Harry L. Thompson Jr

San Diego, CA 772-***-**** admezh@r.postjobfree.com

PROFESSIONAL SUMMARY

Fifteen years of SAP Basis/Security consulting in SAP ERP architecture, design, organizational management, client copy refresh, troubleshooting, resolving SAP system issues and Basis parameter settings for GRC. American citizen, excellent written and verbal communication skills, team player, leads by example, technical and hands-on SAP technical and functional experience. Reducing risk with continuous SOX 404 automated controls monitoring and risk management is the point of Process Control & Risk Management. Application places all of the analytics for risk management in one place. It functions as the reporting tool for all security processes within the IT infrastructure. Completed GRC Access Control 10, Oct. 17/2014. This detailed course is valuable to this consultant and his client for its configuration knowledge, providing robust ability to install, configure and maintain GRC rule sets, workflow and user provisioning. SOD analysis used to segregate duties, document exceptions, connect to organizational level Company Codes, Cost Centers, Plants etc. Superuser assignment activity logs, and maintenance, including analytical reports for global risks and conflicts. Primed to deliver superior mitigation and remediation in roles and user’s assignments.

SKILLS

•Skilled leader in SAP Security methodology implementation of role and position-based authorizations.

•Governance, Risk & Compliance (GRC), expert with Separation of Duties (SOD) leader for compliance.

•Expertise in management of SAP Security delivered and derived role development for all SAP modules.

•Consultant has a set of SOD tested roles from archive suitable for go-live

•Leadership for role naming conventions, role delivery, role development, role re/engineering, unit test, integration verification, production support, break-fix for roles and authorizations

•Designs and delivers strong authentication for Single Sign On (SSO) in Portals and back-end SAP servers

•Consultant has extensive previous experience with Analysis Authorizations in the Business Intelligence application using RSECADMIN transaction, then use S_RS_AUTH to insert the new authorization in a user role with the Profile Generator for specific access to specific data.

•SAP Certification, RELEASE, and APPLICATIONS

•GRC-10 Access Control 10” September 2014

•SAP ERP> R/3, 3.1H, 4.0B, 4.6C, 4.7, ECC 5, ECC 6 ECC 7 and upgrades to Kernel

•Net-Weaver 2004(s) and Portal security

•SAP Virsa/Compliance Calibrator GRC 3.2

•Customer Relations Management (CRM) security

•Microsoft suite Office, MS Project, Visio, others

•Supplier Relations Management (SRM) security

•Supply Chain Management (SCM)

•BW 3.5 & BI 7.0 and upgrade migration of authorization objects to Analysis Authorizations

•SAP SECURITY/BASIS TRANSACTIONS ECC, Portal, IS-U, PI, BI and BW

•Basis administration with Profile Generator (PFCG) standard SAP, RSECADMIN, RSA1, RSD1 for BI 7.0 SU01, SU02, SU03, SU3, SU10, SU53, ST01, SU24, SU25, SU26, SE01, SE10, STMS, SE16, SE93, AL08 HR/HCM OOAC, OOSP, PPOME, PO13, PA20, PA30, PA40 PFUD

•System Trace ST01, System User Information Management (SUIM)

•Third party Segregation of Duties tool “Security Weaver”

•Solution Manager documentation Distributed administration

•Central User Administration (CUA), User Management Engine (UME) in CRM & SRM

WORK EXPERIENCE

Stanley Works Tools - ENVIRONMENT R3 ECC 5.0 - New Britain, CT June 2017 to August 2019

Employed by IBM, assigned to work with Microsoft SAP / SOX Compliance Project

•Provided project leadership and SAP R/3 audit team support to a large-scale client who is committed to documenting all existing Information Technology controls and deficiencies, in accordance with section 404 of the Sarbanes-Oxley act. Client has many business locations and numerous systems from recent accusations making a complex and challenging mix of systems and cultures. Major duties were:

•Documentation of existing controls, recording deficiencies and remediation for continued improvement of the control processes over IT systems.

•Team Leader responsibilities include time and expense reporting, travel planning, documentation analysis for a team of twelve consultants. Interfaces with client management, compose progress reports, and ensure compliance while applying security and IT skills. This project has top management support and is well funded in preparation for an external audit. Client discontinued finding after initial assessment for compliance.

Microsoft Corp Security Consultant - Berkley Heights NJ January 2014 to April 2017

Employed by IBM, assigned to work with Microsoft

ENVIRONMENT Microsoft OS, application servers:

•This engagements goal was to assist the client with improving internal security knowledge and consult its customers with issues related to Sarbanes Oxley compliance. This time frame proved to be ready for compliance life cycle for publicly traded companies.

•Coordination of work tasks, using a compliance work list was beneficial to the planning and execution of the project.

•This consultant provided essential guidance on information gathering for the audit and the remediation efforts during execution.

•The process followed outlining the organizational structure and deciding what business processes and/or departments to include in the Audit Report. Laying the groundwork to begin pinpointing and addressing risks.

•The remediation process followed Board Level meetings to provide guidance to the consultants concerning identification of Business confidential information to be excluded.

IBM Employee - Cameron International, with IBM - Houston Texas March - June 2014 - August 2014

•Executive level support for SAP Security project involving “carving” out a business segments for 850 employees, selling that business segment to an international oil company.

•Worked with SAP GRC 10.1 access control and investigated Business Process Controls & Risk Management.

•Generated reports of user level, critical conflicts, and analyze solutions for business continuity and compliance.

•Provided SAP Security advice and guidance where required.

•The Statement of Work (SOW) changed with final agreement between buyer and seller.

•This Security consultant-maintained client confidence and was promoted to administrator and be responsible for all areas and modules in the SAP environment.

Honda GSP with IBM, Torrance, CA. September 2013 to February 2014

•Basis-Security Design, Testing, and build phase of new SAP implementation, working with IBM Security team, E&Y and Honda to build roles for support personnel and Production Users on ECC.

•Modules in SAP ECC, SRM, GRC, BW/BI BPC, XI/PI, and Web Application Server (WAS), Roles and groups.

•Provided defect analysis for Functional Unit Testing (FUT) of Security Roles. All changes made in SU24 with Transaction transported from Dev to Testing client system, used SU53 and ST01 trace to identify missing authorizations.

•Used Technical Design Documentation and Rapid Deployment strategy, provided by Risk & Compliance to build Roles.

•Analyze Test scripts execution to determine if reported SU53 authorization error is valid.

•Used HP Quality Center to document changes.

•Actively provision users and obtain approval for SAP Access Requests, for new and existing users, basic or additional access using SharePoint as request tool.

GCSS-Army with IBM - Richmond, VA. 15 April 2013 to 30 August 2013

•Basis-Security consultant for IBM through Northrop Grumman to GCSS-Army.

•Duties include mentoring, training, analysis and consulting on SAP security compliance, SAP user administration, creation and analysis of Standard Operating Procedures (SOP) in a position of trust.

•Currently writing technical documents involving reporting, monitoring, and sustainment issues to improve and streamline existing policies and procedures in SOP(s).

•Readiness, Implementation Strategy, Application Security Role development, Role assignment, critical, sensitive, restricted, transactions, Authorization Objects, and securing custom/delivered Tables and Programs.

•Extensive use of SE16 against Tables and SA38 to find “Authority Check” in ABAP in custom Z-transactions. Use table TPGPT.

Mine Safety Appliances (MSA) with Novus 13 February 2013 to 05 April 2013

SAP Security Consultant on site and remote Cranberry, PA

•Basis-Security My supervisor at MSA was Rachel's Kromka at office 856-***-****.

•Rachel's Kromka and I worked well together configuring SAP for SRM self-service procurement and catalog implementations. I began working in client's location. After seven days on site given VPN connection, and allowed to telecommute, from my room in Clementon, NJ. Consulting here consisted of analysis of SOD issues, using a new GRC tool, named Control Panel by SYMSOFT.

•Daily maintenance of Roles and users for a Global SAP implementation project, dealing with Germany and France.

•Utilizing standard set of SAP authorization maintenance transactions and skills.

•Creating users and roles in Development, testing in QA and handling trouble tickets for the production support.

•Use of PO13 and PPOM to create and update Org units in HR module.

•Created Business Partners using T-Code BP to create them.

Johnson & Johnson through Wipro - Team Lead SAP Basis-Security - USA November 2011 to October 2012

•Responsible for SAP security access control leadership in on/off shore model, duties GRC risk management approvals as part of change management, Process and control through Solution Manager staged review process from Change control Board.

•Experience with the new GRC AC V10- Installation and post installation testing and configuration of GRC V10 Process Control (PC), Access Control (AC) and Risk Management (RM).

•Process Control is now an application that enables legacy, and regulations like HIPPA, FERC and FDA as well as SAP to be managed in one location dash board.

•Process Enforcement of strong SOX controls including storage Chain of Evidence in a digitally signed Db. Break fix for roles, changes in positions through Compliant User Provisioning CUP.

•Provide reports to management on all changes on SAP.

•Mandatory completion of J&J compliance training.

•Participate in daily conference calls to report on security issues incidents and progression of scheduled changes.

•Secure access, to a large landscape of SAP Application Servers, termination of users, locking of transactions, updating tables, reports automation.

•Analyzed the Client requirements on Analysis authorization from SOW and prepared the detailed project plan for the analysis authorizations implementation.

•Existing BW 3.1c Security Business Reporting Authorization Roles to be re implemented in Upgraded BW 7.0 Environment with no change in security design.

•BW System Administration Roles to be retained in same version 3.1c post upgrade to Version 7.0. Security features, limited to technical upgrade, need to be implemented to the upgraded R/3-4.7 to ECC 6 environment.

NBC Universal through Security Weaver - Englewood Cliffs, NJ 17 October 2010 to 28 October 2011

•Consulting on separation of duties in SAP Security and Authorizations.

•Advised client on conflict resolution with rules in Separation of Duties (SOD) matrix loaded into the Security Weaver (SW) suite of tools. Conflicts are defined when one SAP end-user has the authorization to accomplish a possibly fraudulent act without collusion or assistance from someone else.

•Used simulation in SW tool to ascertain what changes were needed to remediate conflicts at the Role, and User levels. Also troubleshooting SRM roles.

•Skills used with SAP tables, SW tables, authorization objects, transaction codes, activity levels, Organization Levels, Structured authorizations, and experience with SAP modules to provide a fix. Manager reference is available.

Philips through Cyber - SAP Security Administrator - Murrysville, PA 15 December 2010 to 21 January 2011

•Worked with role changes to comply with recommendations from external audit to remove critical authorizations from Production roles, and daily change requests from employees.

•Skills employed include analysis of missing authorizations, obtaining approval to grant access and transport new access to test in QA and upon proof the new authorizations work as required transport to Production.

•Employee replaced by a new Bangalore team for SAP Security support.

Jamison Manufacturing: Port Saint Lucie, FL, October 2009 to December 2010

Title: Security and compliance consultant:

•Advised management on best practices for preparing to go public with the stock exchange in an effort to prepare for compliance with Sarbanes Oxley and other legislation.

•Worked with network- desktop team leads to manage, design, install, and configure computer room, servers firewalls, routers, network printers, UPS and disaster response and recovery plans.

•Advised on placement and type of video camera and recording equipment, watchman check-points, car park, vehicle locks, turnstiles, ID card creation and card reader placement.

Sodexo - Williamsville NY, 10 August to 14 August 2009

Title: Management Compliance Consultant:

•Consulted with project management and business units to validate User Master Data and configure Virsa Compliance Calibrator for future external audit.

•Worked closely with the security administer staff to provide validation and create reports for mitigation or remediation of conflicts at the user level.

•Delivered documentation i.e. instructions specific to running and configurations for the Compliance Calibrator.

•Provided a step by step plan to move forward with resolving discrepancies issues in regards to segregation of duties.

•Client released this consultant one week early do to cost saving measures, by corporate management.

Southern California Edison - Irwindale CA, 09 Feb 2009 to 29 May 2009

Title: Finance Security Managing Consultant:

•Center for Continuous Improvement CCI, a SAP implementation Project with extensive HR component and sub components.

•The security team of twelve administrators is organized in silos.

•Management responsibility in Finance security administration and role redesign for compliance.

•The activities surrounding this duty are as follows; discuss issues with proponent clients, obtain written approval from designated owner/manager, ensure Role Change and Impact Analysis forms are attached and are technically correct.

•Create or modify security roles in DEV, create testing type users in DEV, analyze authorization errors, implement fix and re-test. Insist that the proponent client accomplishing the testing actually writes “pass” in the Notification ticket as evidence to the future auditor.

•Then create a transport to move object to the Quality environment and test again.

•This includes Development, Quality Assurance and Production, landscapes in accordance with the rules and regulations prescribed by Southern California Edison.

•Obtain approval from Finance management and administered assignment of Fire Fighter IDs for temporary access to sensitive transactions like SE16 and SM30.

•Utilized transactions PA20, PA30, AP40, and PO13 to provide test users with structured authorizations in the Quality environment.

•Use of Mercury Quality Center software to formally document and test all steps in the process to move objects to Production.

•The SAP application “Notification” to document steps taken and obtain approvals, T-Codes IW22, ZIW28 and IW66. Other: Interface with Organizational Readiness to obtain approval for user audience changes and assignments to Production users.

•An additional sub-project duty was P2P Implementation for Finance: A Procure To Pay (P2P) project was implemented in conjunction with primarily duties.

•This project lasted four weeks of intensive role building, testing, repairs, inserting restrictions and addition of custom transactions. All custom Z-Tables were assigned an Authorization Group to provide restriction to sensitive data and to segregate duties in workflow scenarios.

•The project went live on time, and authorizations (security builds) worked as expected.

Estee Lauder – Melville NY 22 Sept 2008 to 30 Jan 2009

Title: Security Administrator one of eight, Strategic Modernization Initiative (SMI); a massive new implementation of SAP on a Global scale, 1700 users with positions (composite roles); modules: ECC, SRM, CRM, SCM, EP, XI, & BI, Duties include:

•Production authorization analysis and non-production support. Create users, Role/Position creation and modification, mass changes, transports and imports, troubleshooting authorizations, defect processing (Mercury Quality Center).

•Schedule and attend meetings with business process and development teams for solution initiation and follow-up to provide smooth transition for go-live activities.

EDUCATION

Bachelor of Science 1998 in Mechanical, Electrical and Civil Engineering, California Coast University

Bachelor of Science 1982 in Education University of Southern Mississippi

CERTIFICATIONS

SAP BW365 – Business Intelligence (BI-7.0) User Management and Authorizations, July 2007

SAP R/3 Net-weaver BASIS Administration, ADM-100 Atlanta GA November 2003

SAP R/3 Security Roles & Authorizations, CA-940

(CISSP) Certified Information Systems Security Professional, ISC2

(GCIH) Global Certified Incident Hander with Hacker Exploits, SANS/GIAC.

(CPP) Certified Protection Professional - Physical Security Management, ASIS

Cyber Security AWWA Syracuse NY July 2003

UNIX System Administration I SUN Microsystems

(PKI) Management Public Key Infrastructure from Entrust Technologies

Contact this candidate