Resume

Sign in

SAP Security

Location:
New York City, NY
Salary:
140K
Posted:
October 25, 2019

Contact this candidate

Resume:

Addis Worku

A Senior SAP Authorization System Analyst, Architect and Consultant

adaoe7@r.postjobfree.com

972-***-****

USCIS # A202-025-596

Summary

Addis is an SAP Security SME with 11+ years of professional experience in SAP Solutions in APJ and North America. He has worked as SME in SAP R/3-ECC Security, SAP CRM Security as well as SAP BI/BW Security. Addis has experience in various SAP Domains including ECC, CRM, BI, HCM, and all ECC Modules (MM, FI-CO, SD, PP, and OM…). He has also worked in SAP HANA Security and SAP GRC. Addis has been involved in 4 Complete project lifecycles – from blue print to design into post implementation duties and support. He is an expert in upgrade activities – planning cutover and go live.

Project Experience

Experience in a BIG 4 firm.

Self-directed leader Managing on and off shore teams.

Delivered SAP Security work as an on call consultant.

Experienced in taking charge to drive SAP Security work to completion in accordance with target resolution time as in SLAs.

Comfortable interacting with senior managements from IT / Business / Audit teams as well as Contractors.

Excellent oral and written communication skills with the ability to work under pressure with all levels of technical, business management staff and effective in working with a team environment as well as self-directed.

Prioritized and delivered SAP Security thickets for Production support activities in accordance to SLA’s.

Experience managing issues identification, root cause analysis, segregation of duties across enterprise with appropriate close out.

Strong experience in the Design, implementation of controls, and support of security processes in an SAP ERP including new implementations, role redesign, or assessment of a client’s controls environment.

Experience in ITGC/AC work.

Experienced with Security audits, SOX (Sarbanes Oxley) compliance, Segregation of Duties (SOD) with strong understanding of Segregation of Duties frameworks.

Excellent understanding of Sarbanes-Oxley Act section 302 and 404.

Worked in SAP Security design and implementation duties in the ASAP methodology.

Expert knowledge of SAP ECC Three-Tier Architecture (Presentation, Application and Database) and the SAP System Landscape (Dev, Qas, and Prd).

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SE93 and SAP Security related tables.

Day-to-day support and troubleshooting of R/3 security issues by using ST01, SU53 and tables (USR*, AGR*) via SE16 for the identification and resolution of authorization failures).

Knowledge and experience of SAP business process, user provisioning process, and security maintenance process.

Experience in troubleshooting R/3 - ECC Security issues (SU53, SUIM and ST01) and maintenance of Authorization, Roles/Profile using Profile Generator (PFCG).

Worked on production support by daily monitoring SAP security issues and maintained authorizations through PFCG, SUIM, SU01, ST01 and SU53 across modules (FI/CO, MM and SD…).

Experience on Central User Administration (CUA) maintenance and set-up with SCUA, SCUM, SCUG and SCUL.

Experience in Unit Testing and User Acceptance Testing.

Mass generations and mass transports (from PFCG and SE01/SE10) and used the profile generator to examine authorizations in existing roles, identify improper authorizations and taking corrective action.

Experience on SAP CRM Security design and support with expert understanding of the dependencies between Business to PFCG Roles.

Expert on reports CRMD_UI_ROLE_PREPARE - CRMD_UI_ROLE_ASSIGN, trace type UIU_COMP, transaction codes CRMC_UI_PROFILE as well as PPOMA_CRM.

Experience in user to role assignments, as well as org level assignment of business roles to end users.

Worked from the blueprint stage of an CRM implementation, with a proactive involvement of business owners to develop org levels, defining Business Roles and the corresponding PFCG roles.

Experience working with HR teams for the development of organizational structures, structural authorizations as well as working with PPOSE, PPOME, and PP03 to manage Organization Plans.

Hands-on with RSECADMIN in BW Security.

Worked on in BI 7.0

Hands on to deliver Security on SAP In Memory Computing (SAP HANA Security).

Hands on in SAP GRC 10.

Worked on SAP GRC 10.1.

Hands on with T-Code SPRO for SAP Reference IMG Configuration.

Team Lead for SAP UA/DA Deliveries.

Worked on OSS messages.

D-escalated RCA production down cases for SAP MAX-Attention customers.

Lead SAP Security and GRC Administrator

Collabera Basking Ridge, NJ. September 2019 – Present

Client: Viacom Inc.

Role: SAP GRC 10.1 SP22 Administrator New York, NY. September 2019 – Present

Responsibilities:

Worked on SAP GRC 10.1 SP22 ARA (Access Risk Analysis), EAM (Emergency Access Management) …

Hands on with T-Code SPRO for SAP Reference IMG Configuration.

Managed end to end User Access Provisioning from Risk Analysis, Simulation to Risk Creation and Ruleset Updates.

Handled Risk Analysis for Custom-Transactions and Maintained Rulesets, Analyzed Rulesets in T-Codes and handled many User Access Requests per day.

Mitigated, Remediated and Resolved SOD conflicts.

Worked on the Creation and Update of Risks, analysis of Fire Fighter logs and retrieval of Audit Reports.

Run Table reports from TADIR and E070 for Directory and Repository Object Data and Change and Transport System information via SE16N in the backend ECC system for review by External Audit.

Created Rulesets, Analyzed Actions, Permissions and translated 15-20 custom T-Codes per shift.

Worked in the Set Up of Access Rule Maintenance on SOD Rule Sets, SOD Functions, Access Risks and Mass Maintenance of Risk Owners Assignments.

Set Up Critical Access Rules for Critical Roles and Critical Profiles.

Generated Rules on Access Rule Summary and Access Rule Detail Reports.

Set Up Mitigating Controls from Creation, to Copying and Deletion to Mass Maintenance of Mitigation Control Owners.

Worked on Emergency Access Assignment from the Set Up of Owners, Firefighter IDs to Mass Maintenance.

Worked on Emergency Access Maintenance from Assigning, Copying, Re-assigning to Deletion of Firefighters and Creation, Copying, Deletion and reset usage of Controllers.

Worked on the Set Up of Access Control Owners from Creation, Copying, Deletion to Importing, Adding, Removing of Role Owners Criteria into the Mass Upload of Risk Owners.

Worked on the Set Up of Adding into Deleting the Maintenance of Rule to Role Mapping.

Worked in the Set Up of Access Control Owners, Role Owners to the Mass Upload of Risk Owners.

Performed Access Risk Analysis, on Action, Permission, Critical Actions, Critical Permission and on Critical Role/Profile level including Mitigated Risks with consideration of Org Rule on User, Role and Profile level as well as Simulations on all these levels.

Performed Access Mitigation for SOD User Mitigations, SOD User Org Mitigation, SOD Role Mitigation, SOD Profile Mitigation and SOD Role Org Mitigation.

Performed End-to-End Access Request Creations.

Worked in the Creation, Copying and Deletion of Business Role Management in Role Maintenance.

Performed Role Mass Maintenance with Role Import, Role Update, Derived Role Org. Value Update, Role Derivation, Role Risk Analysis and Role Generation.

Performed Role Mining on Action Usage by User, Role and Profile as well as Role Comparisons.

Performed Role Mining on User to Role Relation, Role Relationship with User/User Group, Compare User Roles, Count authorization in Roles and Count authorization for Users.

Worked on Scheduling Background Jobs with the Background Scheduler.

Worked on running Role Management Reports for List of Actions in Role, to Compare Actions in Menu and Authorizations, to Compare User Roles, to Compare User to Role Relationships, Role Relationship with User/User Group, to Display PFCG Change History, to Run Mater to Derived Role Relationship, Single to Composite Role Relationship and running reports for Roles by Date of Generation.

Worked on running Access Risk Analysis Reports in Access Rule Summary, Access Rule Detail, Mitigating Control Report, User Risk Violation Report (Risk Analysis on User level), Role Risk Violation Report (Risk Analysis on Role Level), Profile Risk Violation Report (Risk Analysis on Profile Level) and Mitigation Object Report.

Run Security Reports on Action usage by User, Role and Profile as well as Expiring Roles for Users.

Worked on running Access Request Reports with Conflicts and Mitigation, by Roles and Role Approvers, Approver Delegation, SOD Review History, User Access Review History and User Review Status.

Run Emergency Access User Management Reports to Update Firefighter Log in Consolidated Log Report.

Worked on running Invalid Super-User Report, Firefighter Log Summary Report, Transaction Log and Session Details as well as SOD Conflict Reports for Firefighter IDs (Risk Analysis for Firefighter IDs).

Worked on running Audit Reports on Actions in Roles but not in Rules, run Permissions in Roles but not in Rules as well as Change Log Reports.

Sabbatical New York, NY. October 2013 – August 2019

During my Sabbatical I:

Brushed up on my core competency.

Got up-to date industry updates from the Service Market Place, contacts and leads.

Volunteered for various organizations.

Provided bed and breakfast service out of my home.

News casted for an Ethiopian Political Satirical Show called Fugera News as a Civil Rights and Social Action Volunteer.

Senior Associate

KPMG LLP New York, NY. September 2011 – September 2013

Client: National Grid US

Role: Sr. SAP Security SME Waltham, MA / Syracuse, NY. May 2013 – Sep 2013

Responsibilities:

Expert knowledge in SAP ECC Three-Tier Architecture (Presentation, Application and Database) and the SAP System landscape (Dev, Qas, and Prd).

Experienced as a liaison between security, basis, functional, business owners and teams for the evaluation of requirements as well as the definition, development, testing and Go-Live of Role Based, Position Based or User Based SAP Security Role-Outs.

Able to work alone and implement SAP Security Best Practice.

Experience managing Issues Identification, Root Cause Analysis, Segregation of Duties across enterprise with the appropriate close out.

Strong experience at designing security for SAP R/3, ECC, BW/ BI, CRM, HANA….

Worked in trouble shooting various post Go-Live ECC Security system access issues and mitigated or remediated them using t-codes such as PFCG, ST01, SUIM and SU53.

Experienced in Go-Live Activities, Role Development (PFCG), Employee to PFCG Role Mapping, Unit Testing as well as User Acceptance Testing.

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SE93 and all SAP Security related tables

Experience in SAP tables such as AGR_DEFINE, AGR_USER, AGR_TCODE, USR40, USR02, USRGRP for Security work on users’ roles and profiles.

Expert on reports CRMD_UI_ROLE_PREPARE - CRMD_UI_ROLE_ASSIGN, trace type UIU_COMP, transaction codes CRMC_UI_PROFILE as well as PPOMA_CRM.

Worked on SOD remediation for SOX compliance and experienced in SAP GRC Access Control.

Experience in Analysis Authorizations from BI 7.0.

Hands-on with Security for BI 7.0.

Client: National Grid US

Role: Sr. SAP Security Year End Support Syracuse, NY. March 2013 – April 2013

Responsibilities:

Worked on defining Standard Operating Procedures (SOPs) and documentation of SOX key control procedures and sign-off in the Risk Control Matrix(RCM) for a P2P payroll process.

Coordinated to define the process activities required to effectively execute key controls related to SOX business requirements.

Assessed complex governance requirements and provided clients with leading practice recommendations of governance as it relates to security, segregation of duties and role management.

Audited and examined SAP GRC implementation.

Perform regular system Audits SM18, SM19 and SM20N.

Client: KPMG – SAP Practice North East

Role: Sr. Associate SAP Security New York, NY. January 2013 – March 2013

Responsibilities:

Coordinated conference calls to allocate work for associate resources on accounts as needed.

Gave SAP Security Subject matter response for Client Service Delivery (CSD) resources.

Tracked status of work on weekly calls.

Prepared SAP Security White Papers on the SAP Authorization Concept for internal use.

Worked with security mangers of clients to identify missing authorizations and resolve their issues.

Debugged various SAP Security technical issues for various implementations and provided Solutions, Work Arounds and Best Practice Approaches.

Used SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SE93 and all SAP Security related tables.

Made a meaningful contributions to the development of new and existing industry based solutions and methodologies to grow the SAP Practice.

Worked on SAP HANA Security.

Hands on in SAP In-Memory User Management.

Hands on in SAP In-Memory Role Management.

Hands on in SAP In-Memory Privileges Management.

Client: IBS Americas

Role: Sr. SAP Security Consultant Woodcliff Lake, NJ. November 2011 – December 2012

Responsibilities:

Managed low-level work to offshore resources.

Actively participated in client discussion and meetings, manage the engagement, prepared project documentation and lead workshops on security topics.

Strong knowledge of ERP security concepts, including design, implementation, go live and post go lives support within best practices methodology.

Worked on Security Role Testing, Restricted Open Authorizations to sensitive T-Codes in cooperation with role owners and compliance teams.

Experience understanding of leading practices as it relates to ERP Security, and provided recommendations on security role design and implementation

Gathered the required information to build BPML (business process master list) as a blue print for security role derivations.

Configured the implementation in accordance to BPML specifications and within the scope of their End-users business functions.

Derived PFCG Roles with the appropriate org values based on the BPML.

Trained Security liaisons to help functional users get an understanding of the SAP System logons and SAP’s Role Based Authorization concept.

Utilized ticketing tools for security deliveries in SLA.

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SE93 and all SAP Security related tables

Worked in User Administration – I.e. User ID Creation, Modification, Deletion, and Password Resets – SU01, SU10.

Worked on System Users and Audit Logs – SM18, SM19 and SM20N.

Worked on role administration with profile generator I.e. PFCG creations and modifications.

Worked in STMS, SU24 and SU25.

Experience in SAP Client Copy.

Utilized PFCG (Profile Generator) and ST01 traces to examine Authorizations in existing roles and identified improper Authorizations for correction.

Worked on Unit Testing and User Acceptance Testing.

Experience in SAP GRC 10 – Access Risk Analysis(ARA), Emergency Access Management(EAM), Business Role Management(BRM) and Access Request Management(ARM).

Hands on with T-Code SPRO for SAP Reference IMG Configuration.

Worked on mapping PFCG to Business Role Mapping in CRMC_UI_PROFILE.

Expert on reports CRMD_UI_ROLE_PREPARE - CRMD_UI_ROLE_ASSIGN, trace type UIU_COMP, transaction codes CRMC_UI_PROFILE as well as PPOMA_CRM.

Experience working with HR teams for the development of organizational structures and structural authorizations.

Worked on the deployment of HR Security.

Intensely utilized PPOSE, PPOME and PP03 to manage an HCM deployment.

Worked on RSECADMIN for BI Security.

Senior SAP Security Consultant

One-Solution Consulting Dallas, TX. October 2009 – September 2011

Client: Chemtura Corp.

Role: Sr. SAP Security Consultant Middlebury, CT. October 2009 – September 2011

Responsibilities:

Managed an SAP CRM Security work from Preparation-Cut-Over-Go live and Production Support.

Documented security policies and procedures and provided post go-live SAP Security support.

Responsible for Security Role Development as well as Creation of Users, Maintenance of Authorization Objects, and Assignment of Roles to Users.

Shared knowledge on the dependencies between Business to PFCG Roles in SAP CRM Security.

Utilized PFCG (Profile Generator) to examine Authorizations in existing roles and identified improper Authorizations for correction.

Defined Business Roles and the corresponding PFCG roles.

Expert on reports CRMD_UI_ROLE_PREPARE - CRMD_UI_ROLE_ASSIGN, trace type UIU_COMP, transaction codes CRMC_UI_PROFILE as well as PPOMA_CRM.

Configured Org level assignment of business roles to end users.

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SE93 and all SAP Security related tables

Restricted open authorizations to sensitive T-Codes in cooperation with role owners and compliance teams.

Good understanding of all BW components including BEx and new age BI components.

Worked on RSECADMIN for BI roles.

Support Consultant

Center of Excellence (CoE)

SAP AGS (Active Global Support) Shanghai, China. October 2007 – October 2009

Client: Saudi Aramco, VW China and other SAP Customers in APJ and EMEA regions

Role: Support Consultant in SAP Security, Basis and Upgrade

Responsibilities:

Team Lead for SAP UA/DA Deliveries.

Worked on OSS messages.

D-escalated RCA production down cases for SAP MAX-ATTENTION customers.

Processed a high volume of tickets and maintained an above target track record in message solving.

Worked closely with Colleagues, Nexuses, Note Owners and Developers to provide solution for SAP clients.

Portrayed an end to the end commitment in resolving customer issues and exhibited high productivity under intense deadlines.

Troubleshoot authorization issues using transactions SUIM, SU53, ST01 by following established security guide lines to solve SAP customer issues belonging to various security components in message solving.

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SE93 and all SAP Security related tables.

Analyzed Security issues and reproduced the problem in test systems to better understand various customer thickets and provide solutions in a timely manner.

Exhibited high efficiency in analyzing System log SM21 and ABAP short dumps while working on various basis components in message solving.

Maintained a high volume, responsible and prompt conference calls by being accountable to the set objectives and portraying a very high commitment to customers until their problems are resolved.

Delivered a high quality of Upgrade and Downtime Assessment services for various multi-cultural SAP upgrades.

Acted as a liaison between the Development back office in Germany and various Customer Upgrade teams for all aspects of a UA/DA project.

Worked in SAP Systems Design, Configuration, Installation, Upgrade, Transports Management.

Hands-on Client management including Creating, Deleting and Copying Clients SCC1, SCC4, SCC5.

Worked in SAP TMS (Transport Management System).

Worked on Complete Setup, Correction and Troubleshooting TMS issues on STMS. SCC1.

Worked on Client Copy and RFC Configuration.

Hands on Synchronous and Asynchronous RFC work.

Hands-on on Spool Administration SP01, SP02 …

Worked on the setup of virtual machines Red Hat.

Worked in SPAM/SAINT.

Associate SAP Security Consultant

One-Solution Consulting Bangalore, India. October 2002 – October 2007

Client: GM, Schweppes and Clients in Continental America/APJ

Role: Associate SAP Security Consultant

Responsibilities:

Monitored daily SAP security issues and maintained authorization issues through PFCG, SUIM, SU01 and SU53.

Used PFCG (Profile Generator) to examine Authorizations in the existing roles, identify improper Authorizations and correct them.

Provided production and Post-Production Support for SAP R/3 Security and project teams across all modules (FI/CO, MM, SD…).

Worked under intense pressure from senior SAP Security consultants on troubleshooting various SAP Security issues.

Created users, maintaining authorization objects, and assigning roles to Users.

Reviewed SAP Security tickets and prioritized them in accordance to their criticality.

Documented security policies and procedures.

Gained a deep understanding of SAP R/3 Three-Tier architecture (Presentation, Application and Database) and the SAP System landscape (Dev, Qas, and Prd).

Established a great understanding of the role based authorization concept.

Education

Masters in Organizational Change Management Milano School of Policy, Management and Environment –The New School New York, NY September 2016 – September 2017

Bachelor of Computer Applications

J.R.N Rajasthan Vidyapeeth University Udaipur, Rajasthan, India. July 2003 – July 2007

Trainings

Cybersecurity – The Essential Challenge for Digital Transformation

Open SAP Taught Leaders Hasso Plattner Institute Prof. Dr. Christoph Meinel Nov 11, 2015

GRC10

KPMG Business School Philadelphia, PA. May 2013

Advisory Fundamentals for Experience Hires

KPMG Business School Atlanta, GA. January 2012

ADM 940

SAP Education Philadelphia, PA. Jan 2010

Certifications

German Chamber of Commerce

Working Professional @ SAP including skills in:

Project Management

Time Management

Business Writing

Intercultural Communication and Presentation Shanghai, China. January 2008

SAP AG Skill Development in Product Support

TASU05/10 SAP Fundamentals Shanghai, China. February 2008

SAP Support Academy

Service Consultant Candidatus Early Watch 2005

Software Component SAP NetWeaver Waldorf, Germany. May 2008

SAP AG Skill Development in Product Support

Process in Message Solving 2008 Shanghai, China. June 2008

Language Skills:

English – Native Fluency

Amharic – Native Fluency

Computer Skills:

MS Office Suite of Products and A+

Volunteer Experience

TD Five Boro Bike Tour – On The Road Emergency Assistance.

New York Cares – Gardner at Gantry Plaza State Park.

American Heart Association – Contributor and Participant at AHS Wall Street Run/Walk

Reference available on request



Contact this candidate