Sap Security Access Control

Abdulkowiy Taiwo

**********@*****.*** Cell: +1-317-***-****

SAP SECURITY & GRC ANALYST

Summary

Goal oriented and decisive IT professional with 6+ years of experience in SAP Security and GRC Access control (implementation and support).

Equipped with two full lifecycle SAP implementations, upgrade and production support from the Design phase to the post-implementation phase on different industry projects. Excellent at SOX compliance requirements and resolving SOD conflict issues.

Hands-on experience in GRC - Access Control module- Emergency Access Management, Access Risk Analysis, Access request Management, Business role management.

Technical Skills

●SAP R3 ECC 6.0/5.0/4.7

●SAP S4 HANA/FIORI (Backend)

●GRC AC 10.0, 10.1, 12.0

●SAP Audit

●Microsoft Office

●NetWeaver products (ECC/SCM, EWM)

SOX, HIPPA, PII, CFR, ISO27001, PCI-DSS, FISMA, NIST, GDPR

Core competence

-Ability to rapidly learn a new technology

-Possess excellent communication on both orally,in writing and interpersonal skills

-Capable of taking responsibility and tactfully offering constructive criticism

-Ability to handle pressure and perform multiple tasks

Professional Experience

Dadam partners.

SAP Security & GRC Consultant

11/2018 – Present.

Delivered SAP security support, GRC support, and multiple full lifecycle implementations, performing pertinent tasks ranging from analysis, quality assurance, SIT tests, cutover, Go-live, and post-implementation support for various clients across various industries.

Responsibilities:

●Perform all aspects of SAP security implementation tasks which include but are not limited to coordinating and interacting with business leads and process owners, technical and functional SMEs, and Internal Audit and Security Admins for the sole purpose of gathering SAP Security requirements.

●Hosting workshops with Business process owners/Module owners, Security, Internal Audit, and SMEs to gather requirements (As-Is > To-Be).

●Elicit security info such as a Naming convention, Derived role iterations, SOD i.e., number of Orgs, Field-specific actions to create a Functional design document (FDD), Create the Technical design document (TDD)

●Secure the approvals for the FDD and TDD documents from designated stakeholders to avoid project creep.

●Involved in designing custom SAP roles, performed security units and transported custom roles to approved landscapes for user testing.

●Configure various roles such as Single, Composite Roles, and Derived roles using the Profile Generator (PFCG).

●Worked with the off-shore team, led and provided daily tasks, providing knowledge transfer (KT) and training to off-shore resources for the entire security design/development and managed services, and reviewed the delivered work and deliverables.

●Worked with the Business Process Owners to restrict sensitive transactions and security authorizations and ensured segregation of duties across business areas.

●Perform Role and User Level analysis for sensitive access and SOD worked with Role owner and process owners to address risk and assisted with outright remediation and mitigation.

●Migrated roles from Dev environment to QUA using TR request.

●Troubleshoot authorization errors using SU53, SU56, SU24, ST01, SUIM, and proffered timely resolutions.

●Prepared the environment for UAT-Migrating roles from QUA to PROD, Map roles to UAT users who tested and logged security issues and signed off after all issues were resolved. Secured Go-Live decision/Sign off from Mgt.

●Performs user provisioning activities, including setting up new accounts, password resets, assigning users to appropriate groups, and assigning security roles according to employee/contractor approved positions.

●Prepare all applicable deliverables, such as standard operating procedure documents.

●Performed production support activities

●Provide knowledge transfer and train the trainer exercise to client personnel on security authorization concept and security design/implementation.

●Configured ARA for continuous monitoring, risk detection and assisted process owners in mitigation and remediation of identified risks

●Review and act on daily monitoring/change reports, perform regular system audits to detect deviations of established procedures, role mapping, and unauthorized changes to the SAP security, and report findings to management.

●Perform Firefighter ID Provisioning Tasks and Troubleshoot any issues relating to Firefighters or IDs and GRC in general.

●Leveraged SAP GRC access risk analysis to ensure segregation of duties (SOD) exists and Sensitive Access in the system is monitored.

●Responsible for Access Requests creation on GRC Access Request Management tool.

●Performed GRC AC post installation activities and implemented ARA, EAM, BRM and ARM based on client requirements.

●Leveraged the business role management functionality of GRC to ensure the necessary roles are available for assignment/provisioning.

Education And Credentials

BSC in Business management - University of ilorin,Nigeria

Reference

Available on request.

Contact this candidate