Relationship Management Sap Grc
Resume:
Summary
Krishna is an accomplished SAP Security Administration professional with excellent hands-on experience in Governance, Risk and Compliance (GRC), Supplier Relationship Management (SRM), Customer relationship management (CRM), Central User administration (CUA). Human Resource (HR), Business Intelligence (BI), Business objects (BOBJ), HANA, S/4 HANA, MDG and Fiori, Ariba, SAP Business Technology Platform (BTP), SAP Integrated Business Planning (IBP), CHARM (transport Management) I’ve worked on multiple Implementation projects and has successfully leaded roll out projects, upgrade projects, and support projects.
I’ve designed role matrix strategies based on technical forecasts of industry trends and implemented solutions based on technical and functional specifications and thorough testing realizing significant improvement of processing efficiency for clients. I worked with cross-functional teams of technical experts to analyze and measure systems and processes. Self-starter who meets project deadlines and requirements while performing multiple tasks within fast-paced environments. My key attributes are:
Over 15+ years of technical hands-on experience in SAP GRC Security Administration.
Expert in SRM implementation.
Proficient in GRC Access Control- User/Role Simulation FF access related defect resolution.
Proficient in GRC 10.00 and creating business roles.
Role Administration – Created composite roles, single, parent and derived roles.
User Administration with Authorizations (Profile maintenance through PFCG).
Worked on Fiori Apps/Default authorizations/ Catalog and Catalog Groups.
Worked on NWBC- NetWeaver Business Client (OBN- Object Base Navigation).
BizRights tool by Approva - SAP security audit & SoD verification.
Implement and verify emergency and scheduled SNOTE. GRC - Risk Analysis and Remediation (RAR) 5.3.
Operational reports - Weekly defect resolution status and monthly team performance statistics.
Proficient in BW security. Worked on Business process consolidation (BPC) created teams, tasks profiles and data access profiles.
Environment transportation – SYMMETRY.
CHARM – for transport movement.
BOBJ- Business objects- Created folders and assigned groups and permissions.
HR Security- implemented Time sheet maintenance CAT2.
SuccessFactors – Payroll management
Sail point – Access management tool
Excellent problem-solving skills. Recipient of Elite Project Star award of Capgemini.
Worked on PAR (Periodic Access Review).
Technical Skills
ERP: ECC 6, 4.6 B, ECC, BI 7.1, BOBJ SRM 7.02, HANA, GRC 10, GRC 10.01, S4 HANA, Ariba, BTP, IBP
OS: WinNT 4.0, Windows 2000, RHEL, HP-UX, Linux, IBM-AIX
Database: DB6, Oracle 10g, and MS SQL
Server Tools: Citrix, TSM, SYMMETRY (for Transports), Control – M (for BG jobs)
Office: Office (Word Excel, Access & Power point, Email), BizRights (SoD Checks)
Other Tools: Clients including MS Outlook, Lotus, VM Ware Tools, Foot Print (Ticketing tool)
, Remedy, HP service manager and CA
Other: Hardware troubleshooting, Operating System, VPN and Network issues (Cisco and Nortel)
Education
Masters in computer applications, Osmania University 2007
Bachelor of Computer Application, Osmania University, Hyderabad 2004
Professional Experience
Flowers Foods, Thomasville, GA. May 2017 to Present
Project: SAP Business Objects, SAP GRC, TPM Security, MDG, Ariba and S/4 HANA SAP BTP, IBP, CRM.
Flowers Foods is a producer and marketer of packaged bakery foods in the United States. Flowers operates 46 bakeries that produce breads, buns, rolls, snack cakes, pastries, and tortillas. Flowers products are sold regionally through a direct store delivery network that encompasses the East, South, and Southwest, West and the Northwest, and are sold nationwide via delivery to retailers' warehouses.
Flowers Foods is continually expanding its market reach through acquisitions and by stretching its current territory.
Responsibilities
Worked on business objects project, below are the activities performed.
Created business roles
Created folders
Created user groups
Mapped user groups to folders
Provided required authorizations to universe and connections
Created Access levels (security roles)
Created HANA roles for business requirement
Created analytical privileges
Created analysis authorization objects in BI
Worked on CRM project (TPM- Trade Promotion Management)
Created security roles respective business roles.
Created BP (Business Partner) and mapped accordingly
Worked on SailPoint Access management for user creation
Worked on SP for provisioning and deprovisioning of access
Worked on GRC 10.1 and 12
Created Firefighters
Mapped Firefighters ID to respective Firefighters
Mapped FF ID to owners
Mapped FF IDs to respective controllers and alternative controllers
Worked on Audit reports
Analyzed user usage reports and role redesigned according to business requirements
Works on SoD conflicts
Created composite roles
Created inherited roles (Parent and derived roles)
Created scripts for mass user activity (LSMW for user creation, user groups, password reset…)
Performs day to day system configuration, testing and deployment methodology within SAP application architecture.
Serve as SAP security subject matter expert; provide advisory and consulting services as needed.
Facilitate issue resolution related to business processes, identifying system options, testing scenarios and supporting knowledge transfer activities.
Working on MDG (Master Data Governance) implementation Project
Created material-based business roles (FINI, RAW, BOM, PACK etc.)
Created functional and technical roles.
Worked on quarterly PAR,
Remediate rejected access, decision taken by risk owners.
Mitigate user access, if user come back after risk owner reject the access.
Remediate roles (remove /Add) Transactions according to SoD checks.
Ariba personas Groups and users.
Worked on Ariba access creation/modification/Termination.
Worked with Sail Poni team to integrate with Ariba.
Worked on BTP Cocktail.
Role exposes from source systems to BTP
Created and mapped Business users in BTP.
Worked on SAP Integrated Business Planning for Supply Chain (SAP IBP)
Worked on Fiori Apps/default authorizations/Catalog and Catalog Groups.
Closely worked with UI Developers to create Fiori roles.
Worked on Charm for transport movement from lover to higher systems.
Environment: SAP ECC, BW, HR, SuccessFactors, CRM (TPM), HANA, BOBJ 4.1/4.3 and MDG, Sail Point, S/4 HANA, SAP BTP, SAP IBP.
Bank of America, Charlotte, NC Aug 2016 to May 2017
Project: SAP GRC HANA Security
Role: SAP GRC Consultant
Bank of America is one of the world's leading financial institutions, serving individual consumers, small and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services.
Responsibilities:
GRC upgrade from 10.00 to 10.01. Created test scripts. Executed and resolved the issues as required.
Created and updated business users as role owners, controllers, and firefighters. Created business roles in GRC. Created single, composite and UME groups in GRC 10.00
Scheduled/run authorization sync jobs in GRC. Scheduled/run repository sync jobs in GRC
Created and modified trusted RFC (remote function call)
Created UME groups in portal. Created teams (Composite roles) in BPC. Created task profiles (single roles) in BPC. Created data access profiles (like restricting field values) in BPC.
Created and modified analysis authorization as requested through RSECADMIN.
Performed SU24 activates. Created single, composite, parent and derived roles in PFCG.
Worked on HANA studio
Analyzed and resolved issues as part of cutover activities. Generated developer keys in service market place. Registered object keys in service market place according to the requirement
Updating the user credentials in secure area for SAP to login to client systems according to the incidents. Resolved the incidents, service requests, and customization requests in remedy.
Worked on BOBJ below are some activities not limited to
created folders in Business objects
created access levels
provided access levels to users
assigned access levels/ permissions to users
Environment: SAP ECC, BW, BPC, BOBJ, HANA, EP, SolMan, DB2, HP UX.
TASNEE (National Industrialization Company), Riyadh, KSA Sep 2015 to Apr 2016
Project: Cristal Merger
Role: Technical Lead
TASNEE was established in 1985 as Saudi private sector's first fully owned joint stock industrial company, with the aim of advancing economic diversification in Saudi Arabia. TASNEE is Saudi Arabia’s second largest industrial company and one of the world's largest producers of titanium dioxide. Tasnee National Industrialization Company acquired Cristal Titanium dioxide Company and I was part of the System integration and merger project. As a technical team lead, was responsible for performing the gap analysis, creating design documents, helping team members with the technical issues and also to ensure that project was delivered efficiently on time.
Responsibilities:
Involved in role and position mapping of the employees.
Analysis of SoD (segregation of Duties) using security waver, ERP Mastro tool, and GRC.
Assigning appropriate mapped roles. Created positions based HR roles.
Analyze the missing authorizations and resolved them as per business requirement.
Creating folders and providing permissions to the groups in BOBJ.
Created access levels
Created groups and assigned permissions
Assigned permissions to users in business objects
Created principals
Created enterprise users in BOBJ
Provided access to CMC
Promoted (transported) objects/access levels groups…. From development to quality to production in BOBJ.
Mapped access in BI to BOBJ to HANA systems.
Environment: SAP ECC 6, GRC 10.0, SRM 7.02, BW 7.01, BOBJ 4.2, HANA SP9, win 2008 and MS SQL server.
NVIDIA Graphics Pvt Ltd., Pune, India Feb 2015 to Jul 2015
Project: GRC Security
Role: Technical Lead
Nvidia Corporation is an American technology company based in Santa Clara, California. It designs graphics processing units (GPUs) for the gaming market, as well as system-on-a-chip units (SOCs) for the mobile computing and automotive market. As a technical team lead, I was responsible for helping team members with the technical issues and ensure on time project delivery.
Responsibilities:
GRC 10.0. Access Control, resolving SoD conflicts, user level and role level simulations, providing Fire fighter access, user access auto provisioning. Assign and change role owner/approver according to the business need.
Review and correction of sensitive authorizations (s_tabu_dis, s_rfc, etc.).
Create and assign custom authorization groups for sensitive tables. Resolve issues arising from testing using system traces and dumps.
Evaluated and used SAP standard roles as templates for custom roles. Created customized end user roles to allow for low-level modular access control.
Move transports to DEV, QAS and PRD by using Symmetry tool. Created composite, parent and derived roles. Analyse missing authorizations and provide the correct authorizations.
Environment: ECC 6, GRC 10.0, BI 7.3, CRM 7, SRM 7.01, EP, win 2008, Oracle 11g.
Marafiq Power and Water Utility Company, Jubail, KSA Feb 2014 to Sep 2014
Project: SRM Implementation
Role: SRM Security Consultant
Marafiq is the first private integrated power and water utility company in the Kingdom of Saudi Arabia. Marafiq finds itself at the spearhead of the national drive to privatize public enterprises that are economically viable and sustainable. In particular, it supports the national development plan of providing opportunities to finance, operate and maintain utility services in the power and water sector.
As part of SAP SRM project as a technical team lead, participated in various project phases. Instrumental in requirements gathering from Business and end users, Blue print phase, created the role matrix, build phase according to the role matrix and business requirement, created the roles and performed unit testing, UAT phase created test users and according to the test results modified the roles and prepared for Go-live. Delivered project on time.
Responsibilities:
Analysis of requirements and mapping these to SRM Security. Creating the role matrix according to the business requirement. Planning the SAP Security strategies.
Finding Segregation of Duties (SoD) rules and critical transactions.
Creating composite roles.
Created NWBC (webdynpro component) roles to substitute portal access.
Setting up the security parameters. Created supplier roles.
Environment: ECC 6, SRM 7.01, PI 7.3, BI 7.01, EP, Linux and Oracle 11g.
Cooper Tires, (Accenture), Pune, India Nov 2012 Feb 2014
Project: SAP GRC Upgrade & Offshore Support
Role: GRC Consultant
Cooper Tire & Rubber Company (NYSE: CTB) is the parent company of a global family of companies that specializes in the design, manufacture, marketing and sale of passenger car, light truck, medium truck, motorcycle and racing tires. Cooper’s headquarters is in Findlay, Ohio, with manufacturing, sales, distribution, technical and design operations within its family of companies located in more than one dozen countries around the world.
Responsibilities:
Finding segregation of duties rules and critical transactions by using RAR (Risk Analysis and Remediation). Support integration testing, user acceptance testing, and training systems apart from DEV, QA and PRD systems.
Performed gap analysis, conducted risk assessments, managed issues, designed and documented procedures. Working on Central User Administration (CUA) landscape.
Developed and maintained roles and performed user administration for ECC, HR systems.
Creating and assigning business partners (BP) to users (grouping- internal number assignment.
Assigning Internet user to BP. Assigning BP person to customer/vendor BP (for SNC select relationship cat. has SNC user). Assigning BP person to customer/vendor BP (for SUS select relationship cat. has contact person).
Assigning BP person in CRM system we have customized transaction code ZUREF to assign ship to party and sold to part. Assigning AD (active directory) groups to users.
Locking of the transaction codes at the time of critical activity.
Maintaining Personnel Administration (PA). Created new roles for ECC 6 systems: FI, CO, HR, MM, PP, PTP, OTC and SD modules, based on concepts of task roles and position roles.
Analyzed and replaced existing roles with new roles accurately matching business needs.
Identified Security issues, recommended and implemented solutions to problems.
Created customized end user roles to allow for low-level modular access control.
Maintained SNC for Single Sign-On to SAP Systems, and deactivated the password in SAP.
Review and correction of sensitive authorizations (s_tabu_dis, s_rfc, etc.) including creation and assignment of custom authorization groups for sensitive tables.
Resolved issues arising from testing using system traces and dumps. Evaluated and used SAP standard roles as templates for custom roles.
HR security authorization objects for structural authorizations based on Info Type and allowed functions / activities auth. Objects- P_ORGIN, P_ORGXX, P_PERNR, PLOG.
Environment: ECC 6, SRM 6.0, CRM 5.0, EP, PI 7.3, BI 7.01, Linux, AIX 6.0 and Oracle 11g.
Client: Huntsman Chemicals, (Accenture), Pune, India Jun 2011 to Nov 2012
Project: SAP GRC Rollout
Role: SAP GRC Security Administrator
Huntsman is a global manufacturer and marketer of differentiated chemicals. Huntsman operating companies manufacture products for a variety of global industries, including chemicals, plastics, automotive, aviation, textiles, footwear, paints and coatings, construction, technology, agriculture, health care, detergent, personal care, furniture, appliances and packaging.
Responsibilities:
User maintenance: Creating users, roles and assigning roles & Mass user Administration.
EP User administration: Creating Portal users, locking, unlocking, assigning roles & groups.
SoD checks done by using BizRights tool, following operations are done by this tool.
Performed what if analysis below operations:
oAdding transaction code to single role. Authorization change management.
Role assignment management.
Handling password reset, user lock & unlock tickets creating or modifying roles, if required adding authorization objects manually and changing field values & activities according to approvals.
Creating Composite roles by assigning single roles.
Analyzing SU53 and ST01 for missing authorizations and giving authorizations by taking approval and doing user comparison.
Changing org level values like company code, division, sales order, plant.
Creating or modifying users, locking & unlocking, providing validity period, attaching & detaching roles, parameter settings.
Configuration of Security profile parameters. Generating user related reports by using SUIM.
Creating roles in development with transport request, after testing moving to quality system & production. Mass roles comparison & profile generation. Maintain the users License types.
Generate month end reports and Maintaining License data by using USMM reports.
Involved in auditing to removing the sensitive t-codes and basis related authorization objects and its fields and values as per BASIS rule book.
Generating monthly reports for expired and inactive users and removing them.
Copy customized roles from standard templates like Parent role to create composite role and derived role. Assign roles to users with field Value & Activity. Checking the audit logs for new created users and locked users.
Restricting the new password rules by using parameters. Maintaining Profile Parameters.
Oracle parameter changes by using BRtools. Index creation at Data Base level, Index rebuilding using BRtools. Table reorganization using BRtools.
Trouble shoots on System performance. Performance monitoring and workload analysis.
Designed and implemented a security development strategy using client resources from definition of job roles to development, testing and migration. Created a security structure by which all transactions can be controlled and monitored. Designed and developed Access and Notes Databases to facilitate SAP Security Administration Procedures.
Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards.
Respond to requests and prepare SAP security reports based on management and department needs. Active participation in successful completion of Security annual audit.
Environment: SAP ECC 6, BW7.01, AIX 5.3.
Kesko Food (Cap Gemini), Kolkotta, India Jan 2008 to Jun 2011
Kesko is a Finnish retail specialist which provides products and services valued by consumers in the Nordic countries, the Baltic countries and Russia. Kesko has about 2,000 stores in seven countries. Kesko's operations include food, hardware and builders' supplies, car, department store, agricultural and machinery trade. The biggest divisions are Kesko Food, Rautakesko, VV-Auto, Anttila and Kesko Agro.
Responsibilities:
Designed and implemented a security development strategy using client resources from definition of job roles to development, testing and migration. Created a security structure by which all transactions can be controlled and monitored.
Design and develop Access and Notes Databases to facilitate SAP Security Administration Procedures. Maintaining Profile Parameters.
Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards.
Respond to requests and prepare SAP security reports based on management and department needs. Active participation in successful completion of Security annual audit.
User maintenance: Creating users, roles and assigning roles & Mass user Administration.
EP User administration: Creating Portal users, locking, unlocking, assigning roles & groups.
Handling password reset, user lock & unlock tickets creating or modifying roles, if required adding authorization objects manually and changing field values & activities according to approvals.
Creating composite roles by assigning single roles. Analyze SU53 and ST01 for missing authorizations and giving authorizations by taking approval and user comparison. Changing org level values like company code, division, sales order, and plant.
Creating single roles. Creating parent and derived roles. Creating roles in development with transport request, after testing moving to quality system & production.
Involved in auditing to removing the sensitive T-codes and basis related authorization objects and its fields and values as per BASIS rule book.
Modify roles at authorization object level like fields and values and add authorization objects manually if required. Mass roles Downloading, Uploading, Comparison & Profile Generating.
Monthly taking the expired and who are not logged into system above 90 days users list. After getting approval respective user’s ids have been removed.
Check audit logs for new and locked users. Restrict the new password rules using parameters.
Trouble shoots on System performance. Performance monitoring and workload analysis.
Environment: SAP ECC 6, BW7.01, AIX 5.3, Enterprise portal.
Contact this candidate