Carl Shepherd SAP Security Consultant Page * of * adcgwe@r.postjobfree.com
Carl Shepherd B.A., CISSP
SAP Security Consultant Swiss & Canadian Citizen
adcgwe@r.postjobfree.com, +41-76-282-**-**
http://www.linkedin.com/in/carlshepherd
HIGHLIGHTS
Goal oriented • Independent • Easy going • Global outlook • Flexible • Hands on • Technically Proficient
Experienced SAP security consultant/architect, with CISSP certification
More than 15 full project lifecycles encompassing most ECC modules
Extensive HR and BW experience, as well as experience with Portal, GRC and other SAP products CONSULTING SKILLS
Delivering customer focused implementation and support - encouraging and enabling knowledge transfer
Defining and analyzing business requirements to enable process driven technical implementation
Conceptual design of end to end technical concepts – with complete validation, implementation, support and documentation
Defining strategies for implementing specific technical solutions - for support and end-users TECHNICAL SKILLS
GRC 10.1 AC, PC and RM security and ruleset design, implementation, testing, and support
BW Security (2.1 - BI 7.0) concept, design, implementation and support
ECC Security (ECC 6, NW7) strong configuration and analysis experience using Profile Generator
Writing and assessing SAP security related technical specifications and documentation
Training security team members to implement and support SAP security
Strong analysis and configuration skills leveraging MS Office tools (including MS Access)
Experience with Structural authorizations
Experience with User Administration and Compliance Monitoring 3rd party Software
Experience with ARIS Designer process modeling
TRAINING AND EDUCATION OVERVIEW - SEE ALSO DETAILS BELOW Degree
Bishop's University – B.A. Social Sciences 1986-1989 Certification
CISSP and ITIL Certification 2016
Carl Shepherd SAP Security Consultant Page 2 of 7 adcgwe@r.postjobfree.com OTHER SKILLS / INFO
Language Skills
English Native Speaker • German - Intermediate • Japanese, French - Basic Citizenship
Canadian, Swiss
ENGAGEMENTS
Technical Support Desk Manager (Contractor), (100% Remote) IOHK Crans-Montana, Switzerland, January 1 2019 to December 31 2019
https://iohk.io/
Built and lead a team of 3-6 agents to support consumer software products for IOHK a top 10 cryptocurrency company.
Mentored team and advocated on behalf of community for support and enhancements inside IOHK.
Configured and managed Zendesk Support ticketing and Zendesk Guide help center to serve
~45000 customers and ~85000 tickets
Senior SAP Security Consultant (Contractor), Arthrex Tokyo, Japan (100% Remote), November14 2018 to May 15 2019
https://www.arthrex.com/
Lead security consultant for the SAP Japan implementation, part of a global rollout.
Build Test and Implement security based on the global template with local modifications. Senior SAP Security Consultant (Contractor), Enterprise Risk Services, Deloitte UK London, UK, April 2 2018 to 30 June 2018 Engagements:
SAP Security Team, Richemont SA
Versoix, Switzerland, April 2 2018 to 30 April 2018 https://www.richemont.com/
Design assessment for SSM security implementation for ChaRM, Test Automation Monitoring and other functionality with 3rd party test tool integration and Fiori apps.
Validation and Documentation of As-Is solution, mapping to To-Be solution with Gap analysis. Senior SAP Security Consultant (Contractor), (100% remote) PT Bank Mandiri (Persero) Tbk. Jakarta, Indonesia, 01 March 2017 to 28 Feb 2018 https://bankmandiri.co.id/
Senior Technical consultant for SAP COE for ECC, BW GRC 10.0 (EAM, ARM) and SuccessFactors for 30000 Users
Technical Architect responsible for support-process innovations, governance and quality assurance. Liaised with Internal and External auditors to provide audit reports as required Advisory Senior Solution Engineer (Employee), Enterprise Risk Services, Deloitte & Touche LLP Orlando, FL, USA, 15 November 2015 to 30 November 2016 http://www.deloitte.com/
Gained Certified Information Systems Security Professional (CISSP) Certification
Initiated a virtual client training program to get new team members skilled up in a realistic training environment.
Engagements:
Security Support Team - Onshore, Invista
Orlando, FL, USA, (100% remote) 1 December 2015 to 28 October 2016 http://www.invista.com/
Supported project rollout of phase 3 and 4 of core ERP system (non-HR) to
(5000 users) Supported a full suite of 10 SAP ABAP and Java products, including GRC and S/4 HANA
Assisted client with troubleshooting new GRC 10.0 environment (EAM, ARM, BRM)
Ran pre-implementation and recurring risk analysis for continuous compliance process
(ECC only) to support Internal Audit requirements.
Liaised with Internal and External auditors to provide audit reports as required.
Liaised with onshore client and offshore team of 8-10 to provide 24/7 support
Implemented a series of workshops and follow-ups to address lack of SAP security specific skills on employee team. As the onshore rep, it was my role to ensure client side knowledge gaps were addressed.
SAP Security Senior Consultant (Employee), Tata Consultancy Services EDISON, NJ, USA, 09 March 2015 to 11 November 2015 http://www.tcs.com/
Engagements:
Security Support Team Lead, Gen Re
Stamford, CT, USA, 15 June 2015 to 13 November 2015 http://www.genre.com/
Lead the onshore and offshore support teams (5 people)
Supported project rollout of critical Financial Services – Reinsurance (FS-RI) (350 users) Supported a full suite of 11 SAP ABAP and Java products, including GRC and IDM
Implemented GRC Administration roles for GRC AC 10.0
Worked with Internal Audit Group and External auditor for annual external audit (Deloitte)
Mentored and supported younger members of the Tata SAP security team Application Security Support Team Lead, Baker Hughes Houston, TX, USA, 09 March 2015 to 30 April 2015
http://www.bakerhughes.com/
Led the L3 and L2 onshore and offshore teams (~20 people) to a 100% improvement in Time to Resolution
Supported the Role Redesign Project phased golive of ~5000 roles (50,000 users)
Reorganized and Initiated 78 Run and Maintain processes
Initiated full documentation of both Support and Run & Maintain processes
Facilitated the Fire Fighter Access Change project, reintegration of 200 Transactions into Business roles
Created 5 new IT Critical Access Risks in GRC 10.1 to support 13 new IT Audit controls
Supported Internal IT compliance audit as well as External SAP Security and GRC Audit (E&Y) SAP Security Architect (Employee), EasyStreet Pty. Ltd. Singapore, 01 January 2014 to 31 October 2014
SAP Security Consultant working for BHP Billiton (see description below) SAP Security Architect (Contractor), BHP Billiton
Singapore, 1 April 2011 to 31 December 2013
http://www.bhpbilliton.com/home/Pages/default.aspx
Architect for governance, quality assurance, and design, of application security solution for full suite of SAP products (50,000 Users)
Solution covered the following technologies ECC 6, BW, SCM, SRM 7, CLM, BCS, Nakisa, Portal, SolMan, BOBJ, PI.
Provided technical support for the Internal Audit function, and responded to Internal and External Audits related to SAP systems
GRC 10.0 AC Ruleset update for global organization. Reduced 60+ rules to 20+ and addressed all audit concerns
GRC 10.0 RM and PC security role quality assurance, and design
Reviewed Joiner Mover Leaver automated triggers from ECC HR to AD to GRC to ensure compliance with IT governance standards.
Created toolset for bi-directional synchronization of ARIS design and SAP security configuration and standards based QA of design and configuration.
Implemented enhanced standards for security build and design based on enhanced ARIS based design documentation.
Carl Shepherd SAP Security Consultant Page 3 of 7 adcgwe@r.postjobfree.com Carl Shepherd SAP Security Consultant Page 4 of 7 adcgwe@r.postjobfree.com SAP Security Change Manager (Employee), Barclays Global Retail Bank Singapore, 01 July 2010 to 31 March 2011
https://www.home.barclays/
Technical Implementation lead for SAP Security
HR and FI on 4.7 with BI (10,000 users, 55,000 Employees)
HR on ECC6 with BI (5,000 users 60,000 Employees)
SolMan, CUA
GRC 5.3 AC support and maintenance, addressed audit concerns and ran QA on existing ruleset to validate custom rules were effective in addressing risks. SAP Security Architect (Contractor), Syngenta
Basel, Switzerland, 14 September 2009 to 05 February 2010 http://www.syngenta.com
FI CO MM SD implementation (2,000 Users) with lots of custom development, also MDM
Global Role template design, Implementation methodology, Mentoring Project team
NAFTA Golive, USA, APAC Golive Singapore
GRC 5.3 AC Ruleset redesign
SAP Security Architect (Contractor), Convergys
Jacksonville, FL, USA, 01 June 2008 to August 28 2009 http://www.convergys.com/
Engagements:
J&J
http://www.jnj.com/
(Remote), 01 June 2008 to August 28 2009
HCM Role Development for global rollout on ECC 6 with EP integration as well as BI and PI security support. Template role design and Unit Testing.
3rd Party Software security architecture validation – 100+ J&J, subcontractor and hosted apps. SAP Security Consultant (Contractor), Rio Tinto
Brisbane, Australia, 01 February 2007 to August 30 2007 http://www.riotinto.com/
Key consultant for BI 7.0 (13,000 users) Systems with Portal integration and CUA
Maintenance and enhancement of custom position based Analysis Authorization generation functionality in BI 7.0 with integration to ECC security structure SAP Security Consultant (Contractor), Coca-cola Enterprises Atlanta, GA, USA, 01 May 2006 to 30 January 2007
http://www.cokecce.com/
Key consultant for BW (11,000 users) and HR Systems (20,000 users) with Portal integration (ESS, MSS) and CUA
Analyzing existing security framework for both BW and HR and implementing improvements that enhance flexibility and reduce maintenance costs.
Maintenance and improvement of position based security model
Supporting SOD with respect to specific job functions for evolving requirements in Payroll, OM and PA areas.
Analyzing and tuning security solution for ESS and MSS Carl Shepherd SAP Security Consultant Page 6 of 7 adcgwe@r.postjobfree.com Senior Systems Analyst (Employee), Novartis Pharma AG Basel, Switzerland, 01 June 2003 to 30 April 2006
http://www.novartis.com/
R/3 4.6 and BW 3.1 implementations covering 6 business units and supporting global financial and manufacturing operations (8,000 users)
BI 7.0 Upgrade preparation and analysis from BW 3.1
Developed, implemented and supported new BW security concept –
Implemented 15+ (5+ concurrent) projects, support 15+ independent country sites in production
Significant hands on maintenance of roles and security configuration in European BW systems
Supported and trained 20+ User Admins globally on BW Security
Managed Approva Software selection and implementation
Testing and prototyping of Virsa Compliance Calibrator SAP BW Security Consultant (Contractor), North Carolina Department of Transport Raleigh, NC, US, 01 January 2003 to 30 May 2003
http://www.ncdot.org/
Supported R/3 golive (4,000 users)
Created BW Security Concept.
Gathered requirements and created document templates that laid the foundations for future BW security rollouts
Implemented and tested BW roles
SAP BW Security Architect (Employee), International Paper Memphis, TN, US, 01 May 2002 to 30 November 2002
http://www.internationalpaper.com/
Implementation including SAP BW 3.0B. (20,000 users)
Upgrade, redesign and implementation of BW security 2.1 to 3.0B
Managed vendor selection for corporate provisioning solution.
Provided second and third level support for existing 4.5B R/3 system (FI CO MM SD) with CUA Trained and mentored security staff (team of 10 employees for SAP security) Independent SAP Security Consultant (Contractor), Creo Vancouver, Canada, 01 March 2002 to 30 April 2002
http://en.wikipedia.org/wiki/Creo
Implementation of SAP CRM and APO (2,000 users).
Designed and delivered accelerators and training for SAP security design, testing and implementation rollout for SAP R/3, CRM, and APO
Provided second and third level support for existing 4.6C R/3 system (FI CO MM SD)
Trained and mentored 2 internal security staff.
Independent SAP Security Consultant (Contractor), Philips Semiconductors (now NPX) San Jose, CA, US, 01 October 2001 to 30 January 2002 http://ics.nxp.com/
Security redesign and analysis for SAP R/3 4.0B for the North American implementation of SAP FI, CO, MM, SD for (3,400 users)
Detailed review of existing security and implementation strategy to effect positive improvements. Provided second and third level support for go-live
Trained and mentored first level support staff
SAP Security Consultant (Employee), Omnilogic (now part of PwC) Vancouver, Canada, 01 April 2001 to 30 October 2001 http://www.pwc.com/
Engagements:
Carl Shepherd SAP Security Consultant Page 5 of 7 adcgwe@r.postjobfree.com Nexen Inc. (Oil & Gas)
Calgary, Canada, May 2001 to June 2001
http://www.nexeninc.com/
Implementation of SAP 4.6C FI, CO, MM, PS, IM, AA, PM, BW, Workflow and JVA (2,000 users)
Developed project security strategy and roles
Supported functional role development
Developed workplace security strategy
SAP R/3 Security Consultant (Contractor), Motorola SPS (now Freescale Semiconductor) Phoenix, AZ, USA, 01 April 2000 to 30 September 2000 http://www.freescale.com/
Assisted existing team with security design and analysis for SAP R/3 4.6B initial implementation FI, MM, APO (5,000 users)
Consulted to deliver MM module security design and build
Developed security templates for MM and future module rollouts Gathered user requirements for internal and external parties
Designed and unit tested authorizations using profile generator
Documented design decisions for smooth transition to security team Met and exceeded internal audit requirements for security implementation Assisted in FI module security implementation
Assisted with development environment security administration Senior R/3 Security Consultant (Employee), Global Risk Management Services, PwC London, UK, 01 January 1998 to 30 June 1999
http://www.pwc.com/
Engagements:
Nokia
Helsinki, Finland, January 1999 to June 1999
http://www.nokia.com/
Developed security template for 60 country rollout
Gathered user requirements at corporate and local levels
Designed tested and implemented authorizations using profile generator UBS
Basel, Switzerland, 01 January 1998 to 31 December 1998 http://www.ubs.com/
Implemented SAP Security for R/3 4.0B FI CO MM SD project: (3,000 users)
Managed team of 4 to deliver security solution to corporate security standards Upgraded to SAP R/3 4.0B halfway through project
Developed interface to BBS4, the enterprise authorization management system Developed user guidelines and procedures
Trained SAP security administrators and supported rollout SAP Consultant (Contractor), Philip Morris K.K.
Tokyo, Japan, 01 January 1995 to 31 December 1997
http://www.pmusa.com
Implemented SAP security for R/3 3.0D FI, MM, CO, SD project: (150 users)
Developed and documented security methodology and procedures adopted by Philip Morris Corporate Audit for implementation at other Philip Morris SAP implementations
Developed large database tool for SAP security implementation and maintenance in MS Access
Conducted end-user training for SAP security administrators
Assisted in upgrade of Product Quality System
Redesigned Executive Budgeting Analysis System
Carl Shepherd SAP Security Consultant Page 7 of 7 adcgwe@r.postjobfree.com TRAINING AND EDUCATION DETAILS
Degrees
Bishop's University, Lennoxvilie, Quebec, CA 1986-1989 B.A. Social Sciences (Liberal Arts Degree)
Certifications
CISSP August 2016
ITIL Foundation September 2016
SAP and Consultant Training
SAP BW Consultant Certification
Solution Consultant SAP NetWeaver ’04 – Business Intelligence
TBW45, Johannesburg, ZA - 5 Days, BW 3.5 February 2006
TBW40, Johannesburg, ZA - 5 Days, BW 3.5 February 2006
TBW30, London, UK - 5 Days, BW 3.0 April 2005
TBW10, Toronto, CA - 5 Days, BW 3.0 July 2004
TBW20, London, UK - 5 Days, BW 3.0 November 2003 SAP Bootcamp, OmniLogic, Toronto, CA - 10 Days, R/3 4.6B April 2001 Management Training, PwC, Southampton, UK - 5 Days, March 1999 PwC SAP Global Training Center, Philadelphia, PA, US - 15 Days, R/3 3.0I May 1998
Advanced Security
Functional Overview
Implementation
SAP Security, Deloitte Touche, Philadelphia, PA, US - 5 Days SAP R/3 3.0E April 1995 Internal Auditing, Institute of Internal Auditors, Orlando, FL, US - 5 Days April 1995 SAP R/3 Overview, SAP, Foster City, CA, US - 5 Days, SAP R/3 3.0E April 1995