Security Sap
Resume:
Lokesh Mobile: +1-804-***-****
SAP ERP Security Consultant Email: ***********@*****.***
SUMMARY
12+ years of experience in SAP security administration, configuration, management
Strong knowledge of multi system landscape architecture and integration aspects between heterogeneous system technologies R/3 ECC (HR/ HCM, FI, SD, PS, MM, PP, WM), BW, BI, EP, CRM, GRC, MDG SAP Net weaver Gateway, HANA, S/4HANA BI/BOBJ, Bank Analyzer,
Proven track record in designing and delivering complex SAP Security architecture solutions for global organizations
Maintaining SAP security policies and documentation, experienced with project management both for classic waterfall and agile delivery in a hybrid environment, administrative tasks related to HANA and S/4 HANA Security
Conducting workshops with Key Stakeholders, IT Leadership, and Business to organize workshops to get the exact security requirements that need to be built from an end user access perspective.
Organizing workshops with Compliance & Process Team, Change Management and the Technical and functional team members to define custom security solutions across the landscape while establishing SOX and Segregation of Duties by revamping the existing set of internal controls.
Worked on Building custom Security solutions on systems like Business Planning Consolidation (BPC10.0), Business Objects 4.2 (setting up access levels and group and folder level security for Bank Analyzer 9.0, Gateway Systems (SAP Fiori UI5) and finally setting up user and access administration across HANA DB.
Instrumental in setting up Transport mechanism (LCM) across the HANA database, setting up SSO between HANA DB and BOBJ systems, setting up audit logs and setting up promotion management to transport the BOBJ reports.
Creating custom roles, object privileges, package privileges, application privileges and analytic privileges for the business users to get restricted access on Data.
Setting up user access and profiles across Fiori systems to get the application views in the Launchpad.
Analyzing and troubleshooting authorization issues at HANA DB level by using the Trace and the HANA context viewer.
Experience in SAP GRC design and implementation, administration of the SAP GRC 5.3, 10.X in AC: ARA, EAM, ARM, BRM and security concepts such as SOD, SOX
Experience in creating and assigning FF ID's and extracting Fire Fighter logs, Expertise in HANA and S/4 HANA Database user security and permissions.
Delivering SAP Security using ASAP Implementation Methodologies, Agile methodologies, prepared and executed various phases of Implementation i.e. Project Preparation, Business Blueprint, Implementation, Final Preparation and Go-live & Support.
Development and promotion of technical controls necessary for all components of SAP infrastructure, application standards, guidelines, policies, and procedures
Periodic review and revision of application security roles to accommodate the changing needs of the business
CERTIFICATIONS
SAP Certified Technology Associate - SAP Authorization and Auditing for NetWeaver 7.31 - C_AUDSEC_731
SAP Certified Application Associate - SAP BusinessObjects Access Control 10.0 - C_GRCAC_10
EDUCATION
Master of Computer Applications, Sri Venkateshwara University (SVU), India, 2006
TRAININGS ATTENDED:
1.ITSM training
2.Live compare tool
3.SAP HANA security
TECHNICAL SKILLS:
Technologies
SAP R/3 BW, CRM, SRM, EP, BI, BOBJ, HANA, /S4 HANA FIM, BPC, BFC, ICS, SRM, Bank Analyzer, BPC, Solution manger, GRC
Ticketing tools
HPQC, Remedy, HP ALM (defect manger) Service now
Employemnt History:
End Client
Phillips 66 (Mid-stream)
Location
Houston, TX
Duration
Feb 2020 to till date
Role
Sr. SAP Security Consultant
Environment
S/4 HANA, Fiori, BI 7.5, BOBJ, BPC, GRC 12.0, HANA.
Worked with business teams, Project teams for on S/4 HANA System analysis, design, development/configuration of new/modify existing Security Roles for the SAP Functional areas in SAP S/4 HANA SD, P2P, EWM, HVC, OTC, RFNO, Fiori (Mid-steam)
SAP security role design tasks creating transaction and authorization object level control, single parent and derived roles, task roles and enabler roles.
Worked on fiori roles, worked on catalog roles, groups, business data access authorizations.
Worked on Governance risk and compliance (GRC 12.0) green field implementation for Access control: ARA, BRM, EAM, ARM
Assisting user and project team member in SIT and various UAT phases
Worked on User access control, Maintenance of segregation of duties, SODs reviews, Identifying SOD risk, Mitigation, Worked on Enterprise business role changes in BRM.
Maintained and document all existing GRC client documentation & built new material as required.
Interacting, attending workshops with the Business, Control Owners, technical teams and Auditors in analyzing the current risks and applying the new SAP ruleset recommendations.
Securing Fiori APPS based on the roles, Catalogs, target mapping in S/4 HANA
Maintenance of HCM related roles, HR trigger requests
Implemented Fiori apps for SAP GRC 12.
Worked in a in a multi-vendor environment.
System cutover activities, month end activities
Client
Chevron Philips chemicals LLP,
Location
The woodlands TX
Duration
July 2019 to Jan 2020
Role
Sr. SAP Security Consultant
Environment
ECC, CRM, GTS, BI, HANA, Fiori, GTS, PO, CRM, MDM, GRC, EP. Power BI, Vendavo, Success factors
Worked on System analysis, design, development/configuration of new/modify existing Security Roles for the SAP Functional Areas in SD, FI, PTP, WM/IM, CRM, MDM, GTS, Fiori
User access control, Maintenance of segregation of duties, worked on the Retrofit process for parallel systems, Support and Project environment.
Identifying SOD risk, Worked on Enterprise business role changes.
Assisting users in UAT / Integration testing process, setting up service accounts, maintain RFC system accounts.
Worked on Central user administration (CUA) related issues.
Worked on previous security compliance-related items such as managing the implementation of SAP missing security notes, SAP Patch day.
Worked on SAP Support tickets, on call, P1 issues.
GRC component, Risk Analysis, SOD checks, Emergency Access Management (EAM), maintaining Id based firefighters, User Access Review (UAR), Business Role Management (BRM).
Setting up vendavo related user accounts and access.
Worked with the internal and external audit teams, extracting audit reports, audit logs, access request approvals audit reviews.
Worked on Month end and system cutover activities
Client
Apple Inc
Location
Austin TX
Duration
Mar 2019 to June 2019
Role
Sr. SAP Security Consultant
Environment
ECC, SCM, IS retail, CRM, GTS, BI, HANA,, GTS, PO, CRM, MDM, GRC, Ariba
Worked on System analysis, design, development configuration of new, modify existing Security Roles for the SAP Functional Areas in ECC R/3, HANA, SCM, CRM, MDG, OTC, Ariba
User access control, Maintenance of segregation of duties, Worked on System upgrades, SU25, Worked on the Retrofit process for parallel systems, Support and Project environment.
Worked on single roles, enabler roles, BI Analysis authorizations Identifying SOD risk, Worked on Enterprise business role changes, assisting users in UAT / Integration testing process, setting up service accounts, maintain RFC system accounts, maintaining of custom authorization objects
Handled Change Management control and validated the work done by team members at onsite and Offshore Worked on previous security compliance-related items such as managing the implementation of SAP missing security notes, SAP Patch day, and Onapsis OSP, Securing RFC connections
Worked on SAP Support tickets, on call, P1 issues. Investigating and identifying problems and user requirements, providing root cause analysis for critical issues.
Worked with the internal and external audit teams, extracting audit reports, audit logs, access request approvals audit reviews.
Client
Town Pump
Location
Butte, MT
Duration
April 2018 to Dec 2018
Role
SAP Enterprise Security Consultant
Environment
S/4 HANA enterprise Cloud (HEC) 1609, 1709, BOBJ 4.2, BPC, solution manager, PO, MDG HCM, Success factors
Responsibilities:
Conducting workshops and involved in user story collection
Worked on S/4 HANA Fiori over all security architecture and Design for, Real estate (REFX), Plant Maintenance, casino, P2P, FI and treasury. MDG
Worked on S/4 HANA Fiori Apps creation, groups, securing various S/4 HANA Apps, front end server (FES), business roles, back end server roles (BES).
Worked on Securing S/4 HANA fiori custom Apps, custom tables and objects.
Worked on identifying sensitive and critical transactions and securing data
Involved in identifying and SOD conflicts
Implemented firefighter access control process.
Worked on SAP BI, Business objects 4.2 Security design for various reports like regulatory, sales reports, employee reports.
Involved in implementing S/4 HANA Security audit policy, Creation of HCM roles, securing HCM objects and infotypes and Worked with developers in implementing HCM faction modules.
Used Agile Scrum project implementation methodology and sprint cycle, using existing database identify a list of Catalog roles to be converted to Repository roles
Performed assessment of existing BI/BW analysis authorization and Info Provider restrictions and recommend solution for HANA view that will align with the existing BW access restriction
Implemented HANA Database security for Business users using HANA analytic privileges in the new BI/BW on HANA Database, and will replicate the reporting/data security structure currently followed in BI for analysis authorizations
configuration and settings adjustment that are not covered under the SAP assessment document
Assisted in defining password policies, setting up audit logging, adjusting SAP parameters based on industry leading practices and implementing SAP Early Watch recommendations.
Client
Verizon Wireless (IS -Retail)
Location
Warren New Jersey
Duration
Dec 2017 to Mar 2018
Role
Sr. SAP Security Consultant
Environment
ECC R/3, SCM, IS-Retail, BI/ HANA/ S4 HANA PO, GRC 10.1, Solution manger
Responsibilities:
Managing overall Access Control policies across all enterprise level applications ensuring appropriate builds, separation of duties, etc.
Implement security policies, process, audits, SOX, and SOD concepts
Maintaining, update, and configure applications using risk analysis tools.
Support on-going audits, providing access to analysis of reports, findings, etc.
Worked on SAP security architecture and role-based authorization models for SAP ECC, Retail SCM, HANA BW/BI, Portals, PI/PO, Solution Manager
Worked on troubleshooting the missing authorization/roles in SCM, BI, BW, HANA
Designed SAP partner security. Worked with the IDM team in mapping of roles to positions and user provisioning in production systems.
Maintained SAP roles and related authorization based on specific to each store, site, location/ area, over all access and reports.
Worked on Security reports in BOBJ, Managing user groups, folders, access levels / custom access levels.
Performed system reviews and limiting access to ensure that work is performed in accordance with security policies Implementing BI Security setup with respect to securing HANA views.
Securing HANA SQL analytical privileges based on the calculation views and HANA data securing.
Managing and leading small teams
End Client
PayPal Inc,
Location
San Jose, CA
Duration
January 2016 to September 2017
Role
Sr. SAP Security Consultant
Environment
ECC R/3, BI/BOBJ4.2, HANA SPS11, Bank Analyzer, HCM,
NetWeaver Gateway, UI5, Fiori Apps, GRC 10.1, Solman,
Responsibilities
Worked with PayPal business teams conducting meetings, Workshops and gathering requirements for SAP Security design for PayPal Finance and Information Transformation Program (PFIT)
Converting functional spec to technical spec. implementing SAP security modules using the classical water fall models and agile methodology.
SAP Security in all stages of Project Development from Blueprint Feasibility Analysis to Technical Design to Realization/Development to Go Live Support and business User Training
Designing and implementing security for SAP HANA2, BI7.4, Business objects 4.2, Bank Analyzer 9.0 and GRC 10.1
Designing Restricting and Control authorizations for HANA DB objects and Packages/Contents based on System Privileges, Objects Privileges and Analytic Privileges for various Schema Users, Integration of BOBJ Security with fiori HANA and HANA DB Security Roles, Implemented US, Canada, HCM Payroll reporting projects in SAP HANA and business objects
Designing and developing Universes supporting multiple levels of hierarchies for drill down and drill access reports. Worked on HCM roles, securing HR infotypes, worked on HR dynamic analytical privileges
Providing training and support to Business Objects and Webi reports users throughout the organization. Creation of user groups, maintaining access levels, folders, in BO CMC, user
Maintaining for BOBJ developers, support admins power users, end users, transporting jobs / objects using Promotion Management tool.
SAP HANA User Management and Import/Export of Delivery Units/HANA Artifacts
Defined Security Architecture, Authentication Authorization, Single Sign on, Encryption, Audit Logging etc. in the customer system landscape.
Setting Up of Project Workspace for creating Design Time Role, Web based IDE (Graphical) Creating Design Time Roles (HANA STUDIO – Script Based)
Importing templates for Design Time Roles Delivery Unit
Implementing Best practice to organize catalog/schema and content so that It can be managed with minimal security impact
Implementing Security to access Fiori from SFDC, R Server, Tableau, Hadoop, McKesson, Connect, SAP BO etc.
Implementing BW Security setup with respect to HANA Studio BW Modeling Perspective
HANA Security trace tools/logs if any in case of missing privileges
Configuring validation of Solman, SAP Patch day and creation of roles in SAP Bank Analyzer
Collaborating with Audit team and business professionals for SOX compliance
Creating of roles, Analysis authorizations using (RSECADMIN) tool in SAP BI
Implementing SAP security best practices and standards
Worked with ETL team, providing access to ETL system ids, troubleshooting access related issues during data transfer and migration to HANA HDB
Enabled HANA audit policy whenever required and analyzing the audit reports regarding changes made on schemas/view/tables etc.
Worked with the testing cycle phases SIT/performance /UAT testing phases, preparing test cases.
End Client
Marathon petroleum corporation, USA
Duration
September 2014 – August 2015
Role
Technical Lead
Environment
ECC R/3, HR, BI, BOBJ, HANA, SRM, MDG, HCM Solution Manager
Responsibilities
Worked as technical lead for a large implementation and post go live support involving ERP ECC, SAP BW/ BI, BO SRM, CRM, MDM, MDG, HCM Roles & Authorizations, HCM objects, HR infotypes, HR / HCM structural profile assignment.
PD profile assignment to the users.
Securing HCM Authorization objects, custom transactions, tables. Worked on HR HCM structural profiles.
Worked on role Enhancements, maintenance of authorizations and work bench requests (Su24 Changes)
Performed transports and mass transports of roles and CATT scripts for mass user creation.
Find out missing authorizations using SU53 report and trouble shooting
Setting up SAP audit logging, and performed periodic review of logged activity
Designed and Created roles for Master data Governance MDG systems
Perform annual SAP licensing administration and liaising with SAP Basis Support
Initiated Re-design and related strategy for audit issues and preparing RCIS documents
Leveraged SOX tools like GRC 5.3, GRC 1.0 access control and SAP Customer Activity Repository
Validation of GRC access control and Risk reports on bi-weekly and monthly
Assisted in Annual and Quarterly ICS security validations, performing segregation of duties (SOD), Critical Action (CA), Critical permission (CP), analysis and remediation.
Strong SAP Implementation and Administration experience with Governance Risk and Compliance (GRC) Access Controls for SAP applications (ARM, ARA, SPM and BRM)
Worked on SAP GRC ARA rule setup, SOD risk remediation/mitigation
Setup Firefighter Owners & Controlers, Firefighter Ids for Emergency Access Management(EAM)
Involved in SOD Assessment and Remediation Process and Role maintenance in Sun IDM dashboard
Preparation of estimates for role build activities and testing
Mapping of users to user groups, roles to users in SAP Enterprise portal systems
User authentication, maintain User groups, access levels, custom access levels, access to folders and user’s creation in CMC
Migration of report objects, folders, groups, connections, using promotion management across landscape
Designed Restrict and Control authorizations for HANA DB objects and Packages/Contents based on System Privileges, Objects Privileges and Analytic Privileges for various Schema Users
Client
Lloyds Banking group (U.K)
Company
HCL Technologies
Duration
July 2012 to September 2014
Role
Consultant
Environment
ECC R/3, BI/BOBJ, CRM, SRM, GTS, GRC, BPC GRC 5.3, GRC 10.0, FIM, HCM
Responsibilities
Designed role matrix across system landscape.
Created SOD matrix
Performing SOD Conflict Analysis
Organizational level authorization fields and derived role design and maintenance
Designed and created roles to restrict user's access by InfoAreas, InfoCubes, Queries and Workbooks.
Worked on hierarchy authorizations and assigned to nodes using RSECADMIN.
Created development / reporting roles using analysis authorizations concept.
Creating and assigning analysis authorization to users in BW, BI/BOBJ
User groups, and user’s creation in CMC
Migration of report objects using promotion management across landscape.
Assigning groups to users and setting up alias in BO 3.1 and BO 4.0
Developed front end folder level security in SAP Business objects by creating user groups/access levels in BOBJ CMC. Created custom groups/ Created, modified access levels in BOBJ
Authentication of users in BOBJ, ICS, BI4 and FIM environment
Creating of data access groups, filters in application
Analyzing and solving access related issues to reporting users like power users, end users and developers in BOBJ, BI4.
Resolved authorization issues related defects in BI, BOJ, BPC, FIM BI4 and FIM applications
Client
GE Energy USA (M&CS)
Duration
December 2011 – June 2012
Company
HCL Technologies
Role
Consultant
Environment
ECC R/3, CRM, SRM, GTS 10.0, BPC GRC 5.3, GRC 10.0
Responsibilities
Analyzed and creation of role matrix for GTS 10.0
Designing and creation of Single, Master and Derived Roles
Object level maintenance in SU24
Extensively used Su53 and ST01 Transactions in Trouble Shooting Authorization Check and Interface Checks, custom transaction
Performed transports and mass transports of roles and Used CATT scripts for mass user creation
Re-designed role as per the compliance check
Worked on GRC GTS access control process
Assisted users in testing phases like UAT and SIT
Used traces and display authorization checks reports for resolving the end user problems during UAT phases.
Coordinated with super users and users on testing unit test cases.
Simulated User based; Role based background jobs in RAR Tool to Identify Any SOD issues.
Prepared process documentation, identified process control owners and reduced the gap
Migrated SOD ruleset from other system to GRC
Client
Department of Corrections, (NZ)
Company
HCL Technologies
Location
Bangalore, India
Duration
April 2010 – November 2011
Role
Consultant
Environment
ECC R/3, BW, SRM, HCM, EP, MDM
Responsibilities:
Worked on SAP HR Security, SRM, EP, CRM Security
Worked on HCM Security – Employee Self Service (ESS), Manager Self Service (MSS).
Coordinating with SAP Functional and Development teams to arrive at sound SAP security solutions.
Extensively worked on Custom Tables, Classes, Authorization Objects and Programs as per business requirements
Troubleshooting authorization issues and use of program/tables in HR application.
Worked on controlling various SAP HCM authorization objects, infotypes and subtypes
Worked on user's structural profile issues
Assign roles to position with transaction PO13 and Run RHPROFL0, when required.
Good understanding of Structural authorization issues
Worked on SRM and CRM role changes
Worked on (Portal) Enterprise role / group related issues.
SAP BW role changes, reporting roles, controlling various BI authorization objects, Analysis authorizations.
Worked on cutover and month end activities.
Client
Tata Capital
Company
Tata Technologies
Location
Mumbai
Duration
Mach 2009 to Mar 2010
Role
SAP Security consultant
Environment
SAP ECC R/3, Solution Manger, BW, CRM, MDM, EP
Responsibilities
Role matrix design analysis/creation, User Access control, Extensive User of SUIM and PFCG
Roles redesign as per new Virsa Patch level and reduced conflicts
Carried out testing of roles assisted testing team in UAT phases
Sarbanes – Oxley (SOX) Implementation, Roles and authorizations re-implementation using Virsa tool. Role simulation, Mitigation controls etc.…using Risk assessment tool /VIRSA/ZVRAT
Trouble shooting and end user issues, extensive use of SU53 and ST01
Continuous interaction with client and end users
Worked on Transport Management System and updating all the activities in DMS
Scheduling and monitoring hourly, daily, monthly back ground Jobs
Including Satellite systems in SOLMAN and Generating "RFC connections" & assigning the logical system to them
Maintain SAP security policies and documentation
Applied Latest Virsa patches for SOX compliance
Started & stopped the servers during critical Server related activities
Monitoring Inbound & Outbound queues on daily basis
Client
Sahara Petro Chemicals Aug ‘2008 to Mar 2009
Company
Tata Technologies
Location
Dhamam, Saudi Arabia
Duration
August 2008 - March 2009
Role
SAP BASIS Consultant
Environment
SAP ECC R/3, Solution Manger, BW, CRM, MDM, EP
Responsibilities:
Performing daily and weekly system Health Check Report.
Solving End-user issues, SAP OSS notes application, Role provisioning for users
Back Ground job Maintenance. System performance monitoring
Worked on recommendations based on Early watch alerts
Worked on printer related issues
Role creation and role modifications
Worked on Enterprise portal role group changes
Perform the transports across the landscape using STMS & TP
Performed SAP extension, add-ons, and dispute management installation.
Provide day-to-day operation support on systems problem and end users problem.
Performing Online and offline backups. Performed database reorganization. data base table space administration
Contact this candidate