Sign in

Sap Security

Quezon City, Philippines
February 25, 2020

Contact this candidate


Narciso B. Cruz Jr

Brgy. Daang Bakal, Mandaluyong City, Philippines

Cell: +639********* • Email:


Skype Name: narcisocruzjr

Summary of Qualifications

10 Year Experience in IT Industry, Mainly in SAP Security Administration, SOD, Audit and GRC

In-depth Knowledge & Experience in SAP Security User & Role Administration (Create/Modify/Delete/Investigate)

In-depth Knowledge in SAP ECC R/3, BO/BOBJ/BI/BW, HANA, HR/HCM, APO, SOLMAN, CRM, Fiori, & Netweaver/Portal Security (EP/PI & PLM)

Strong understanding of Segregation of Duties framework & Working knowledge on sensitive transactions

Experience in Technical Cutovers, Upgrades/Enhancements for Security requirements such as SU24/SU25

Knowledge in SAP Scripts (eCATT) & Script Recording and Playback

Experience in SAP Change Management & Transports (STMS, Realtech TM, Transport Express)

Experience in 4 full life cycle implementations of GRC Access Control 10/10.1 Suite (ARA, EAM, ARM/ARQ & BRM)

Experience in support based projects (AMS) & project implementations

Experience in SAP Audits & Compliance Requirements (CARM, GDPR, SOX)

Experience in project planning & management tracking (Budgets, Management Reports)

Lead & Managed SAP Security Delivery Team on a global scale

Trained SAP Professionals for SAP Basis-Security Tasks

Defined & developed Security control strategies & solutions

Experience in full-scale / end to end implementations (from blueprints, budgeting, go-live to maintenance support)

Professional Experience

SAP Security & GRC Lead Oct 2017 – PRESENT

PCM BPO LLC (Direct Marketing Company) Metro Manila, Philippines (SAP Security, SAP GRC, SAP R/3, Servicenow)


Responsible for the development & management of user access rights in SAP

Provide thorough Segregation of Duty Analysis for any new user or role amendment request

Evaluate & resolve the SAP security issues within the company by following the standardized procedures

Perform system audits to detect deviations of established procedures, role mapping & unauthorized system activity

Supervise Security monitoring activities including but not limited to Terminations, Inactive user cleanup & SOD Checks

Work with Audit team to provide any reports for Quarterly/Year-end audits

Support end-users with troubleshooting & configurations when required

Introduce & Document new SAP Security Control Strategies & Solution

Perform Exposure Analysis on Active / Accepted risks


Designed SAP User Profiles, Roles, Groups & Organizations from Scratch

Established SAP Security Controls, Standards, Policies and Processes

Implemented SAP GRC 10.1 (ARA and EAM)

Involved in creating a custom SAP GRC 10.1 Ruleset

Setup of Catalogs, Groups, Roles in SAP Fiori

Involved in End-User Trainings & Migration from a non-SAP Software

Technology Consultant III - SAP Security & GRC Consultant Jun 2015 –Nov 2017

HP/HPE/DXC Technology (IT Service Provider) Metro Manila, Philippines (SAP Security, SAP GRC, SAP R/3, SAP BW/BI, SAP Netweaver, SAP APO, SAP HR, SAP Solman, Remedy, Irequest)


[Client #1 : American multinational confectionery, food, & beverage]

Support Irequest application for automated user administration for SAP Accesses (ABAP & Portal Accounts)

Perform Adhoc investigations & Audit reports.

Perform L1 – L3 support for SAP Application Security

Perform SAP role design & modifications for SAP Modules such as (ECC, BW, HR, Solman and Netweaver)

Perform SAP User and Role design on SAP Hana Studio

Involved in technical cutovers for prior & post checks for SAP Security (SU24/SU25, User Locking, Job monitoring)

Perform Risk analysis & report SOD risks to Business Process Owners

Perform GRC Synchronizations for up to date risk analysis

Update Firefighters & GRC Ruleset if a required

Participate in GRC 10.1 upgrade from GRC 5.3

[Client #2 : Largest conglomerates in the country]

Participate in Blueprint, Budgeting, Resource & Timeline creation for GRC Implementation

Implement SAP GRC Access control 10.1 (ARA, EAM, ARM & BRM)

Document GRC Configuration system requirement & perform GRC post-implementation steps

Download & upload ruleset & mitigate to production, review access risk & suggest remediation

Provide consulting on SAP GRC AC design with best-practice implementation

Drive audit queries on user access management via GRC & support auditor’s access in the production environment


Received Awards for Excellence and Quality of Work

Involved in 2 GRC 10.1 Implementation Projects

Involved in SAP Security role remediation’s in line with the GRC implementation projects

Recognized as SME for BW/BI Analysis Authorization Issues for the team

Presented Company’s GRC & SAP Security Service to potential clients

Software Engineering Team Lead - SAP Security & GRC Lead Jan 2014 – May 2015

Accenture (IT Service Provider) Taguig, Philippines (SAP Security, SAP GRC, SAP R/3, SAP BW/BI, SAP Netweaver, SAP APO, SAP HR, SAP Solman, Remedy, Servicenow)


[Client #1: British multinational alcoholic beverages]

Manage a team of technical hands-on Security consultants that build & run SAP Security solutions

Design & implement IT & SAP Security roadmaps for clients, including how to handle Security risks

Work with SAP to understand latest technical solutions & deploy fit for purpose solutions that are scalable & meet performance requirements.

Responsible for maintaining general documents & descriptions

Defines processes & templates, KPIs in cooperation with Management

Identifies relevant standards & regulations for IT

SME level knowledge in GRC AC modules EAM, ARA, & User Access Review flows

SME level knowledge on all SAP Security Modules/Landscapes such as (ECC/R3, BI/BW, HR/HCM, APO, CRM, PLM and Portal/Netweaver)

Prepare the team on prior and post SAP Security Tasks for Technical Cutovers and Upgrades.

Ensures Continuous Improvement, documents lessons learned, takes corrective & preventive action

Leads & supports Security Projects

Provides Security reporting

Ensures appropriate documentation Reports

Manage to agreed budgets, driving value out of software & services contracts

Deliver to agreed scope. Ensure scope is controlled through effective Programme governance. Partners with Solution Architects to promote standard, out of box solutions to be adopted.

[Client#2: Major Brewery in South Africa]

Assist in configuring SAP GRC Access control 10.0 (Access Risk Analysis & Emergency Access Management)

Document GRC Configuration system requirement & perform GRC post-implementation steps

Assess workload of SAP Security & GRC Tasks for transfer of support from different 3rd party support


Was sent to South Africa for a GRC 10 Implementation Project

Promoted 3 times in a span of 3.5 years (from lvl 12 Associate Software Engineer to lvl 9 Team Lead)

Worked with developers to automate repetitive tasks

Lowered Team’s Workloads from 16 FTE down to 11

Senior Software Engineer – SAP Security & GRC Analyst May 2010 – Dec 2013

Accenture (IT Service Provider) Taguig, Philippines (SAP Security, SAP GRC, SAP R/3, SAP BW/BI, SAP Netweaver, SAP APO, SAP HR, SAP Solman, Remedy, Servicenow)


[Client: British multinational alcoholic beverages]

Provide User Administration & Access Support in the Global SAP Instance

Perform L1 – L3 support for SAP Application Security

Responsible for Technical Design, Development, Testing, Implementation & Support of SAP Security Roles, across all SAP landscapes (ECC/R3, BI/BW, HR/HCM, APO, CRM, PLM and Portal/Netweaver)

Responsible for SAP Transports using Transport Manager by Realtech & Transport Express by Basis Technologies

Deliver SOX/CARM User Reports & perform Ad hoc investigations

Perform regular system audits to detect deviations of established procedures, role mapping, unauthorized system activity, & report findings

Perform prior and post technical SAP security tasks for technical cutovers and upgrades.

Execute quality initiatives & tasks such as metrics collection & reporting

Supervise & coach less experienced team members


Lead Coordinator for Technical Cutovers and Enhancement Pack Upgrades for the whole Project

Created SAP Security documents for faster Roll-In/Roll-off Process for the whole Project

Project’s ISMS Coordinator for Company Certification

Trained Resources for SAP Basis-Security related Tasks

Project’s Asset and Technical Coordinator

Reviewed Projects ISP Contracts, Software Contracts and Various non-SAP License and Agreements that lead to project saving a huge budget allocation

Associate Software Engineer - SAP Authorizations Analyst Feb 2010 – Apr 2010

Accenture (IT Service Provider) Taguig, Philippines (SAP Security, SAP R/3, SAP HR, Remedy)

[Client: American multinational medical devices, pharmaceutical & consumer packaged goods manufacturing company]

Responsible to assign proper Security access & password to users in the SAP system

Responsible for the development & management of SAP user access

Evaluate & resolve the SAP Security issues within SAP by following the standardized procedures & processes

Build SAP Security roles & authorization

Ensure the compliance with the Security policies, processes & procedures pertaining to the SAP application


Learned Basic Principles of SAP Security

Learned Standard Operating Procedures for SAP User Creation and Role Management


Bachelor of Science in Electronics & Communications Engineering 2004 - 2009

Polytechnic University of the Philippines

Character References

Full Name Position Company Contact Number

1. Rory Zaks Country Manager PCM BPO LLC +639*********

2. Jessica Ong Project Manager PCM BPO LLC +639*********

3. John Hofileña Project Manager DXC Technology +639*********

4. Carl Napo Supervisor DXC Technology +639*********

5. Ruby Deyto Project Manager Accenture +639*********

6. Alfred Manaog Supervisor Accenture +639*********

Contact this candidate