roles by organizing and facilitating role mapping workshops with functional team, in SAP ECC 6.0. Translate functional requirements into technical design for SAP security roles. Develop and oversee test plans for security enhancements. Assess and report upon impact and ramifications of proposed security changes. Utilize security policies and procedures already approved by parent company, and updated for SAP. Serve as primary focal point for new SAP security requests. Implement and maintain Controls and Compliance infrastructure to support audit activities. Manage a team of three people across multiple world wide sites.. Work with a team of SAP security professionals, providing direction, guidance, and coaching. Provide Cutover Guidance and leadership during various Go-lives of plants within CIT.
Sanofi-Pasteur (CSC) PM - SAP Security and Compliance 03/15/10 - 06/04/10
Responsible for gathering Security requirements for Integration project, lead by CSC consulting team. Create security roles by organizing and facilitating role mapping workshops with functional team, in SAP ECC 6.0. Translate functional requirements into technical design for SAP security roles. Develop and oversee test plans for security enhancements. Assess and report upon impact and ramifications of proposed security changes. Utilize security policies and procedures already approved by parent company. Serve as primary focal point for new SAP security requests. Implement and maintain Controls and Compliance infrastructure to support audit activities using SAP GRC (SAP Compliance Calibrator by Virsa Systems). Work with a team of SAP security professionals, providing direction, guidance, and coaching.
Florida Department of Revenue PM - SAP Security and Compliance 12/08/08 - 9/25/09
Responsible for gathering functional requirements for ESS, CRM, BI, PI, SolMan, Enterprise Portal, and many SAP “Bolt-on” products (Topcall, RevTrac, etc.). Create position-based security roles by organizing and facilitating role mapping workshops with all functional teams. Lead positive changes to operational business processes by developing workable solutions aligned with business objectives and SAP standard functionality within a Public Sector environment. Translate functional requirements into technical design for SAP security roles. Develop and oversee test plans for security enhancements. Assess and report upon impact and ramifications of proposed security changes. Develop, unit test, and maintain SAP position-based security roles and portal security roles. Develop, maintain, and enforce security policies and procedures. Serve as primary focal point for new SAP security requests. Implement and maintain Controls and Compliance infrastructure to support audit activities using SAP GRC 5.3. Develop and implement ‘best practices’ and other process improvement initiatives. Coordinate periodic SOX audits with Internal and External Audit personnel and construct action plans for addressing any noted deficiencies. Manage a team of two people. Lead a team of SAP security professionals, providing direction, guidance, and coaching.
Secude Global Consulting
Senior Manager – SAP Security and Compliance Practice 03/03/08 -12/07/08
Lead for SAP Security and Compliance Strategies. Managed team of consultants at various client sites. Company was a start up formed by established European parent company that was adversely affected by the economic turn down of last year, and is now no longer operating in the USA.
DTE (Detroit Energy) Security Audit Review 08/04/08-8/15/08
Served as a QA Security Admin, reviewed policy and procedures; as well as, audit requirements for large Public Utility. Produced audit findings along with new procedures needed for future auditable tasks.
Coca-Cola Enterprises (CCE) NWIDM SAP Lead 04/28/08-5/30/08
Served as SAP Security Lead on Netweaver Identity Management implementation. Assisted with the installation and configuration, along with creating policies and procedures of usage.
Comcast, Inc. Manger - SAP Security and Compliance 05/07/07-2/28/08
Responsible for gathering functional requirements for SAP-HCM and ESS/MSS position-based security roles by organizing and facilitating role mapping workshops with all functional teams. Lead positive changes to operational business processes by developing workable solutions aligned with business objectives and SAP standard functionality. Translate functional requirements into technical design for SAP-HCM security roles. Develop and oversee test plans for security enhancements. Assess and report upon impact and ramifications of proposed security changes. Develop, unit test, and maintain SAP HCM position-based security roles utilizing structural authorizations and portal security roles. Develop, maintain, and enforce security policies and procedures. Serve as primary focal point for new SAP security requests. Implement and maintain Controls and Compliance infrastructure to support audit activities. Develop and implement ‘best practices’ and other process improvement initiatives. Coordinate periodic SOX audits with Internal and External Audit personnel and construct action plans for addressing any noted deficiencies. Manage a team of three people. Lead a team of SAP security professionals, providing direction, guidance, coaching, and providing career development opportunities.
Centocor, Inc. Manager - SAP Security and Compliance 04/16/02-4/31/07
Responsible for designing mechanisms and procedures for user administration, role creation, profile maintenance and security management in a FDA regulated environment using GMP standards for the SAP surrounding environment. Remediation of existing profiles into new PFCG roles in preparation of a 4.6C upgrade. Perform User administration (creating, changing and deleting user accounts, assigning roles to 2200 users). Perform Central User Administration to create and maintain all user master data across the system landscape along with Client-specific user Administration when needed. Work with all module leads (HR, MM, FI/TR, FA, CO, SD, PP, QM, PI, BA, PM, BASIS) and functional business contacts to develop SAP roles, composite roles and authorizations. Control and Maintain access to the transaction selection and authorization data in roles through the use of Position based grants. Use advanced Profile Generator Functionality and CATT Tools to implement changes. Act as a liaison between Human Resources, Information Technology, SAP project teams, Basis administration and auditors in gathering and communicating information on the SAP R3 security system. Implementing and supporting audit controls and monitoring solution using CSI Tools. Responsible for the support of all SAP environments on an ongoing basis, using versions 4.0B and 4.6C. This support is for both ongoing production maintenance and ongoing projects. Manage a team of four people across multiple world wide sites. The environment is a centralized system supporting multiple countries; and works directly for the SAP Operations Manager.
BD (Becton, Dickinson & Co) SAP Security Administrator 03/16/02-4/15/02
Responsible for designing mechanisms and procedures for user administration, Activity group creation and profile maintenance and security management in a FDA regulated environment using GMP standards for the SAP surrounding environment. Perform User administration 3200 users. Perform Central User Administration to create and maintain all user master data across the system landscape along with Client-specific user Administration when needed. Work with all module leads and functional business contacts to develop SAP activity groups, profiles and authorizations. Control and Maintain access to the transaction selection and authorization data in activity groups. Use advanced Profile Generator Functionality and CATT Tools to implement changes. Act as a liaison between Human Resources, Information Technology, SAP project teams, Basis administration and auditors in gathering and communicating information on the SAP R3 security system. Responsible for the support of all SAP environments on an ongoing basis using versions 4.0 and 4.6C. This support is for both ongoing production maintenance and ongoing projects. The environment is a centralized system supporting multiple countries; and works directly for the SAP Operations Manager.
Hercules Inc. SAP Security Administrator 10/01/99-3/15/02
Responsible for designing mechanisms and procedures for user administration, profile creation and profile maintenance and security management for the SAP surrounding environment. Perform User administration to 6800 users. Perform Central User Administration to create and maintain all user master data across the system landscape along with Client-specific user Administration when needed. Work with all module leads and functional business contacts to develop SAP activity groups, profiles and authorizations. Control and Maintain access to the transaction selection and authorization data in activity groups. Use advanced Profile Generator Functionality and CATT Tools to implement changes. Responsible for the support of all SAP environments on an ongoing basis using versions 3.1I and 4.6C GUI. This support is for both ongoing production maintenance and ongoing projects.
Education and Certification
– SAP GRC Access Control 5.3 – Implementation and Configuration GRC300, SAP Educational Services 2009
– SAP NetWeaver Identity Management 7.0 TZNWIM, SAP Educational Services 2007
– Authorizations in HCM HR940, SAP Educational Services 2007
– Business Processes in Human Capital Management HR050, SAP Educational Services 2007
– SAP Authorization Concept ADM940, SAP Educational Services 2005
– R/3 Overview SAP01, SAP Educational Services 2002
– Mainframe Programming, Computer Aid Services Institute 1999
– Client/Server Technology, Penn State University 1998
– M.Ed. - Secondary Education/Biology, Cabrini College 1992
– B.A. - Anthropology/Biology, Temple University 1989
General Information
Nationality
United States Citizen
Spoken languages
English
Professional References
References available upon request