Sap Security Change Management
Resume:
Rama Harshitha M
SAP SECURITY & GRC CONSULTANT
Email: adx61r@r.postjobfree.com
Contact: +1-248-***-****
LinkedIn: https://www.linkedin.com/in/rama-h-82981a81/
PROFESSIONAL SUMMARY:
Over 11 Years of experience as an SAP Security, GRC & HANA Consultant in Support, Development & Implementation projects
Executed SAP Support, Development, Rollout, Upgrade and Implementation projects with PS Brands, Mining (Newcrest), Pharmacy industries (McKesson Europe AG) and Suncor Energy.
Utilizing and administration of SAP GRC10.1, SAP GRC 12.0.
Executed SAP S/4 HANA Cloud project which includes the security implementation of S4 Cloud, SAP Cloud Analytics (SAC), Ariba, Identity Access Governance (IAG).
SAP Certified Associate in GRC Access Controls.
Proficient in role build, user administration and troubleshooting user access issues & SOX audit controls.
Proficient in analyzing and translating business requirements to technical requirements and Architecture.
Responsible for building new roles ensuring SOX compliance and making sure there are no SOD conflicts.
Worked on the remediation & mitigation process for the Critical risks.
Worked with internal audit teams to address different audit control requests.
Good client-facing skills, interpersonal skills, self-motivated, consistent learner.
Collaborate with other team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the Client requirements.
Have a good planning experience, working with the compliance team, SOX group for implementing business mitigating controls.
As people management coordinator for the landscape over the offshore of all the SAP Modules, which helped to build a good relation with the client all the time.
Highly motivated IT specialist well - versed in Release Management, Change Management and Problem Management, Excellent customer service skills and very customer-focused.
Manage activities between Release Management and the following functions: Change Management, Problem/Incident Management, and QA/Testing
TECHNICAL SKILLS:
GRC: SAP GRC 10.1, SAP GRC 12.0
ERP: SAP ECC, HR, BW, BOBJ, S/4 HANA, Fiori, Solman
CUA: Central User Administration
Applications: ServiceNow, Solution Manager, VMware Service Manager, Cherwell
Process: Incident Management, Change Management & Problem Management
EDUCATION:
Bachelor of Technology in Computer Science Engineering with 71% aggregate at JNTU University, Hyderabad, India 2010
CERTIFICATIONS:
SAP GRC Certified Associate
PROFESSIONAL EXPERIENCE:
Organization: PrimeSource Building Products Dec 2022 – Till Date
SAP Security & GRC Consultant
SAP S/4 HANA-1909, GRC- Access control 12.0
Location: Irving, TX
Roles and responsibilities:
Implemented GRC Access Control 12.0 versions.
Worked on Ruleset customization activities by connecting the E2E business teams.
Worked on various MSMP workflows to automate user administration activities.
Worked on S4 Hana and Fiori and other systems security and build the different Business roles.
Conducted different workshops with SoX teams and finalized and updated the process Control master data.
Configuring the Process Control system as per the client requirement.
Structural Authorizations - The data a user can access can be restricted by using either – Enterprise Structure: Groups/Departments, Codes, Individual user files – Organizational Structure: Common areas, overall use of the system
Structural authorizations allow restrictions to be configured on the organizational structure.
Infotypes - Units containing master data in SAP HCM, ESS, MSS. Used in recording employee data, payroll data, and administrative data, Creates fields and groups them together and enables time-dependent storage, Infotype restrictions are extremely important since master data is the core of HR data and needs to be restricted.
Personnel Number Restrictions - Users can be restricted using the authorization object P_PERNR to only accessing infotypes regarding their own personal data.
Creating of Master Data – Regulations, Business Process Hierarchy, Organizations, Risk Templates
Building of Data Sources and Business Rules which included sub scenarios like Configurable and ABAP Reports.
Configuring GRC components shared settings and Access control specific settings.
Activating BC sets, synchronizing repository objects
Risk analysis activities: Building Rule set, testing, remediate risks, mitigate risks, creating rules using BRF+ environment and performing risk analysis
Worked on NIST SP 800-53 controls to protect the system based on risk management.
User provisioning: Configuring access request forms, maintain EUP, Requesting access
Building and maintaining MSMP & BRF+ workflows.
Business Role Management BRM: Configuring Role management, create single, composite roles and business roles
Emergency access Management EAM: FFID, assign owner and controller to FFID, maintain reason codes, execute firefighting sessions and monitor emergency access.
Unlock/reset users’ password self-service accounts, maintain firefighter ids, controllers and Reviewers, import roles.
Creating employees and business users in S/4HANA Cloud system, by importing the employees from an HCM system like SAP SuccessFactors or from a csv file.
Exporting the business users from S/4HANA Cloud system and importing them into SAP Cloud Identity Authentication Service (IAS) that is pre-configured with the S/4 instance.
Create a Communication System in S/4HANA Cloud, Setup IAS as a source system in IPS, Setup SAP S/4HANA Cloud as a target system in IPS, Run the source provisioning job
Cutover Ids setup and address user access issues during cutover.
Hyper care IDs setup, work with organizational change management team to address any user-role mapping issues during roll outs create emergency change requests to address critical access issues
Responsible for working with business teams to test new and existing functionality and migrating roles from development to quality and production
Interact with clients to identify new sap security role requirement, map them to technical roles and TCodes and implement these into the system for different process areas such as PTP, OTC, and RTR.
Use Solution manager ChaRM for creating change requests, maintain associated documentation, and prepare transport lists for migration as per release management process
Troubleshooting user access issues using troubleshooting tools SU53, SU56, ST01.
Worked on SU24 to maintain check indicators for the Transaction Codes
Perform review of Custom Tcodes/custom tables to ensure they are in accordance with defined security policies and Maintain of the SU24
Address SAP open service connection issues from basis team and maintain logs for OSS ids using audit logs transactions SM19, SM20.
Organization: TCS
Client: Johnson & Johnson
SAP Security & GRC Consultant
SAP S/4 HANA & GRC- Access control
Location: Irving, TX
Roles and responsibilities:
Monitoring the SAP system for health and performance issues, System Landscape Configurations and Operations, Batch jobs creation, controlling and all management operations
All backup operations for SAP system, Request and Transport Management Systems
Prepare critical sensitive access report on daily /quarterly basis per audit requirements using SQVI queries; standard SAP tables AGR_USERS, USR02, UST04, and AGR_AGRS etc
Tele logic tool is used for the creation of the change request for the defects of the SAP by creating the low impact and Enhancement
In CUA the Creation, Deletion, Administration and monitoring of users, creating and assigning of user groups and mass user administration is handled through CUA, which will distribute the address and authorization data to child systems.
Creating single roles, Derived roles, Composite roles, maintain and generate authorization profile in CR&B (customer relationship and billing).
Worked on the creation of the Master role and derived roles concept through CUA
Mapping issues during roll outs create emergency change requests to address critical access issues
Responsible for working with business teams to test new and existing functionality and migrating roles from development to quality and production
Manage risks and resolve issues that affect release scope, schedule and quality
Participate in any change advisory board meetings to discuss release scope and/or roadblocks
Helped maintain accuracy in ServiceNOW CMDB for SAP SoX.
Ability to work with teams, to influence, to co-operate, to collaborate are essential key skills to get teams working at outstanding levels
Excellent communication skills across all levels
Responsible for development of Cross system SOD Ruleset including S4, MDG, SuccessFactors and Ariba.
Self-Management is a key attribute expected for this role. Being able to work without the need for follow up or too much management is important.
Self-motivated and self-starter once work assigned results are guaranteed almost always.
Expert level knowledge and experience working across the software development lifecycle, and end to end promotional model.
Infosys Ltd Client: McKesson AG Jun 2018 – Aug 2021
SAP Security & GRC Consultant
Location: India
Description: McKesson AG (formerly Celesio AG, previously Gehe AG), with its headquarters in Stuttgart, Germany is a leading international wholesale and retail company and provider of logistics and services in the pharmaceutical and healthcare sectors. The company had around 37,000 employees at the end of the 2019 financial year (31 March 2019) and is represented in 13 countries in Europe. In the 2019 financial year the company achieved a turnover of EUR 21.18 billion. The majority shareholder of the company is the US-based McKesson Corporation, which holds a share of 77.01%. The remaining 22.99% of shares are available on the open market.
Roles & Responsibilities:
Implemented GRC AC10.1, Configured GRC AC Access Risk Analysis (ARA) and Emergency Access Management (EAM) components.
Upgraded GRC Access Control from 10.1 to GRC 12.0 and updated the GRC ruleset accordingly.
Implemented the end to end security process (configured, testing, troubleshooting & support) for S4Hana 1610.
Implemented the strategy of creating /updating the existing business roles to new roles to transaction matrix which involved detail analysis of updating the SU24, SE93, PFCG and Security tables.
Discuss with clients and define Role Naming Conventions.
Utilize SU25 Step 1 to Transfer USOBT & USOTX Table to USOBT_C & USOBX_C Table.
Creating and maintaining authorization and Roles including Single role, Composite role and derived role.
Utilize SU24 to enable / disable security checks
Worked on SHDB t code to create Derived roles for the master roles
Creating SAP HANA DB Users, Roles Read, edit by granting required Privileges.
Configure Fiori Apps as per Client Requirements.
Configuring Roles for Tile Catalogs.
Troubleshoot security/authorization related problems using /IWFND/ERROR_LOG, SU53, ST01 and STAUTHTRACE.
Performed T code: /n/iwfnd/cache_cleanup and Report: /UI2/INVALIDATE_GLOBAL_CACHES for the global cache clear.
Creating access level and folders in BOBJ.
Maintaining folder hierarchy for report and dashboard access in BOBJ
Created CHARM roles for Developer, Tester, Requestor, Release Manager, Change Manager & Admin.
Testing – Unit Testing/ Integration Testing I/II/UAT
Issue fixing during - Unit Testing/ Integration Testing I/II
Go-Live/Post Go-live support
IBM India Pvt Ltd Client: Newcrest Mining May 2013 – Jun 2018
SAP Security Consultant
Location: India
Description: Newcrest Mining Limited is an Australian-based corporation which engages in the exploration, development, mining and sale of gold and gold-copper concentrate. It is Australia's leading gold mining company and its operations have expanded beyond Australia, for example Indonesia, thus becoming a prominent international mining corporation. Newmont Mining Corporation initially started the company as a subsidiary in 1966. The subsidiary became Newmont Holdings Pty Ltd. in 1980 and in 1990 acquired 100% of Australian Holdings Ltd. taking the current name.
Roles and Responsibilities:
Technical analyst for SAP security in production & non-production environments.
Segregation of Duties and Audit Compliance Standards.
Day to day technical support and resolution of Security issues.
Performed user maintenance tasks, User creation, deletion, lock down, activation, password management tasks and ran various user administration reports.
Troubleshoot security/authorization related problems using SU53, ST01 and SUIM
Creating Users based on request in CR&B (customer relationship and billing).
Assigning additional roles to the existing users.
Resetting Passwords for users and intimating password policy.
Analyzing missing authorizations based on screenshots sent by the user.
Optimizing the authorization checks by utilizing the SU53 and system traces (ST01)
Locking and changing the validity date for the expired users.
Contribute to the documentation for the various tasks that we perform for daily monitoring.
Worked on Remedy ticketing tool (Incident Management Console, Problem Management Console, Change Management Console), Work Request, ClearQuest.
Experienced in working with Auditors in keeping the SAP systems audit compliant.
Created Various Value based analysis authorizations and Hierarchy level analysis authorizations for HR Specific Characteristic values in BI environment.
Created and maintained BI Reporting roles and Analysis authorization roles.
Allowing fixed supplier fields for Employee and Requisitioner roles in SRM system.
Restricting the Info types at various Authorization profiles level, personal area level and sub type levels in HR area.
Maintained various roles in HR system and Setting up Idoc movement jobs from CUA system to child systems.
Built and troubleshooting Analysis Authorizations using the transaction RSECADMIN.
Assigned the Analysis Authorizations to the role using the object S_RS_AUTH.
GRC ADMINISTRATION:
Worked on GRC 5.3 and 10 (Governance, Risk, and Compliance) Tool.
Assignment of mitigation IDs to owners and approvers
Running the risk analysis at user, role level.
Creation and assigning of mitigation controls and mitigating users.
Creating and assigning Fighter IDs to Fighters Owners and controllers on approvals.
Assigning Firefighter IDs to owners, controllers.
Assigning Firefighter Ids to Firefighters.
Providing the log reports to managers based on the requirement.
Creating mitigating owners.
IBM India Pvt Ltd Client: Suncor Energy May 2011 – Apr 2013
SAP Security Consultant
Location: India
Description: Suncor Energy is a Canadian integrated energy company based in Calgary, Alberta. It specializes in production of synthetic crude from oil sands. In the 2020 Forbes Global 2000, Suncor Energy was ranked as the 252nd-largest public company in the world.
Roles and Responsibilities:
Role administration including new role creation (Single, Composite and Derived Roles), deleting, maintaining and transporting across transport landscape
Using SE16 tables for auditing the user and role information
Creating and Releasing Transport Requests and performing individual and Mass transports of roles
Worked on roll out projects
Worked on ticketing tools like Remedy and transport management using Solman Charm.
Analyze the user problems by using SU53, SUIM and ST01
Obtain all necessary approvals and UAT testing for creating Change request and Presenting in CAB meeting to move Roles to Production systems.
Handling Complete user administration activities.
Expertise in restricting roles from Critical authorizations like S_DEVELOP, S_BTCH_JOB, S_BTCH_NAM, S_TABU_DIS, S_CTMS_ADM, S_TRANSPORT etc.,
Involved in role cleanup activities like deleting duplicate and in-active authorization objects and restricting roles from critical Authorizations.
Involved in removing critical SAP profiles like SAP_ALL and SAP_NEW from all dialog users.
Contact this candidate