Sangeetha Thupakula

SAP Certified SAP Security and GRC consultant

E-Mail: adq0l1@r.postjobfree.com

Mobile:1-804-***-****

Summary:

Around 8+ years of experience in SAP Security Administration including implementations, upgradations, roll-outs and production support.

Involved in S/4 HANA on-premise (1909) implementation encompassing build backend S/4 HANA on-premise roles (1909), test and cutover activities pertaining to security implementation.

Developed security roles and authorizations for Procure to Pay (PTP), Order to Cash (OTC), Finance to Manage (FTM), end to end business process, leveraging the latest S/4 HANA security transactions and authorizations.

Experienced in developing security roles for S/4 HANA and Fiori Gateway Systems as per customer requirement

Experienced in troubleshooting S/4 HANA and FIORI authorization issues

Involved in GRC 12.0/10.0 Access Control implementation encompassing configuration of ARM, EAM, ARA, BRM.

Experienced in Creating Initiator rules, Agent Rules, Configuring MSMP workflows

Extensively worked on User maintenance, Role maintenance using User and mass user maintenance tools and Profile Generator

Experienced in developing SECATT for mass user maintenance

Highly experienced in troubleshooting SAP Security authorization issues for SAP modules like S/4 HANA, FIORI, ECC 6.0, BI 7.0, 7.3, BOBJ, CRM, HCM and EP.

Experienced in position based security, indirect role assignment, Structural Authorizations.

Extensively worked on Audit Information Systems (AIS) logs.

Experienced in transports using STMS and other third party tools like iWave transportation in complex scenarios with multiple SAP Servers

Experienced in setting up Central User Administration System (CUA)

Experienced in troubleshooting authorization issues.

Extensively worked on SAP Table access authorizations.

Experienced in creating custom authorization objects in ECC.

Experienced in creating, troubleshooting BI analysis authorizations

Analyzed and proposed Security process gaps and proposed security process improvement to the client

Experienced in working with internal and external auditors.

Experienced in onsite-offshore support model.

Designed and implemented solutions that automates repeative tasks like password reset, user terminations, inactive users to reduce incidents, access requests, maintenance requests which inturn reduces maintenance and user license costs

Demonstrated successfully the ability to adopt new technologies with minimal or no support in learning and performing the duties.

Demonstrated ability to effectively transfer knowledge to clients or team members and create clear, concise documentation.

Strong analytical, problem solving, project management, communication and interpersonal skills.

Certifications:

SAP System Security Architect Certification

SAP GRC 12 Ceritification

Professional Experience:

Duration: May 2019 -Jul 2021

Position: Sr. SAP GRC Security Consultant

Client: Consumers Energy, Jackson, MI

Responsibilities:

Developed S4HANA/FIORI roles as per customer requirement

Supported end to end SAP Security project implementation, security, testing support, Cutover and Hyper care activities.

Supported User ID maintenance, Security Role maintenance including Fiori catalog and group maintenance, and Security Role assignment.

Creation of the FIORI Catalogs and groups, Target mapping - semantic object, action. Adding Catalogs and groups to the PFCG roles.

Documenting and implementing cut-over tasks for the S/4 HANA go-live. Troubleshooting and Identifying the missing OData Services and authorization issues in /IWFND/ERROR LOG and notifying the Basis and Fiori configuration team to activate them.

Developed security roles and authorizations for FIORI launchpad, including Odata services for the app, catalogs and groups in the task based roles to access FIORI applications.

Built security roles for FIORI, leveraged transactional, factsheet and analytical apps in the FIORI role based design based on business requirement.

Developed security roles and authorizations for OTC, FTM, PTP end to end business process, leveraging the latest S/4 HANA security transactions and authorizations

Working with business users to identify the issues with Fiori apps and resolving the auth issues.

Providing support and issue resolution in quick turn-around during project implementation.

Production Support including user provisioning, role maintenance and authorization change requests

Working with business users to identify the issues with Fiori apps and resolving the auth issues.

Extensively worked on troubleshooting authorization issues.

Developed BI Analysis Authorizations depending on the requirement.

Configured roles and authorization objects to secure reporting users

Used InfoObject Security (field-level security) for Reporting Users and also created custom reporting authorization objects (Analysis authorizations)

Creation of custom authorization objects in ECC 6.0

Extensively worked on table level authorizations

SAP Enterprise portal user administration.

Maintenance of Fire Fighter IDs and Fire Fighter users in 12.0

Perform role import and make them available for provisioning via GRC ARM.

Supported internal and external auditors

Coordinated and supported offshore team and provided on call support.

Environment: SAP S/4 HANA, ECC 6.0, SCM, APO, BI 7.3, ServiceNow, Solution Manager, GRC 12.0

Duration: Jul 2018 - Mar 2019

Position: Sr. SAP GRC Security Consultant

Client: Nasco, Atlanta, GA

Responsibilities:

Involved in implementation/support of GRC AC12.0, Configured GRC AC Access Risk Analysis (ARA) and Emergency Access Management (EAM) components.

Configured MSMP workflows for addressing various user request types in Access Request Management.

Configured the MSMP Firefighter log report workflow for getting the logs to firefighter controllers.

Successfully implemented various MSMP Mitigation control workflows like mitigation control setup and assignment.

Configured various BRF+ rule kinds like Initiator rule, Agent rule, Routing rule and Notification and variable rule.

Successfully configured User Access Reviews (UAR) for assessing the user’s access in all production environments.

Worked on the Access Risk Analysis (ARA) for Segregation of Duties and Sensitive Transaction rule set. Creation of the New risks and mitigation controls as per business processes.

Worked on Business Role Management (BRM) Role Management Solution for importing roles with in Access control.

Worked on Access Request Management (ARM) User Provisioning Solution.

Worked on Emergency Access Management (EAM) Super user Access Solution.

Worked on creating Firefighter Ids, Owner, controllers the user who requires emergency access.

Decentralized Firefighting to logon to the plug-in systems for firefighting; using the GRC system only for maintaining emergency access assignments and reporting.

Discussion with client about requirements and communicating to team members.

Maintained users in Enterprise portal, assigned LDAP groups to users, provide access to applications in portal

Maintained users in BOBJ via CMC, provided access to different types of reports

Troubleshoot BOBJ access issues, Analysis for Office issues

Worked on BI/BW Analysis Authorization using RSECADMIN, granting access to Multi-Providers and restricting access by company codes, plants, distribution channels and hierarchical restrictions.

Assigned Analysis Authorization objects to roles using S_RS_AUTH Authorization object.

Restricting access to reporting users by assigning display and execute permissions and power users by assigning maintain authorizations using S_RS_COMP & S_RS_COMP1 and other objects to grant access to relevant queries and reports.

Resolved BeX Analyzer issues for the BW users and restricted BW users access to BW reports to Company codes, Plant codes via Analysis Authorizations (RSECADMIN).

Environment: SAPECC 6.0, SCM, APO, BI 7.3, SAP PI, SAP EP 7.0, SAP BOBJ, SAP Analysis for Office, ServiceNow, Solution Manager, GRC 12.0

Duration: Apr 2017 – Feb 2018

Position: Sr. SAP Security/GRC Consultant

Client: T-Mobile, Seattle, WA

Responsibilities:

Production Support including user provisioning, role provisioning, security role creation/modifications and authorization change requests

Fix production problems coming through Remedy Action Request system.

Develop SECATT scripts for create and update user profiles

Production Support including user provisioning, role provisioning, security role creation/modifications and authorization change requests

Assist users with performance and security issues.

Created Customized (Z roles) roles, Table Authorization Group and transported to production using Mercury Kintana Change Management tool or STMS.

Fix production problems coming through Remedy Action Request System

Worked on BI/BW Analysis Authorization using RSECADMIN, granting access to Multi-Providers and restricting access by company codes, plants, distribution channels and hierarchical restrictions.

Assigned Analysis Authorization objects to roles using S_RS_AUTH Authorization object.

Restricting access to reporting users by assigning display and execute permissions and power users by assigning maintain authorizations using S_RS_COMP & S_RS_COMP1 and other objects to grant access to relevant queries and reports.

Resolved BeX Analyzer issues for the BW users and restricted BW users access to BW reports to Company codes, Plant codes via Analysis Authorizations (RSECADMIN).

Performed Compliance activities on Weekly, Monthly and Quarterly audit for SAP systems for ensuring proper SOX controls are being in place and to remediate risks in place for the systems.

Interacted with Basis, Security and IT compliance team over External audit requests over User licensing, Ticket information, process information, Super User Access Management etc.

Environment: ECC 6.0, BI 7.0, SRM 7.0, CRM 7.0, SAP GRC 10.1, Remedy Action Request System, CVS.

Duration: Jun 2015 – Feb 2017

Position: SAP Security GRC Consultant

Client: KLA-Tencor Corp., Milpitas CA

Responsibilities:

Performed user administration activities such as creating, deleting, locking and unlocking users, resetting passwords, maintaining logon data and assigning roles to the users.

Performed administrative activities pertaining to the OSS Support ID’s update in the Secure Area of the Service

S-User ID creation, access maintenance and Developer/Object key generation as per installation number in SAP Marketplace.

Restricted access at Hierarchy Nodes and Values in Analysis Authorization.

Extensively used tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_DEFINE etc.

Built Analysis Authorizations and trouble shoot using the transaction RSECADMIN.

Secured Reporting Users by using S_RS_COMP, S_RS_Comp1 and S_RS_FOLD.

Created User Groups by using transaction code SUGR.

Transport Roles using the change request method and also the Download/Upload method for transporting the roles to systems not in the transport landscape.

Performed Portal user administration activities such as creating user ids, copying user ids, assigning roles, assigning groups etc.

Transporting the change requests from the Development environment to Testing/QA environments.

Created custom transaction Codes for restricting access to custom tables, views and programs.

Created Authorization groups and assigned Tables and Programs to the groups.

Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc), and customized Query reports.

Environment:NW 7.02, ECC 6.0, BI 7.0, APO, EP 7.0, SAP GRC 10.0, Service Now, SAP HCM (OM, PA, ESS/MSS), SAP GRC 10 EAM(SPM), ARM, ARA.

Duration: Apr 2012 – Sep 2012

Client: Philip Morris, Richmond, VA

Position: SAP GRC Security Consultant

Employer: IBM, Bangalore, India

Responsibilities:

Involved in ECC 6.0 Upgrade project

Developed roles with proper naming convention depending upon business and functional requirements for FI/CO, MM, SD modules.

Experience in creating single, derived and composite roles

Extensively worked on fixing authorization problems

Worked extensively in CUA environment.

Troubleshoot SAP authorization issues.

Develop analysis authorization object in SAP BI.

Configured roles and authorization objects to secure reporting users

Developed Custom Authorization Objects for queries developed by the users.

Used InfoObject Security (field-level security) for Reporting Users and created custom reporting authorization objects (Analysis authorizations)

Worked on Structural authorizations

Worked on Table authorization group to control access to the tables

Created OSS IDs and maintained system connections for SAP Support.

Performed monthly user account cleanup

Performed user measurement and user license audit using USMM and SLAW

Review Fire Fighter logs, assignment of FF IDs to Fire fighters

Used SAP GRC CUP for user provisioning.

Environment: ECC 6.0, BI 7.0, SAP GUI 7.10, SAP HCM, SAP GRC 5.3 (Fire Fighter, Compliance User Provisioning (CUP)), SAP APO.

Duration: June 2011 – Mar 2012

Client: ABB, Bangalore, India

Position: SAP GRC Security Consultant

Employer: Gyansys, Bangalore, India

Responsibilities:

Production Support including user provisioning, role provisioning, security role creation/modifications and authorization change requests

Developed CATT scripts for create and update user profiles

Created and revised custom roles based on the Security requirements.

Fix production problems coming through Remedy Action Request System

Used STMS extensively to transports Roles, Authorization objects etc.

Configured roles and authorization objects to secure reporting users

Developed Custom Authorization Objects for queries developed by the users.

Used InfoObject Security (field-level security) for Reporting Users and also created custom reporting authorization objects (Analysis authorizations)

Maintenance of Risks, Functions, Mitigation controls in RAR

Imported roles from backend system into CUP

Assigned role level approvers in CUP

Created FF IDs and mapped with FF users.

Maintained FF ID controllers, Owners.

Schedule background job for time to time data synchronizations, Rule generation and Alert log generation.

Risk analysis while approving request through Access Enforcer.

Environment: ECC 6.0, BI 7.0, HCM, SAP GRC Access Control 5.3, Remedy Action Request System

Duration: June 2010– May 2011

Client: Philips Corp, Andover, MA

Position: SAP Security Analyst

Employer: Ciber Inc, Bangalore, India

Responsibilities:

User Account Management, creation, modification and deletion of the user as per the process defined.

Creation and modification of Roles as per the requirement using PFCG.

Building the Roles using the transaction codes and implementing these Roles for the client organizational levels creating derived Roles and authorization profiles for the various plants located at different geographical locations in Development system.

Transporting these Roles and derived Roles to Quality Assurance System (QAS) and initiating the testing process of these roles by assigning the intended Roles to test users and monitoring and trouble- shooting the authorization failures during testing.

Extensively traced (ST01) for authorization errors and failures and used SU53 reports.

Interacted with Customers and Team members simultaneously to resolve Incidents.

Locking and unlocking users and maintaining their profiles (SM01).

Extensive experience with Profile Generator (PFCG), User Administration, Authorization object maintenance, Problem analysis and troubleshooting

Followed user deletion process for deactivating the user accounts in production systems.

Analyzing and solving the missing authorizations and day-to-day security issues that are being raised by the users.

Create and modifying Single/Composite roles and Master/Derived roles.

Secured Reporting Users by using S_RS_COMP, S_RS_COMP1 and S_RS_FOLD.

Created and transported Analysis Authorizations and inserted AAs into roles.

Transport Analysis Authorizations through Workbench request from the development client to the quality client and further on confirmation to the production client.

Comprehensive experience with SAP Profile Generator with strong skills related to the Authorization concepts.

Created and maintained table Authorization Groups SE54 and assigned Authorization Groups to tables

Create Test IDs and work with test/functional teams to verify resolution of authorization issues.

Environment: SAP R/3 Enterprise, ECC 6.0, BI 7.0, GTS, DMS 5.0, SAP GUI 6.40, Remedy Action Request System.

Contact this candidate