Sap Security and GRC
Resume:
AJAY V
SAP Security & GRC Consultant
Mobile: 945-***-****
Email: ad4x11@r.postjobfree.com
LinkedIn: linkedin.com/in/ajay-v-674b991a0
Certification: SAP Certified – SAP Access Control 12.0
OBJECTIVE
Overall, 11+ years of experience in SAP Security R/3 and 6 years of experience in GRC 10.1 and 6 months in GRC 12.0 and also experience in S/4 HANA and SAP FIORI. Involved in major projects RPA (Robotic Process Automation) and GDPR (General Data Projection Regulation) across all Security Landscapes. Role and user administration as part of support projects. Successfully implemented the Governance Risk and Compliance (GRC) 10.1 Access Control (ARM, EAM, BRM and ARA). And involved in the SOX Audit Reports.
Professional Summary:
• Expert in working with cutover team in roll-out/cutover activities and hyper care (post production security support).
• Expert in securing system and data through customization of role maintenance, authorization objects, transaction codes.
• Experienced in the design, development, implementation and maintenance of SAP Security and Authorization Solutions in ECC, GRC*, FIORI and S/4 HANA.
• Expert in creating/updating in single, master, derived and Composite roles.
• User administration involving creation/deletion/locking/unlocking/change password/copy and changing users.
• Experience on joining tables to generate queries.
• Expert with all security related authorization objects.
• Expert on user/role related tables.
• Proficient in analyzing user/role/authorizations related information using SUIM.
• Experience in generating workload analysis report (Transaction analysis, user settlement statistics).
• Good knowledge in maintaining password related parameters and illegal passwords as per company standards.
• Proficient in analyzing and fixing the missing authorizations using System Trace and Last Authorization Check Failure.
• Expert in transporting single/mass roles and deleting roles.
• Extensively worked on roles modification/creation through the Charm process (SOLMAN).
• Experienced in creating the Robotic roles for the RPA (Robotic Process Automation).
• Have implemented the GDPR (General data Protection Regulation) in the SAP System.
• Preparing Role Matrix and Role Designing strategy and defining procedures for the best of security for the client business
• I have provided post Go Live support including end user training, performed demonstration, prepare user manual and technical guide.
• Quality team player with inter-group coordination, strong communication, leadership qualities, and decision-making skills.
• Worked on SOX Audit Reports like B1, B2, B3, B4 and B5.
• Implementation of ERP applications such as SAP S/4HANA 2020 and prepared the documentations on Security role designs and Fiori concepts.
• Completed end to end GRC Access Control Green Field implementation from Requirement gathering, Blue Print, Design, project planning to go-live and hyper care
• As part of daily activity used to work on GRC monitoring task.
• Prepared configuration documentation for GRC.
• Performed all Post installation and common configuration steps of GRC.
• Configured MSMP Workflow.
• Configured BRF+ and mapped BRF+ application with MSMP workflow.
• Set up the Admin Delegation incase if approver going on vacation.
• Running risk analysis/simulation against roles based on the requirements.
• Worked on the Business Role owner Update/Add/Deletion (Master Data Update).
• Worked on creating Mitigation Control ID.
• Worked on Mitigation Control assignment to Users/Roles.
• Designed and configured the creation of FFID’s.
• Extensively worked on creation/updating of Owners, Controller and creating reason codes.
• Assigning owners to FFID and assigning FFID to Firefighter and Controller.
• Extensively worked on Synchronization jobs.
• Configured and set up GRC parameters / connectors/ Connector group, background jobs for SAP Landscape.
• Created roles for S/4 HANA and Fiori Gateway systems.
• Monitored the Service Desk ticketing system for SAP Security requests and ensured that all requests were promptly and accurately handled.
Education: -
• Masters from University of Wales, Cardiff (UWIC, UK).
• B-Tech from JNTU University of Andhra Pradesh, Hyderabad (Anurag Engineering College).
Professional Experience:
IBM Date Dec’21 – Till date
Client: Johnson & Johnson
Role: Package Specialist – SAP Security
Johnson & Johnson (J&J) is an American multinational corporation founded in 1886 that develops medical devices, pharmaceuticals, and consumer packaged goods. Johnson & Johnson is headquartered in New Brunswick, New Jersey, the consumer division being located in Skillman, New Jersey. The corporation includes some 250 subsidiary companies with operations in 60 countries and products sold in over 175 countries.
Roles and Responsibilities: -
• Created new single, master/derived, Business roles as per the standard template provided by the Business.
• Co-coordinating with functional teams to gather the requirements and build roles based upon their requirements.
• Worked on Charm process for the requirements (Role creation/change) provided by the Business/IT.
• Proficient in analyzing the transaction codes to maintain authorization checks in SU24.
• Extensive worked on performing Risk Analysis at user level and role level and performing Risk Simulation at user, role level ensuring that the user is risk free.
• Experience in role/mass role transport.
• Worked on transporting single/mass roles and deleting roles.
• Analyzing the authorization issues by System trace and last Authorization check failure and providing the solution as per the user profile.
• Generating reports using user/role/authorization related tables.
• Experience in generating workload analysis report (Transaction analysis, user settlement statistics).
• Experience in opening the OSS connections.
• Worked on the Business Role owner Update/Add/Deletion (Master Data Update) in GRC.
• Created roles for S/4 HANA and Fiori Gateway systems.
• Collaborate with other team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the Client requirements.
Hitachi June’21 – Dec’21
Client: Toyota Motors North America
Role: SAP Security & GRC Consultant
Toyota Motor North America, Inc. is a holding company of sales and manufacturing subsidiaries of Toyota Motor Corporation in the United States. Its services include government and regulatory affairs, energy, economic research, philanthropy, corporate advertising, and corporate communications.
The company is headquartered in Plano, TX with an additional office in Torrance, CA, Georgetown, KY, Washington, District of Columbia, Ann Arbor, MI, New York City, NY, San Ramon, CA, and other regional offices. Toyota Motor North America, Inc. operates as a wholly owned subsidiary of Toyota Motor Corporation.
Roles and Responsibilities: -
• User administration involving creation/deletion/locking/unlocking/change password/copy and modifying users.
• User administration in Ariba Portal (User group and Purchasing Unit assignments)
• Created new single, master/derived, Business roles as per the standard template provided by the Business.
• Created UAT and helped users in testing all new and modified roles.
• Identified and removed all unwanted and inactive roles from all SAP systems.
• Worked on Charm process for the requirements (Role creation/change) provided by the Business/IT.
• Managing user login parameters and password parameters.
• Analyzing the authorization issues by System trace and last Authorization check failure and providing the solution as per the user profile.
• Generating reports using user/role/authorization related tables.
• Proficient in analyzing the transaction codes to maintain authorization checks in SU24.
• Familiar with transporting single/mass roles and deleting roles.
• Analyzed the SAP Systems and provided recommendation to clean up and maintain the SAP positions and user profile.
• Implementation of ERP applications such as SAP S/4HANA and prepared the documentations on Security role designs and Fiori concepts.
• As part of daily activity used to work on GRC monitoring task
• Extensively worked on access control Owners and creating reason codes.
• Assigning FFID to FFID Owners and FFID controllers.
• Extensive worked on performing Risk Analysis at user level and role level and performing Risk Simulation at user, role level ensuring that the user is risk free.
• Administration activities in GRC such as cancel the request, routing the request and forwarding the request.
• Created roles for S/4 HANA and Fiori Gateway systems.
• Worked with Service Now (SNOW) for Task management and incident management.
Adecco March’17 – April’21
Client: AstraZeneca
Role: Senior SAP Security & GRC Consultant
Astra AB was founded in 1913 in Sodertalje, Sweden, by 400 doctors and apothecaries. In 1993 the British chemicals company ICI demerged its pharmaceuticals businesses and its agrochemicals and specialties businesses, to form Zeneca Group plc. Finally, in 1999 Astra and Zeneca Group merged to form AstraZeneca plc, with its headquarters in London. In 1999, AstraZeneca identified as a new location for the company's US base the "Fairfax-plus" site in North Wilmington, Delaware.
Roles and Responsibilities: -
• Worked on User creation/deletion through IDM request.
• User administration in Portal Systems.
• Created new single, master/derived roles as per the standard template provided by the Business.
• Worked on Charm process for the requirements (Role creation/change) provided by the Business/IT.
• Analyzing the authorization issues and providing the solution as per the user profile.
• Generating reports using user/role/authorization related tables.
• Experience in generating workload analysis report (Transaction analysis, user settlement statistics).
• Proficient in analyzing the transaction codes to maintain authorization checks in SU24.
• Created Test Scripts for UAT and provided to Business users to Test and the evidence provided by the Business user will be attached to the Solman (Charm Process).
• Working on the RPA (Robotic process Automation) across all the Systems.
• Worked on GDPR (General data Protection Regulation) in SAP system.
• Worked on SOX Audit Reports like B1, B2, B3, B4 and B5.
• From GRC implementation prospective, actively working in implementing GRC10.1 AC -products like ARM, EAM, BRM and ARA.
• Prepared configuration documentation for GRC 10.1.
• Activated the application in clients, BC sets, Configuration settings.
• Activated the Connection settings and SICF services.
• Created news roles for GRC (FFID owner role, FFID Controller role, Mitigation role’s etc.,)
• Managed organizational hierarchy for mitigation.
• Designed and configured the FFID’s in ECC system.
• Extensively worked on access control Owners and creating reason codes.
• Assigned FFID’s to FFID Owners and FFID Controllers.
• Running risk analysis/simulation against roles based on the requirements.
• Worked on creating Mitigation Control ID.
• Worked on Mitigation Control assignment to Users/Roles.
• Scheduled background jobs for authorization sync and repository sync.
• Administration activities in GRC such as cancel the request, routing the request and forwarding the request.
• Set up the Admin Delegation incase if approver on vacation.
• Worked on MSMP workflow.
• Worked on BRF+ and mapped BRF+ application with MSMP workflow.
Group 10 Technologies May’16 – March’17
Client: SPX
Role: SAP Security Consultant
SPX is a diversified, global supplier of infrastructure equipment with scalable growth platform in heating, ventilation and air conditioning (HVAC), and detection and measurement markets, and a strong presence in power and energy markets. With operations in about 20 countries and approximately $1.7 billion in revenue for 2015.
Roles and Responsibilities: -
• User administration involving creation/deletion/locking/unlocking/change password/copy and modifying users.
• Worked on Mass user maintenance using transaction code SU10.
• Creating User Groups for user administration.
• Experience in role/mass role transport.
• Analyzing the authorization issues and providing the solution as per the user profile.
• Generating reports using user/role/authorization related tables.
• Worked on generating workload analysis report (Transaction analysis, user settlement statistics).
• Created new single, master/derived roles as per the standard template provided by the Business.
• Proficient in analyzing the transaction codes to maintain authorization checks in SU24.
• Worked as an administrator in ARM like creation of GRC request on behalf of Business users and provide the status of the request.
• Rerouting the GRC request on behalf of approvers in their absence and this activity done based on email.
• Administration activities in GRC such as cancel the request, routing the request and forwarding the request.
• Set up the Admin Delegation incase if approver on vacation.
RMIS Jan’12 – Apr’16
Client: AMD
Role: Associate SAP Consultant
Advanced Micro Devices is an American semiconductor company based in Sunnyvale, California, United States. AMD develops computer-processors and related technologies for business and consumer markets. Initially AMD manufactured its own processors. The AMD became fables after Global Foundries was spun off in 2009. AMD’s main products are microprocessors, motherboard chipsets, and embedded processors and graphics processors for servers, workstations and personal computers.
Roles and Responsibilities: -
• User administration involving creation/deletion/locking/unlocking/change password/copy and modifying users.
• Worked on Mass user maintenance using transaction code SU10.
• Creating User Groups for user administration.
• Analyzing the authorization issues and providing the solution as per the user profile.
• Worked on generating workload analysis report (Transaction analysis, user settlement statistics).
• Proficient in analyzing the transaction codes to maintain authorization checks in SU24.
• Created new single, master/derived roles as per the standard template provided by the Business.
Contact this candidate