Post Job Free
Sign in

Sap Security

Location:
Manhattan, NY, 10027
Posted:
March 23, 2021

Contact this candidate

Resume:

*

Addis Worku

***********@*****.***

Fixed Line +1-929-***-****

Mobile +1-972-***-****

Fax + 631-***-****

LinkedIn

Xing

Security GRC Controls Compliance Management Consultant Subject Matter Expert Summary

Addis is an Industry Certified Security, GRC, Controls and Compliance Subject Matter Expert with 16 + Years of Experience in various domains. He has an extensive professional background in SAP Solutions Delivery in APJ, EMEA and The Americas. Addis has been involved in 4 Complete Project Lifecycle Implementations from initial Design Phase to Post Go-Live Duties and has Worked on a GRC 10.1 to 12.0 Upgrade Activities from Planning, Cutover to Continued Production Improvement with effective rollout deliveries ensuring his clients ROI while protecting their TCOs’. He has worked in SAP R/3 – ECC Security, SAP CRM Security as well as SAP BI/BW Security. Addis has experience in Various Domains including R/3, ECC, CRM, BI, HCM, and all ECC Modules

(MM, FI-CO, SD, PP, and OM…). Addis has worked in SAP HANA In Memory Computing on HANA Studio for User, Role and Privileges Management. He is hands on with SAP S/4 HANA User Management, Authorization and Fiori Security. Addis has experience in Security Role Redesigns, SAP Security Audits, SOPs (Standard Operating Procedures), ITGC/ACs work, Audit Remediation, Security Controls Testing, Segregation of Duties (SODs), Audit Remediation, GRC Mitigations as well as Managing Sarbanes Oxley Compliance of Business Risks Reporting to and Working Closely with Corporate Executives. He is cognizant in SSO Identity Authentication with Single Assertion Markup Language (SAML), X.509 Certificates SNCWIZARD, SAP Cloud Platform Security Identity Authentication, Provisioning and hands on with Security Administration Activities in SAP S/4 HANA and SAP Fiori for On-Premise, Cloud-Based Fresh Implementation, System Conversion as well as Landscape Transformation Scenarios.

Professional Expertise

SAP GRC and Compliance Management:

Worked on SAP GRC 10.1 SP22 to 12.0 Upgrade Hands on with SPRO IMG configuration and post installation steps for all SAP GRC AC components as well as activation of the Application, SICF Services, BC Sets (SCPR20), Synchronization Duties as well as MSMP and BRF+ Mandatory Workflows for ARM GRFNMW_CONFIG_WD.

Excellent with SAP SoX Compliance testing, meetings with external auditors and run through Business Process Flows with functional teams to certify SoX Controls, prepared Control Matrices and Documentations.

Strong experience in the design, implementation of controls, and support of security processes in SAP including new implementations, role redesign, assessment of a client’s controls environment, issues identification, root cause analysis, segregation of duties across enterprise with appropriate close out.

Performed Quarterly SoX Compliance Testing for a population of the in-scope Application Emergency 2

IDs, Documented Evidence of the Tests and Supported periodic SAP Access Reviews on Global Instances for Audit and Compliance purposes.

Assisted in evidence gathering for ITGC SOX controls, gathered samples for controls testing, updates and annual controls recertification.

Brought internal SOX IT Governance, Risk and Compliance Resources up to speed on SAP GRC AC 10.1 and 12.0 SOD/SOX procedures.

Managed Global and Local SAP Security Implementation Projects, GRC, Compliance related duties and conducted status reports to Stake Holders.

Hands on SAP GRC Access Control, Risk Management, GRC Reporting, Process Control and Fraud Management.

Hands on with SAP GRC Process Control Administering Organizational Hierarchies, Business Process, Business Sub Process, Controls, Controls Testing, Controls Monitoring for Rule Set Up, Assessment, Access Management, Reporting as well as SAP GRC Risk Management Applications for Planning, Identifying, Analyzing, Monitoring, Reporting and Responding to Organizational Risk Metrics across Mission Critical Operations and solution optimization for Fraud Management integrating with SAP Process Control.

Involved in an SAP GRC 10.1 SP22 to 12.0 upgrade from proof of concept to post go live support and hands on with EAM, ARA, BRM, and ARM.

Hands on with SAP GRC – Creating and Maintaining Connections, Connection Types, Maintaining Configurations, Connector Settings, Maintaining Mapping for Actions for Connector Groups, Plug-Ins, Synchronization Jobs, Rule Sets, Business Processes, Functions, Risks and Controls 12.0 with expertise on the differences between the 10X series to 12.0.

Performed GRC10.1 to 12.0 Post go-live Validations such as running Function to Role Listing Matrixes, Role Usage, Actions Usage, User and Role Level SOD Risk Analysis, User and Role Level Batch Risk Analysis as well Unit and User Acceptance Testing.

Performed Security Review such as User and Role Level Access Risk Analysis on Action, Permission, Critical Action, Critical Permission, Role/Profile, Offline Data and User Access Review (UAR).

Worked on the Creation and Update of Risks, analysis of Fire Fighter logs and retrieval of Audit Reports.

Generated Access Risk Analysis, Access Request, Role Management, Security, Audit, Emergency Access, User Management, Risk Terminator Reports from the Reports and Analytics Work Center.

Well versed in the differences between the SAP GRC AC 10X Series to 12.0. such as Access Risk Analysis for SAP Fiori in S/4 HANA, Mass Role Updates, BRM Integration with IM and IAG Bridge, Web IDE for 12.0 GRC to HANA DB integration for Analytic Privileges, Repository and Catalog Roles. SAP Security:

Expert knowledge of SAP ECC Three-Tier Architecture (Presentation, Application and Database) and the SAP System Landscape (DEV, QAS, and PRD).

Hands on Security across SAP Domains including ECC, CRM, BI, HCM, and all ECC Modules (MM, FI- CO, SD, PP, and OM…).

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SUPC, SE93 and SAP Security related tables.

Expert in transaction code SU25, SU24, USOBT_C and USOBX_C tables as it relates to implementation and upgrades.

Experience on Central User Administration (CUA) maintenance and set-up with SCUA, SCUM, SCUG and SCUL.

Day-to-day support and troubleshooting of SAP ECC Security issues by using PFCG, SUIM, SU01, STAUTHTRACE, ST01, SU53 and tables (USR*, AGR*) via SE16 for the identification and resolution of authorization failures).

Perform regular system Audits SM18, SM19 and SM20N. as well as Audit Remediation work.

Worked on Security duties for SAP in Memory Computing in HANA Studio for User, Role and Privileges Management.

Worked on SAP Security thickets for Production support activities and experienced in taking charge to drive SAP Security work to completion within Target Resolution Time as in SLAs. 3

Experience in SAP Client Copy – SCC4 (Client copy and Client Admiration tasks), SCCL (Local Client Copy with Authorization Profiles and roles), SCC1 (Client Copy with Transport Requests from the Source Client), SCC3 (Client Copy Log Analysis), SCC5 (Client Deletion).

Experience on SAP CRM Security Design, Support with expert understanding of the dependencies between Business to PFCG Roles and expert on reports CRMD_UI_ROLE_PREPARE - CRMD_UI_ROLE_ASSIGN, trace type UIU_COMP, transaction codes CRM_UI_PROFILE as well as PPOMA_CRM.

Experience working with the development of organizational structures, structural authorizations and hands on in PPOSE, PPOME, PP03 to manage Organization Plans and PO13 for position assignment as well as RHPROFL0 report runs to create Authorization Profiles for Users within an Organization Plan and experience with RSECADMIN in BW Security and worked on in BI 7.0.

Hands on experience with the SAP IDM 8.0 Framework for SAP and none SAP Systems Identity Life Cycle Management from Onboarding to Termination Managing the Authentication Authorization process of Users and Roles.

Cognizant with SAP IDM Connectors for the IDM Provisioning Framework, its integration to GRC, HCM and hands on with SAP GRC Risk Analysis prior to Identity Store Provisioning.

Experience with the Sarbanes-Oxley Act section 302 (Corporate Responsibility for Financial Reports) / 404 (Management and Assessment of Internal Controls) in the US, Bill 198 of Canada (C-SOX) and The Financial Instruments and Exchange Act of Japan (J-SOX) working on compliant SAP Security End Client Deliveries.

Actively participated in client discussion, meetings, prepared project documentation, lead workshops on security topics, trained SAP Users and Team Members, worked in the ASAP methodology from Project Preparation, Blueprinting, Implementation, Cutover, Go Live and Post Go Live Support in SAP Best Practice Managing Multiple End-to-End Deployments.

Excellent oral, written, interpersonal, corporate communication skills with the ability to work under pressure with all levels of technical, functional, legal, management staff being effective working in a team environment as well as self-directed and comfortable interacting with Senior Management, IT / Business / Audit teams and Contractors

Hands on in developing, implementing, maintaining, enforcing security process, standard operating procedures maintaining the integrity of the SAP System Landscape of in scope applications against vulnerabilities of in scope SAP Mission Critical Applications across the system architecture adhering to compliance standards, security policies as well as risk matrices.

Hands on with SAP SaaS integrations with LDAP other cloud platforms SNCWIZARD / SPENGO.

Hands on building S/4 HANA Transactional Roles, Roles for Fiori Apps adding Catalogs, Tile Groups in S/4 Roles, Activation of Services for Fiori Apps with /IWFND/MAINT_SERVICE and Identification and evaluation of Authorizations, Services with /IWFND/ERROR_LOG and STAUTHTRACE.

Cognizant of SAP Cloud Platform Security, Identity Authentication, Provisioning and hands on in SAP S/4 HANA and SAP Fiori Security for On-Premise/Cloud-Based Fresh Implementation, System Conversion, Landscape Transformation Scenarios, SSO Identity Authentication with Single Assertion Markup Language (SAML) and X.509 Certificates SNCWIZARD. Professional Experience

Experience in a BIG 4 firm.

Cognizant with Multi Factor Authentication.

Delivered 4 end-to-end SAP Security ASAP Implementations.

Worked through an SAP GRC 10.1 to SAP GRC 12.0 Upgraded.

Experience in SailPoint Beyond Trust Control Testing and recertifications.

Experienced in ITGC/AC, Audit Remediation and Compliance Management.

Go – To Management Consultant hands on with SAP SaaS, PaaS, IaaS and familiar with SAP Enterprise Threat Detection Bug Identification Solutions with SIEM-Splunk and SAP Fortify by Micro Focus for Static Dynamic ABAP and None-ABAP Code Analysis.

Self-directed leader working SAP Security Policies and Standard Operating Procedures (SoPs) for Production and Non- Production Systems, Managed, Lead, Planed, Created, Assigned, Tracked and 4

Provided Technical Guidance for On/Near/Off shore teams on SAP Security/GRC Deployments and tracked project deliverables on status calls.

Hands on with SAP S/4 HANA Activate delivery and security fit gap analysis from discovery to, preparation, exploration, realization into running deployments as well as apt knowhow on mitigating known to future SAP Security Patchday Vulnerabilities Securing the integrity of Mission Critical Business Operations utilizing SAP Secure Software Lifecycle Methodology Tools and cognizant with CCLM and ChaRM.

Experience with the Sarbanes-Oxley Act section 302 (Corporate Responsibility for Financial Reports) / 404 (Management and Assessment of Internal Controls) in the US, Bill 198 of Canada (C-SOX) and The Financial Instruments and Exchange Act of Japan (J-SOX) working on compliant SAP Security End Client Deliveries.

Actively participated in client discussion, meetings, prepared project documentation, lead workshops on security topics, trained SAP Users and Team Members, worked in the ASAP methodology from Project Preparation, Blueprinting, Implementation, Cutover, Go Live and Post Go Live Support in SAP Best Practice Managing Multiple End-to-End Deployments.

Excellent oral, written, interpersonal, corporate communication skills with the ability to work under pressure with all levels of technical, functional, legal, management staff being effective working in a team environment as well as self-directed and comfortable interacting with Senior Management, IT / Business / Audit teams and Contractors

Hands on in developing, implementing, maintaining, enforcing security process, standard operating procedures maintaining the integrity of the SAP System Landscape of in scope applications against vulnerabilities of in scope SAP Mission Critical Applications across the system architecture adhering to compliance standards, security policies as well as risk matrices.

Hands on with SAP SaaS integrations with LDAP other cloud platforms SNCWIZARD / SPENGO.

Excellent with SAP SoX Compliance testing, meetings with external auditors and run through Business Process Flows with functional teams to certify SoX Controls, prepared Control Matrices and Documentations.

Strong experience in the design, implementation of controls, and support of security processes in SAP including new implementations, role redesign, assessment of a client’s controls environment, issues identification, root cause analysis, segregation of duties across enterprise with appropriate close out.

Performed Quarterly SoX Compliance Testing for a population of the in-scope Application Emergency IDs, Documented Evidence of the Tests and Supported periodic SAP Access Reviews on Global Instances for Audit and Compliance purposes.

Assisted in evidence gathering for ITGC SOX controls, gathered samples for controls testing, updates and annual controls recertification.

Brought internal SOX IT Governance, Risk and Compliance Resources up to speed on SAP GRC AC 10.1 and 12.0 SOD/SOX procedures.

Managed Global and Local SAP Security Implementation Projects, GRC, Compliance related duties and conducted status reports to Stake Holders.

Hands on SAP GRC Access Control, Risk Management, GRC Reporting, Process Control and Fraud Management.

Worked on SAP GRC 10.1 SP22 to 12.0 Upgrade Hands on with SPRO IMG configuration and post installation steps for all SAP GRC AC components as well as activation of the Application, SICF Services, BC Sets (SCPR20), Synchronization Duties as well as MSMP and BRF+ Mandatory Workflows for ARM GRFNMW_CONFIG_WD.

Hands on with SAP GRC Process Control Administering Organizational Hierarchies, Business Process, Business Sub Process, Controls, Controls Testing, Controls Monitoring for Rule Set Up, Assessment, Access Management, Reporting as well as SAP GRC Risk Management Applications for Planning, Identifying, Analyzing, Monitoring, Reporting and Responding to Organizational Risk Metrics across Mission Critical Operations and solution optimization for Fraud Management integrating with SAP Process Control.

Involved in an SAP GRC 10.1 SP22 to 12.0 upgrade from proof of concept to post go live support and hands on with EAM, ARA, BRM, and ARM.

Hands on with SAP GRC – Creating and Maintaining Connections, Connection Types, Maintaining Configurations, Connector Settings, Maintaining Mapping for Actions for Connector Groups, Plug-Ins, 5

Synchronization Jobs, Rule Sets, Business Processes, Functions, Risks and Controls 12.0 with expertise on the differences between the 10X series to 12.0.

Performed GRC10.1 to 12.0 Post go-live Validations such as running Function to Role Listing Matrixes, Role Usage, Actions Usage, User and Role Level SOD Risk Analysis, User and Role Level Batch Risk Analysis as well Unit and User Acceptance Testing.

Performed Security Review such as User and Role Level Access Risk Analysis on Action, Permission, Critical Action, Critical Permission, Role/Profile, Offline Data and User Access Review (UAR).

Worked on the Creation and Update of Risks, analysis of Fire Fighter logs and retrieval of Audit Reports.

Generated Access Risk Analysis, Access Request, Role Management, Security, Audit, Emergency Access, User Management, Risk Terminator Reports from the Reports and Analytics Work Center.

Well versed in the differences between the SAP GRC AC 10X Series to 12.0. such as Access Risk Analysis for SAP Fiori in S/4 HANA, Mass Role Updates, BRM Integration with IM and IAG Bridge, Web IDE for 12.0 GRC to HANA DB integration for Analytic Privileges, Repository and Catalog Roles.

Hands on building S/4 HANA Transactional Roles, Roles for Fiori Apps adding Catalogs, Tile Groups in S/4 Roles, Activation of Services for Fiori Apps with /IWFND/MAINT_SERVICE and Identification and evaluation of Authorizations, Services with /IWFND/ERROR_LOG and STAUTHTRACE.

Cognizant of SAP Cloud Platform Security, Identity Authentication, Provisioning and hands on in SAP S/4 HANA and SAP Fiori Security for On-Premise/Cloud-Based Fresh Implementation, System Conversion, Landscape Transformation Scenarios, SSO Identity Authentication with Single Assertion Markup Language (SAML) and X.509 Certificates SNCWIZARD.

Expert knowledge of SAP ECC Three-Tier Architecture (Presentation, Application and Database) and the SAP System Landscape (DEV, QAS, and PRD).

Hands on Security across SAP Domains including ECC, CRM, BI, HCM, and all ECC Modules (MM, FI- CO, SD, PP, and OM…).

Experience in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SUPC, SE93 and SAP Security related tables.

Expert in transaction code SU25, SU24, USOBT_C and USOBX_C tables as it relates to implementation and upgrades.

Experience on Central User Administration (CUA) maintenance and set-up with SCUA, SCUM, SCUG and SCUL.

Day-to-day support and troubleshooting of SAP ECC Security issues by using PFCG, SUIM, SU01, STAUTHTRACE, ST01, SU53 and tables (USR*, AGR*) via SE16 for the identification and resolution of authorization failures).

Perform regular system Audits SM18, SM19 and SM20N. as well as Audit Remediation work.

Experience on SAP CRM Security Design, Support with expert understanding of the dependencies between Business to PFCG Roles and expert on reports CRMD_UI_ROLE_PREPARE - CRMD_UI_ROLE_ASSIGN, trace type UIU_COMP, transaction codes CRM_UI_PROFILE as well as PPOMA_CRM.

Experience working with the development of organizational structures, structural authorizations and hands on in PPOSE, PPOME, PP03 to manage Organization Plans and PO13 for position assignment as well as RHPROFL0 report runs to create Authorization Profiles for Users within an Organization Plan and experience with RSECADMIN in BW Security and worked on in BI 7.0.

Experience in SAP Client Copy – SCC4 (Client copy and Client Admiration tasks), SCCL (Local Client Copy with Authorization Profiles and roles), SCC1 (Client Copy with Transport Requests from the Source Client), SCC3 (Client Copy Log Analysis), SCC5 (Client Deletion).

Worked on Security duties for SAP in Memory Computing in HANA Studio for User, Role and Privileges Management.

Hands on experience with the SAP IDM 8.0 Framework for SAP and none SAP Systems Identity Life Cycle Management from Onboarding to Termination Managing the Authentication Authorization process of Users and Roles.

Cognizant with SAP IDM Connectors for the IDM Provisioning Framework, its integration to GRC, HCM and hands on with SAP GRC Risk Analysis prior to Identity Store Provisioning.

Worked on SAP Security thickets for Production support activities and experienced in taking charge to drive SAP Security work to completion within Target Resolution Time as in SLAs. 6

Professional Background

SAP GRC Security Controls and Compliance Management Consultant Collabera Inc.

Basking Ridge, NJ.

September 2019 – Present

Client: ViacomCBS Inc.

Role: SAPGRC Security Controls and Compliance Management Consultant New York, NY

Responsibility and Undertakings:

Resolved SAP GRC/Compliance issues performing root cause analysis, troubleshooting for issue resolution in a timely manner and served as the go-to resource for compliance SVP and team providing weekly status calls and updates as often as needed.

Hands on SAP GRC Access Control, Risk Management, GRC Reporting, Process Control and Fraud Management.

Hands-on in GRC 10.1 to 12.0 Upgrade, configuration and post installation steps for all SAP GRC AC components as well as activation of the Application, SICF Services, BC Sets SCPR20 and all Synchronization Duties.

Worked on SAP GRC 10.1 SP22 to 12.0 upgrade from proof of concept to post go live support and hands on with EAM, ARA, BRM, and ARM.

Hands on with SAP GRC – Creating and Maintaining Connections, Connection Types, Maintaining Configurations, Connector Settings, Maintaining Mapping for Actions for Connector Groups, Plug-Ins, Synchronization Jobs, Rule Sets, Business Processes, Functions, Risks and Controls.

12.0 upgrade with expertise on the differences between the 10X series to 12.0 and cognizant with SAP GRC Audit Management implementation as well as creation and tracking audit issues.

Hands on with mitigation control and assisted on the identification of the proper controls for in scope risks.

Worked on SAP GRC AC 10.1 SP22 and hands on with T-Code SPRO for SAP Reference IMG Configuration as well as MSMP BRF+ Mandatory Workflows for ARM GRFNMW_CONFIG_WD and Hands on in all SAP GRC Access Control related Configurations, Maintenances, User Case Tests, Updates on Risk Types, Segregation of Duties, Critical Action, Critical Permissions, Functions and Rulesets.

Hands on with SAP GRC Process Control Administrating Organizational Hierarches, Business Process, Business Sub Process, Controls, Controls Testing, Controls Monitoring for Rule Set Up, Assessment, Access Management, Reporting as well as SAP GRC Risk Management Applications for Planning, Identifying, Analyzing, Monitoring, Reporting and Responding to Organizational Rik Metrics across Mission Critical Operations and Solution Optimization for Fraud Management integrating with SAP Process Control.

Performed GRC10.1 to 12.0 Post go-live Validations such as running Function to Role List Matrices, Role Usage, Action Usage, User and Role Level SOD Risk Analysis, User and Role Level Batch Risk Analysis as well as Unit and User Acceptance Testing.

Experience in all SAP GRC Access Control Components ARA, ARM, EAM, BRM and hands-on ARA, EAM for all firefighter related duties and performed user and role level risk analysis using ARA in GRC 10.1 and 12.0 and Worked on the Creation and Update of Risks, analysis of Fire Fighter logs and retrieval of Audit Reports.

Generated Access Risk Analysis, Access Request, Role Management, Security, Audit, Emergency Access, User Management, Risk Terminator Reports from the Reports and Analytics Work Center and Supported 7

periodic SAP Access Reviews across all ViacomCBS Instances Globally for Audit and Compliance purposes.

Involved with SAP SoX Compliance testing, meetings with external auditors and run through Business Process Flows with functional teams to certify SoX Controls, prepared Control Matrices and Documentations.

Hands on with end-to-end process for Risk Assessment, Control Identification, Gap Analysis, Control Assessment and Evidence Documentation.

Performed Quarterly SoX Compliance Testing for a population of the in-scope Application Emergency IDs, Documented Evidence of the Tests and Supported periodic SAP Access Reviews on Global Instances for Audit and Compliance purposes.

Performed Security Review such as User and Role Level Access Risk Analysis on Action, Permission, Critical Action, Critical Permission, Role/Profile, Offline Data and User Access Review (UAR).

Performing risk simulation for role changes, performing risk analysis for new role creation and an expert on Rulesets, Functions, Risks and Migration Controls.

Worked on SOD analysis on Users as well as Roles and updated mitigation controls for specific risks in accordance with the Risk Management policy.

Hands-on in designing security architecture, strategy and implementing security measures in adherence to compliance security, organizational architecture compliance legislative obligations and proficiency with SAP Security User, Role, Position Based Design, Build, Deployment and Post Deployment Support.

Expert knowledge of SAP’s Three-Tier Architecture (Presentation, Application and Database) and the SAP System Landscape (DEV, QAS, and PRD).

Hands on building S/4 HANA Transactional Roles, Roles for Fiori Apps adding Catalogs, Tile Groups in S/4 Roles, Activation of Services for Fiori Apps with /IWFND/MAINT_SERVICE and Identification and Evaluation of Authorizations, Services with /IWFND/ERROR_LOG, STAUTHTRACE, CCLM and ChaRM.

Hands-on in SE01, SE10, ST01, STMS, SU01, SU10, SUIM, SU53, SU56, SU21, SU22, SU24, SU25, SCUA, SCUM, SCUG, SCUL, PFCG, SUPC, SE93 and SAP Security related tables.

Hands-on in transaction code SU25, SU24, USOBT_C and USOBX_C tables as it relates to implementation and upgrades.

Hands-on with the development of organizational structures, structural authorizations and hands on in PPOSE, PPOME, PP03 to manage Organization Plans and PO13 for position assignment as well as RHPROFL0 report runs to create Authorization Profiles for Users within an Organization Plan.

Hands-on with mass generations and mass transports (from PFCG and SE01/SE10) and used the profile generator to examine authorizations in existing roles, identify improper authorizations and taking corrective action on the project.

Hands-on with the day-to-day support and troubleshooting of ECC Security issues by using STAUTHTRACE, ST01, SU53 and tables (USR*, AGR*) via SE16 for the identification and resolution of authorization failures) on the project.

Cognizant of SAP Cloud Platform Security, Identity Authentication, Provisioning and hands on in SAP S/4 HANA and SAP Fiori Security for On-Premise/Cloud-Based Fresh Implementation, System Conversion, Landscape Transformation Scenarios, SSO Identity Authentication with Single Assertion Markup Language (SAML) and X.509 Certificates SNCWIZARD.

Hands on experience with the SAP IDM 8.0 Framework for SAP and none SAP Systems Identity Life Cycle Management from Onboarding to Termination Managing the Authentication Authorization process of Users and Roles.

Cognizant with SAP IDM Connectors for the IDM Provisioning Framework, its integration to GRC, HCM and hands on with SAP GRC Risk Analysis prior to Identity Store Provisioning.

Working knowledge of the SAP ABAP Function module for AUTHORITY_CHECK. Social Action Webcaster and SAP Go-To Analyst

Freelancing on Sabbatical

New York, NY.

8

October 2013 – August 2019

Responsibility and Undertakings:

Took a Sabbatical to focus working as a Webcaster for an Ethiopian Onion News Like Political Satirical Show Called Fugera News that gained traction with 174K+ Social Media Followers as a Civil Rights / Social Action Volunteer and Advocated for the Release of Political Prisoners, Bloggers, Journalists, while Volunteering for Various Organizations working as an Interim SAP Analyst Taking Short Term Engagements and Providing BnB service out of my home.

Hands on in SAP GRC AC 10.0, experience in SAP GRC AC 10.1 Components (ARA, ARM, BRM and EAM) as well as SAP GRC AC12.0.

Experience in SAP GRC AC 10.1 Components (ARA and EAM) and hands on in SAP GRC AC 12.0 such as Access Risk Analysis for SAP Fiori in S/4 HANA, Mass Role Updates, BRM Integration with IM and IAG Bridge, Web IDE for 12.0 GRC to HANA DB integration for Analytic Privileges, Repository and Catalog Roles.

Hands on with SAP IAG to Cloud and GRC integration, Identity life-cycle management, Public and Private Key Infrastructure, Multi-factor Authentication, Security Standard Operating Procedures, Policies, and industry-standard best practices.

Hands on with SAP SaaS integrations with LDAP other cloud platforms SNCWIZARD / SPENGO.

Hands on in developing, implementing, maintaining, enforcing security process, standard operating procedures maintaining the integrity of the SAP System Landscape of in scope applications against vulnerabilities of in scope SAP Mission Critical Applications across the system architecture adhering to compliance standards, security policies as well as risk matrices.

Hands on working with ITGC Business Process Controls in with excellent understanding of Risk Management Frameworks / Practices and the Sarbanes-Oxley Act section 302 (Corporate Responsibility for Financial Reports) / 404 (Management and Assessment of Internal Controls) working with Large Multinational Companies as well as cognizance to work with similar compliance legislations in other geopolitical company codes such as Bill 198 of Canada (C-SOX).

Worked on SoX Compliance Testing for a population of the in-scope Application Emergency IDs, Documented Evidence of the Tests and Supported periodic SAP Access Reviews on Global Instances for Audit and Compliance purposes.

Organized Risk Review Meetings, maintained issue log, ensured issues are mitigated, maintained work papers, documented findings, controls test plans, prepared reports for quarterly controls testing and annual recertification.

Assisted in evidence gathering for ITGC SOX controls, gathered samples for controls testing, updates and annual controls recertification.

Managed, Lead, Planed, Created, Assigned, Tracked and Provided Technical Guidance to On/Off shore team on SAP Security/GRC Deliverables based on agreed upon and added SLA standards on intermittent project work.

Hands on building S/4 HANA Transactional Roles, Roles for Fiori Apps adding Catalogs, Tile Groups in S/4 Roles, Activation of Services for Fiori Apps with /IWFND/MAINT_SERVICE and Identification and Evaluation of Authorizations, Services with /IWFND/ERROR_LOG,



Contact this candidate