Security Sap
Resume:
Jayashree Murthy
SAP GRC/SECURITY CONSULTANT Email: adavr4@r.postjobfree.com
Mobile: +1-425-***-****
Total Years of Experience: 11+ years SAP Security Experience: 8+ years
SAP Implementation/Golive Projects: 3 SAP Support Projects: 2
SAP Testing Project: 1
Extensive experience in SAP R/3 4.7 & ECC 6 - SAP GRC / SAP Sarbanes-Oxley Compliance / SAP Security Implementation / HR security / HR Structural authorization / E-recruitment Security/EP User Administration / SAP Security Administration.
Implementation & support of GRC 10.0
Knowledge of SAP S/4 HANA authorization concepts and SAP Fiori Authorization concepts.
Expertise in GRC / Enterprise Portal /SOD /Security Assessment / SAP Authorization / Roles and SOX Auditing / Reporting.
Experienced in providing solutions for common/complex SAP security support issues, GRC, SOX compliance and Authorization.
Excellent communication skills, customer-oriented approach to support of production processes, able to communicate with non-technical partners concerning the security or control of the business processes.
Education: Bachelor of Engineering from Kuvempu University.
Visa Status: L2 EAD valid till October 2020.
Work Experience (In Descending order)
Teaching “Sap Security Basics”, “Sap Authorization Basics”, “Sap GRC Security Basics” courses at habitat consulting, a premier sap training institute in Bangalore, India on a part time basis from August 2016 till date.
1) Dec 2008 – March2016 @ Cognizant technologies Ltd (CTS), Bangalore as Senior Consultant- ERP (Sap Security/GRC)
2) May 2005 – Nov 2008 @ ABB India Ltd, Bangalore as SAS- UAM / GRC Consultant, SAP Access Control and SAP R/3 interface.
Projects (In Descending Order)
Aug 2011 to March 2016 @CTS, India: SAP Security/GRC Support @Abbott Laboratories
Responsibilities:
Primarily responsible for Analysis, Design, Development, Testing, Implementation, assigning of roles in ECC, Implementation and administration of GRC Portal and Audit reports for various countries
.
Table level authorizations restriction and Restricting table access through authorization groups
SAP authorization Support (Authorization Analysis of SU53 and ST01 Trace logs)
Involved in the Business Blueprinting Phase.
Implementation of SAP GRC 10.0 (ARA, ARM, EAM, and BRM) Installation and Configuration.
Assisted developing GRC 10.0 rule set for all modules with Functional and Controls teams
Worked as an administrator for GRC access control - assigning roles to users, updating of role approvers for different stages, password locking/unlocking management, approver delegation, maintenance of role approvers for different countries, SOD analysis for roles and system technical specification maintenance.
Worked as an administrator for Enterprise Portal – assigning of roles, user locking and unlocking.
Utilized GRC Compliance Calibrator in identifying Segregation of Duty (SOD) conflicts as defined by Internal and External controls at user level and Role level.
Generating Audit reports periodically, consolidate user role assignments and Reconcile User Master data across various backend systems Production, Quality, Development, Training and Sandbox.
Worked with Development, Basis, Change Control and Business Technology Services teams in providing SAP Security solutions with industry best practices.
Represented SAP Basis Security team in the weekly Change Control Management meetings to review Security changes and defects.
Extensively worked on the Security issues, logged in as ITSM tickets, Defect Reports (DR) and Change Requests (CR) and analyzing the tickets for IT nonconformity.
Performed SAP License Administration analysis, and implementation.
Sep 2010 to March 2011 @CTS, India: SAP Security/GRC Support @ Nike Inc
Responsibilities:
Support for Security roles and Users (Creation/modify/assigning).
User authorization analysis.
Reviewed SAP security for critical SAP BASIS transactions and recommended alternative solutions, Sarbanes Oxley (SOX) and Segregation of Duties (SOD) compliance.
Analysis of existing ECC roles based on Approver SOD analysis
Modification of roles to isolate sensitive transactions
Testing and remediation of roles
Support for GRC CUP administration, authorization roles.
Providing SOX Audit and reporting.
Oct 2009 to Sep 2010 @CTS, India: HR Structural Authorization and
E-recruitment security implementation @ Compass UK/Ireland working at client sites.
Responsibilities:
Implementation of structural authorization profiles.
Creation of Position based, and User based Structural profiles.
Creating Structural profiles Using Function module.
Implementation of E-recruitment Security
Designing and Creation of E-recruitment Roles and Authorizations.
Worked on Structural Security with Adobe forms.
Worked in integration of users with IBM TIM (Tivoli Identity Management).
User administration for NAKISA system.
Worked on EP Portal User role mapping
July 2009 to Sep 2009@CTS, India: Internal Project – HR Structural Authorization Implementation.
Responsibilities:
Implementation of HR Structural authorization in organization management.
oCreation of structural authorization profile using evaluation path.
oCreation of Structural authorization profile using Function Module.
oAssigning of structural authorization profile to users.
oGeneration of RHPROFLO Report for assigning authorizations to organizational object.
oActivating the structural authorization switch.
oAssignment of PD profiles and Standard profiles to organization unit.
oCreation of organization Unit, position.
oHiring process in HR system.
oAssignment of system user ID to personnel number.
Delivered Structural authorization training to Cognizant SAP Team.
Feb 2009 to June 2009@CTS, India: BI and HR security testing @Merck & co
Merck & Co., Inc. is a global research-driven pharmaceutical company dedicated to putting patients first. Established in 1891, Merck discovers, develops, manufactures and markets vaccines and medicines to address unmet medical needs.
Responsibilities:
System Integration Test (SIT) carried out for HTR (hire to retire) in ECC, ESS, MSS and BI portal.
Writing Test scripts in test plan module of Quality Centre.
Executing Tests in the test Lab module of Quality centre.
Test Incident Reports (TIR) management in the defect’s module of quality centre.
Dec 2006 – Nov 2008 @ ABB Ltd, Bangalore: SAS- UAM / GRC Consultant
Worked in Implementation of MYSAP ECC6.0 in SAS Regional ERP Project which covers 10 countries (viz. Australia, India, Indonesia, Malaysia, New Zealand, Philippines, Pakistan, Singapore, Thailand, Vietnam) with a cumulative user base in excess of 10,000 (estimated end users)
Responsibilities:
Expertise in configuring and support of Access Enforcer (AE) which is used as user interface, where a user applies for authorization and upon approval by designated approvers, the user authorization is auto provisioned in the system (SAP ECC6, CRM and BW).
Support GRC Access Control Batch jobs and Reports.
Expertise in configuration of Firefighter, assigning of Firefighter ID’s and roles to Super User and consultants who perform critical transactions.
Expertise in user administration in EP (Enterprise portal) – User creation, mapping of Portal and system Roles, Role creation.
Knowledge of content administration of EP.
Support and Training of Business Process Owners, IT Business Support team members, involved in SAP Security Role testing procedures. Resulting in dramatic reduction of time and resources required for testing, while simultaneously providing a documented, audit compliant, security role change management procedure.
UAM / Access enforcer Pre and Post Go-live Support for India, Indonesia and Australia
Performed User Management for SAP ECC 6.0 / CRM /BW / EP.
Developed / maintained the Roles and their assignment to users. Create new Roles / users for Companies new acquisitions in logistics modules.
Perform Role Management /Transaction security by restricting access to authorization objects. Debugging the user authorization problems using su53 / trace.
Evaluated current user roles to improve system performance.
Review of Firefighter Logs / Audit Logs for SOX requirements.
Worked on Controls of UAM (User access Management ) for Sarbanes-Oxley SOX404
Co-ordination for Internal and external auditors for UAM to assure compliance.
Feb 2006 – Nov 2007 @ ABB Ltd, Bangalore as SAP Consultant
Responsibilities:
Coordinated and performed testing of SAP ERP Security, Worked on SAP Access Control & SOD in collaboration with business process owners.
Role revision activity for all SAP modules thro PFCG.
Authorization debugging thro SU53 / Trace.
Authorization Support for Production, quality and Development environment.
DMT updation of various accesses for different databases like ID Registration, temporary authorization.
Providing authorizations for e-Payment approvers and verifiers through ZFF1.
Regular monitoring of PA20 and PA30 t codes.
Preparation of SOX 404 Artefacts for UAM (User access management) on monthly basis as a part of Controls.
Audit Logs for all IS/IT Personals and consultants through SM20 and the same to be reviewed.
Regular monitoring of List of all Production, quality and development ID’s according to SOD.
Security audit review for all Basis Admin and Super User.
Monitoring of Security audit configuration and Client transactions.
May 2005 – Feb 2006 @ ABB Ltd India, Bangalore. SAP R/3 Interface
Managed the support for SAP R/3 interface for the customer portal.
Training Programmes Delivered:
Delivered Structural authorization training to Cognizant SAP Team
SAP R/3 Overview Training all over ABB India for the new joiners.
End user training for authorization issues in ABB India.
Access Enforcer and Firefighter end User training in ABB Indonesia and Australia.
Contact this candidate