Sign in

SAP GRC, SAP Security

New Delhi, Delhi, India
October 13, 2019

Contact this candidate


**/* ***** ******, ****** -****** MAHAK KUMAR

Distt: Fatehabad (Haryana), India SAP GRC CONSULTANT

Mobile: +91-999**-*****



An experienced consultant with a total of 4.1 years of experience in implementing SAP GRC solution for various clients. Experience includes SAP GRC Access Control 10.X implementation, sustenance, automation and review projects. Worked on SAP Security for ERP systems. Performed GRC system configurations, implementation of various modules within access control application, GRC application audits, technical developments, functional testing, role restructuring, user administration, troubleshooting authorization issues, user training, documentation, hyper care, post go live support and daily support activities. SAP expertise includes extensive knowledge in GRC Access Control application. A self-motivated guy with the ability to communicate at all levels.


Two end to end implementations – one for biggest Public Sector Undertaking (PSU) and other for one of biggest Electrical and Automation Giant

Have done GRC process improvement projects for many multinationals in Power sector, Oil & Gas sector, Automobiles etc.

Performed 4 GRC Audit for IT MNC, leading Automobile companies in India

Been the technical lead on implementation of GRC solution for various clients

Worked on all 4 modules of GRC Access Control application i.e. Access Request Management (ARM), Access Risk Analysis (ARA), Business Role Management (BRM) and Emergency Access Management (EAM)

Implemented periodic User Access Review (UAR) processes

Performed solution testing for multiple clients to assess the design and operating effectiveness of the GRC application

Performed Access Management process review and control testing

Hands on experience in SAP ECC security

Proficiency in designing complex MSMP workflows using BRF+ tool

Have designed custom solutions within GRC application to meet all the clients requirements aligning with industry standards

Performed GRC configurations and post installation steps

Worked on user administration and role design

Integrated various R/3 and Java based systems with GRC application

SoD rule set design and administration activities

Implementation of critical t-code usage monitoring system in GRC to meet audit requirements

Designed various SOPs for client to sustain their GRC systems

Basic knowledge of SAP BASIS


1.EY Global Delivery Services

(Aug 2019 - Present)

Projects Summary -

SAP Security implementation for a USA based agro science company

-This project is Securtity design of various SAP applications which includes S/4 Hana, Fiori, BW, GRC, BPC and other cloud based apps.

-Have participated in designing roles for BPC and GRC systems

-Providing support in role designing and user administration for all the applicatioms including mass user creation using scripts

2.PwC India

(Jan 2018 – July 2019)

Projects Summary –

GRC implementation for India’s biggest public sector undertaking (PSU)

-This project was implementation of GRC Access Control and Process Control applications

-Single handedly did the complete GRC Access Control implementation

-Client had requirements which could not be achieved through standard SAP GRC solution. Therefore customized the solution to meet the client’s requirement and introduced new functionalities which were even not available in SAP application such as handling ECC licenses through GRC system.

-Implemented all 4 modules of GRC Access Control i.e. ARM, ARA, BRM and EAM

-Designed complex rules using BRF+ tool

-Customized GRC homepage for users and made it easy to use

-Did user training PAN India through video conferencing and visiting client offices at different locations

-Gained knowledge of SAP GRC process control being a part of PC implementation team

GRC Audit for an Automobile Giant

-Performed SAP GRC Access Control audit for a Pune based automobile company and discussed the final report with management

-This audit includes reviewing their SoD rulebook, various access approval processes, review processes being followed in the organization

GRC process improvement for leading Oil & Gas company

-Implemented various workflows in Access Control application such as Function maintenance, risk maintenance and mitigating control maintenance workflows

-Helped client in setting up Sustenance and Governance model for SoD rule set

-Did analyze the risk analysis reports and share the trend with client to take corrective action on same

GRC Audit for a leading two-wheeler manufacturer

-Audited their GRC Access Control application, User Access Management process on transfer to different locations, departments and Role design review

-Discussed the recommendations shared in report and their implementation strategy

Post go-live support for an Automobile company

-Configuration changes, SoD rule set upload and running risk analysis reports

-Handling user queries and helping approvers in granting the required authorization

-Reporting product bugs to SAP

GRC Review for IT MNC

-Performed GRC application review which includes configuration checks, various approval process evaluations and analyzing the open SoD violations across the company

Hyper care support for multinational Conglomerate

-Resolving implementation issues in access request management process in GRC application

-Customized the email notification being sent to users and approvers

-Providing resolution for various design level challenges being faced by client

3.Larsen & Toubro InfoTech

(Jul 2015 – Dec 2017)

Projects Summary –

GRC implementation for Mumbai based Electrical and Automation Giant

-This project includes implementation of Access Request Management (ARM) and User Access Review (UAR) process in GRC Access Control application

-Client has got their ARM solution customized to incorporate assignment of release authorizations (PO/PR/SES) in their existing process being followed to assign normal accesses

-Designed a new SoD ruleset specifically for release authorization segregating it from normal access requests

-Customized email notifications and configured email reminders

-Designed complex MSMP workflows with multiple stages

-Implemented critical t-code usage monitoring system using User Access Review (UAR) process in GRC 10.0 application. Auditors have listed out certain t-codes to be very critical for client’s business. Therefore designed UAR in a way to meet all the audit requirements by fetching t-code and role usage data from ECC system into GRC application and generating review requests for business.

-Conducting user training and delivered documentation post go-live

-Post go-live support, daily monitoring and raising product issues to SAP

POC on GRC 10.1 implementation

-This project was POC on SAP GRC Access Control 10.1 implementation on a sandbox server

-Performed post installation and basic configuration of the applications

-Configured all 4 modules of Access Control i.e. ARM, ARA, BRM and EAM

-Configured all standard workflows

-Raised queries on SAP SCN for GRC issues

-Created a copy of standard SoD ruleset

Support project for SAP Security for an international Oil company

-Performed user administration and role designing based on functional requirements

-Assigning required authorization to users

-Troubleshooting authorization issues

-Daily monitoring


Basic knowledge of SAP BASIS as I worked on BASIS support projects, performed SAP system refresh & Oracle 12c upgrade activities


B.Tech in Electronics & Communication Engineering (June 2015)

Guru Jambheshwar University of Science & Technology (GJUS&T), Hisar – Haryana

Contact this candidate