Sap Security Experience
Resume:
KEVIN DALY
E-MAIL: ********@*******.*** ADDRESS: 84b Kellett Road,
Brixton,
TELEPHONE: 0044 (0-776*-****** London, SW2 1EH
PASSPORT: UK and Irish(EU) Passport holder
PROFILE:
A SAP Security/Authorisations/GRC professional with twenty five years SAP experience in the UK and overseas. For the past twenty years I have focused chiefly upon SAP authorisations and user security. Having gained my initial SAP experience through over two years working on a new HR implementation, I have since added to my skills through a series of contracts in UK and overseas. These positions included development and support work on fresh implementations and upgrades.
EMPLOYMENT:
Apr 2020 - to date Arvato/Department for Transport(DFT) - SAP Security
Working for an IT Consultancy covering the full project lifecycle of a migration from ECC to an embedded SAP Hana implementation, at a large government sector organisation. This was a multi platform system including S4 Hana, Success Factors, Employee Central, Employee Central Payroll, BI, BPC, VIM, Jaggaer, Concur, Kronos, SAC and Solution Manager for DFT’s Future of Shared Services(FOSS) programme.
Liaising with a third party design team, creating roles and Fiori business catalogs and business groups. Defect resolution over different phases of testing, aiming at a phased rollout across several business units. Creation of IDM(v8.0) Business Roles for endusers and project users with users set up via Success Factors. Use of Retrofit for role transports. Original build done in S4 Hana version 1909 with subsequent upgrade to version 2022, with BI upgraded from version 1909 to version 2021.
Sept 2018 – Dec 2019 Linklaters - SAP Security
Development and maintenance of corresponding R3 and Gateway roles for Fiori for use with Travel and Expenses and other functionality. Building of SAP roles for Shapein middleware required for transition of HR systems to Workday. Creation of HR display roles and update of Org Keys. Maintenance of roles for BI7, BOBJ and CRM.
Implementation and upgrades of GRC solution Security Weaver modules including Transactional Analysis(TA) used with SAP's Read Access Logging tool(RAL). Attending Security Weaver user groups to advise and share knowledge with other companies. Working with auditors, including use of ACE audit tool.
Oct 2016 – Sept 2017 Winterhawk Consulting/ Arthrex – SAP Security
Based in Germany as the Arthrex SAP Security team’s only onsite EMEA member engaged on successive ECC rollouts in Europe. Employed through a specialist SAP Security Consultancy, I worked closely with Winterhawk colleagues based mainly in their client Arthrex’s US HQ. Additionally I liaised with functional consultants and the business from the FTM, OTC and DTS streams to meet their authorization requirements through creating, adjusting and testing roles, and defect resolution.
I also participated in a program to split the HR system between EMEA and non EMEA countries and a simultaneous HR role redesign project. Further work was undertaken creating, testing and deploying a new set of BI roles for EMEA countries.
Aug 2015 – to Aug 2016 Univar - SAP Security
Working on a role redesign, motivated by a need to attain SOX compliance, during a simultaneous upgrade from ECC 5 to ECC 6. The GRC ruleset in the legacy system had under reported SOD violations. Activities included the usage analysis through GRC to determine what transactions were to be included, role design, role build and unit testing. Functional areas covered included RTR, PTP, FTS and OTC. A large number of custom transactions complicated these stages.
Subsequently worked on systems integrated testing and user acceptance testing fixing defects. Additionally I liaised with the business during a segregation of duties review when the roles were adjusted to remove Segregation of Duties violations.
Jun 2015 to Aug 2015 HCL Axon/Linde Industrial Gases – SAP Security
Based in Germany during completion of build and project test cycles of a new SAP implementation. Liaising with the business and functional consultants to determine role requirements. Working with landed and offshore colleagues in the security team to build roles and subsequently to effectively & efficiently resolve S&A Defects. Provision of environments with S&A content so as to meet prerequisites of the Project Plan.
Use of GRC 10 to identify SOD issues. Resolution of these issues by working with role owners to resolve these issues by either altering roles or to formulate appropriate controls to mitigate the risk, such as setting up additional monitoring procedures. Use of Charm to transport role changes.
Jun 2014 to May 2015 Ciber/Sanctuary Housing - SAP Security
Employed by a major UK Consultancy during the role build phase at a greenfield site. Using workshops with business analysts and functional consultants and interpretation of process documentation to create roles. A Netweaver Business Client(NWBC) user interface with multi system links to other systems was implemented. The scope of the project included FICO, HR, Procurement(SRM), CIC(CRM), IS Real Estate, BI and BPC. Use of Webdynpros in SRM roles and structural authorisations in HR.
Creation of functional specifications to document roles identifying key control points, design decisions, segregation and qualifiers. Unit testing and error correction of roles and use of GRC risk analysis to identify SOD violations.
May 2013 to May 2014 JTI (Japan Tobacco International) - SAP Security
Working between the UK and Germany on a project extending SAP to countries in Africa and the Americas for a global tobacco manufacturer. Advising process teams in creation and update of BPML(Business Process Master List) documents to determine role requirements. Use of LSMW to create roles and GRC 10 BRM(Business Role Management) to populate organisational levels of derived roles.
Subsequent build of roles through process runs by business using third party APM(Authorisation Process Management) tool to populate authorisation objects. Running GRC 10 Access Management to identify SOD violations followed by consultation with business to remediate issues through altering roles or introducing mitigating controls.
July 2012 to April 2013 Univar - SAP Security
Working on successive EMEA rollouts of a new ECC 5.0 SAP implementation and support of previous waves for a chemical distribution company. Communicating with RTR, PTP, FTS and OTC business process teams to determine requirements for new roles and role changes. Worked closely with the business, functional consultants, and the Univar Global Security team in the US.
Use of GRC Access Control 10.0 to determine Segregation of Duties conflicts in roles and liaising with the GRC team to resolve these conflicts. Complied with change control process for movement of changes to the Production system including use of Charm and Solution Manager.
Apr 2012 to July 2012 HCL Axon/Royal Mail - SAP Security
Supporting a recently implemented SAP HR system and the programmes’s final rollouts. In addition to HR roles and structural authorisations I also worked with BI(7.0) analysis authorisations and CRM(7.0) and their integration with HR. The system was accessed via a portal front end and also made use of Single Sign On and Active Directory.
IDM and GRC(5.3) were both installed. I was responsible for maintaining the links between these systems and regular monitoring activities. The GRC sub modules included RAR, CUP and SUPM. This was a customer facing role involving close liaison with users, business representatives functional members of the solution and support teams and on shore and off shore members of the authorisation team.
Nov 2011 to Mar 2012 GSK Biologicals - SAP Security
Working for a global biopharmaceutical company onsite in Belgium. Covering ECC(6.0), including across the board sub modules, CRM (7.0), SRM(7.0), and BI(7.0). Responsible for a combination of new development and support work.
Analysing security requirements for a particular project or change, recommending the solution to be implemented and implementing the solution, including testing and documenting. Analysing customized development specifications and identifying the authorization objects to be used by the developer to make the program secure.
May 2011 to Oct 2011 NCC Group - SAP Security
SAP greenfield implementation at a technology company. CRM (7.0) and ECC (6.0), modules FI and WM. Working with business and functional consultants to determine requirements. Subsequent design and build of roles to comply with audit requirements. Creation of business roles and PFCG roles based on web interfaces and interaction centre in CRM covering sales and operations. Use of UIU_COMP and other CRM specific authorisation objects. Adjustment to values in these objects during testing phase where ST01 traces were used.
Assignment of roles to users via organizational structure, CUA and single sign on were also used in this project as was Solution Manager in particular for test management. Additional work was performed for Business Objects authorisations.
Sept 2010 to April 2011 BG Group - SAP Security
Working in the oil and gas industry in the client’s Centre of Excellence supporting their existing ECC (6.0), BI(7.0) systems. Project work centred on security for the FI, HR and MM modules This included working with BPC, BCS and Appraisals/Performance Management. Additional BAU work involved working with authorisations in these modules and representing proposed authorisation changes at twice weekly Change Control Board meetings. As part of the wider Basis team additional transport management tasks were undertaken complying with change control. Regular monitoring activities both from basis and audit perspectives were also done.
Maintenance of SoD rulesets for VIRSA 4.0 was performed. I also researched an anticipated upgrade to SAP GRC 5.3 Access Control, including a proposed implementation of access risk analysis and remediation, superuser privilege management and compliant user provisioning.
Jun 2010 to August 2010 Lodestone/Warner Chilcott - SAP Security
Based at a pharmaceutical enduser’s site in Germany, in the period pre and post Go Live Following a major acquisition the new business was absorbed into the client’s SAP system having previously operated independently on an earlier SAP version. This phase two of the implementation took place simultaneously in six separate European sites requiring considerable liaison with colleagues in these sites and at the HQ in US.
Creation and testing of master and derived roles in modules FI, IM, MM, PM, PP, QM, SD, WM modules under very tight timelines. User set up and role assignment with ECATT scripts. Changes to roles after Go Live took place under strict guidelines common in the pharmaceutical industry. Resolution of SOD/SOX Conflicts. Use of VIRSA 4.0 and Firefighter to monitor project members access in the Production system.
Mar 2009 – May 2010 Capgemini/Corus - SAP HR Security
Part of Capgemini’s solution team on their steel manufacturing client’s implementation of SAP HR ECC (6.0). Responsible for the design and build of authorisations for the project. This incorporated structural authorisations and context sensitive authorizations to restrict users to accessing different data and to performing different activities in specific parts of the organisational structure with the authorisation object P_ORGINCON.
Development of master, derived and single roles through PFCG for sub modules PA, PD, OM, PY, TMW, Qualifications, Training and Events, Appraisals, ECM, EH&S, MSS and ESS, including restricting users’ access to their own data with the authorisation object P_PERNR. I unit tested these roles and oversaw integrated and user acceptance testing.
The project also included the development of roles for BI(7.0) and authorisation analysis based upon the structural authorisation developed in ECC. Setting up, testing and monitoring of regular background jobs was also performed. I was also involved in resolving Workflow issues centred on submodules accessed via the portal.
May 2008 – Jan 2009 Lodestone/Sandoz - SAP Security
I worked for the SAP consultancy Lodestone at its large pharmaceutical client’s Austria site during a project to reimplement SAP, harmonising its business processes with its other global sites. Joining the project during the realization phase I was responsible for working with and advising functional teams to determine the access restrictions required and to subsequently create and change roles based on these requirements. This required a detailed understanding of SAP transactions such as PFCG, SU24 and SUIM.
Implementing over 400 single roles across ECC (6.0), SCM(5.0) and BI(7.0) I assisted the business in screening roles, understanding SU53 messages and running ST01 traces to distinguish errors. I was also involved in preparing data for ecare runs to determine SOD/SOX conflicts. Design and Build done in line with GxP. At go live I was responsible for setting up over 2000 users and support in the immediate post production period.
Nov 2007 – Mar 2008 BP - SAP Security
Working as part of a six strong security team as part of BP’s Process Fitness Programme. Preparing for initial SAP implementation in the Supply and Marketing sector I was chiefly responsible for the customer facing Order to Cash process.
Building global roles and creation of localized derived roles using ECC (6.0), SCM(5.0) and SRM(5.0). Leading workshops with the process team to determine organisational level and other values with which to populate the roles. Role verification to uncover hidden transactions to enable users to effectively run processes. Additionally I worked on the resolution of defects resulting from security string testing.
Oct 2006 – Oct 2007 GeSeaCO - SAP Security
A new implementation of ERP 2005, BI(7.0), CRM (5.0), XI and Enterprise Portals. Liaising with business process, reporting and technical teams to determine requirements and restrictions for enduser, basis and technical roles. I was chiefly responsible for security for the Finance and MM sub modules which were constructed based on third level business processes. Security was enforced in line with segregation of duties and Sarbanes Oxley audit requirements. Scoping, design and build of master/derived, single and composite roles. Menus structures were created to reflect business needs. I also oversaw unit and integrated testing of authorisations.
Working as part of the overall basis team I also participated in transport management and other routine basis administration tasks including troubleshooting and monitoring activities.
May 2006 – Sept 2006 Linklaters, UK - SAP Security
Working within the Authorisations and Basis team, for a global corporate law firm during an upgrade from SAP R3 version 46c to ECC 6.0. Examination of impact of new functionality on authorisations and security. Subsequent alteration of roles and authorisation objects and values. Error resolution of issues raised in upgrade using system traces and other investigations.
Chiefly responsible for FI and HR authorizations, including structural authorizations and context sensitive authorisations. I also supported and maintained BW 3.5, including Bex Analyser, SEM and CRM 4.0 roles. Exposure to CUA and single sign on. Additional experience with Quick Test and CATT to maintain multiple roles derived from master roles for the organisation’s individual offices.
Mar 2004 - Mar 2006 Office of the Deputy Prime Minister (ODPM), UK
- SAP Security Analyst
A position within a highly customer focused team dealing with clients within the ODPM, Department of Transport and the Government Offices.
Particular involvement in a project that involved the creation and implementation of new R/3 organisational roles and structural profiles. Further duties included the development, testing, maintenance and roll out of functional roles to the user community, including role design and build, customising objects and customised development. Knowledge of the profile generator, organisational roles and composite roles. These roles and profiles specifically related to R/3 Finance and HR, BW and EBP/Buynet.
Experienced in design and implementation of SAP security across integrated business solutions with skills in business impact analysis & auditing. I was responsible for implementing and maintaining application security procedures and standards for all SAP applications, in order to contribute to a standard SAP security solution. I participated in monitoring and reporting application security violations and implemented preventative and monitoring methods to manage risk. My position also involved dealing with the resolution of helpdesk calls concerning error resolution and user access.
The post requires excellent communication skills, not only to assist customers, but also to assist knowledge transfer throughout the team and when required to provide written guidance in line with the Division’s ISO requirements. I worked on my own initiative within an area of ever changing priorities, and was an integrated and flexible member of the team.
Aug 2003 - Mar 2004 Kent Police Authority - SAP HR/Security
Support Analyst
Supporting Stage One of a freshly installed SAP HR system. Fulfilling customers’ requirements was a vital objective of the department and my ability to deliver successful solutions to deadline was critical in meeting this aim. An essential element of the role was the joint responsibility of the support team in meeting targets in answering calls to the satisfaction of the users. Resolution of Workflow problems particularly centred around leave requests was also performed
The position also included the development of authorisation roles from blueprint to production on this 46c implementation of SAP HR. Focusing on the PA and PD modules, my duties included working with developers, the business and users to design, construct test and maintain security roles and to recommend the allocation of roles to users.
Dec 2002 - Feb 2003 KPMG, Dublin - SAP Tester
Value Chain Testing on KPMG’s internal implementation of SAP 46c in Eire and Northern Ireland. A thorough understanding of the HR module was required for this position including UK and Irish payroll, capacity planning, cost planning, compensation management, time management and evaluation, travel management and exams. Emphasis was put on testing integration points between the HR sub modules and on integration with other modules, within a QA environment. Authorisations testing was a further key element of this role.
Nov 2001 - Jan 2002 Bank of Ireland, Dublin - SAP Tester
Functional role working across the HR/Payroll module prior to Go Live on a new implementation in 46c. My role involved writing and executing test scripts, error tracking, liaising with developers, error resolution and retesting following configuration changes. After completion of functional testing my job was to oversee and assist in user acceptance testing. Working within time limits and a comprehensive knowledge and experience of the different HR sub modules were critical aspects of this position.
June 2001 - July 2001 Deloitte Consulting, Canberra - SAP HR Analyst
Working at the Federal Department of Transport and Regional Services on their SAP upgrade from 31h to 46b. Specialising in the Master data, Training and Events and Recruitment modules, my role involved the investigation of new functionality, demonstration to users and implementation of configuration changes, writing test scripts, performing payroll tests using scripts written by colleagues and coordinating user acceptance testing. The ability to reach deadlines, self motivational and teamwork skills were crucial qualities required for this position.
May 2001 - June 2001 Victoria State Government Dept of Human Services,
Melbourne - SAP HR Support Analyst
A first and second line support role that involved assisting Department of Human Services SAP HR users throughout the State of Victoria. Customer satisfaction was an essential goal of the department and this required the capacity to deal smoothly with often harassed and busy clients, responsible for the organisation’s productivity. My capability to produce swift and successful solutions was crucial in meeting this aim. An important aspect of the job was the collective responsibility of the support team in reaching targets in effectively answering and closing calls. This emphasis on teamwork was crucial to the success of the department.
Nov 2000 - Feb 2001 NSW Police Service, Sydney - SAP FI /HR Support
Analyst
A three month contract providing primarily telephone based helpdesk support to the Police Service’s 16,000 SAP users. The role required a comprehensive knowledge of Finance, HR and Workflow to assist customers of widely varying abilities. Experience of the Windows 95, 98 and NT operating systems was also essential. The department used the Infra helpdesk system to log and record details of calls. An independent rostering system that linked to SAP was also supported. The provision of one to one tutoring and the production of user documentation also comprised part of my duties.
May 1998 - Sept 2000 Nestlé UK Ltd., Croydon, Surrey - SAP HR
Development/Support Analyst
Working in a twenty strong team to implement the SAP tool in Nestlé’s HR function. The system enabled the review of the company’s business processes enabling solutions to be devised and produced, in order to maximise efficiency. Principal areas that I was involved with, prior to ‘Go Live’ in April 1999, include, the organisational structure, training and events management, recruitment, master data and abap programming. My role involved liaison with development colleagues and the HR department in determining requirements to test and customise the application. I acquired and applied significant technical skills to enable this.
A major part of the position involved testing. This included payroll parallel testing, integrated testing focusing on the interfaces with other modules, regression testing, Y2K testing and participation in an upgrade from 31h to 46b in March 2000. Knowledge of CATT was acquired to enable the automation of these tasks. I was also accountable for user training, the technical authorship of documentation and its publication on Nestlé’s intranet.
Feb 1997 - May 1998 IBM UK Ltd., Farnborough - Graduate Trainee
As part of IBM's Global Services division, I held the role of Support Programmer on a project that involved the third line support and enhancement of an external client’s Invoicing System. This position predominantly concerned the provision of technical support in Uniface, a database front-end application. Duties included the production of Impact Analysis in response to identified faults and enhancement requests, and the implementation and testing of Maintenance Requests. I had the opportunity for substantial contact with the customer, concerning the clarification of change requests and in deciding future action. This assisted me in gaining a comprehensive knowledge of their objectives.
EDUCATION:
1995 - 1996 Kingston University
MSc Information Technology
An intensive postgraduate conversion course in IT that covered all aspects of the software development lifecycle. I acquired knowledge and experience in the areas of computer programming, operating systems, databases, networks, systems analysis and design, feasibility studies, business skills in computing and human computer interaction.
The course included a four month project placement at the Bethlem and Maudsley NHS Trust creating an MS Access contact management database.
1994 - 1995 MicroTech Computer Services (London) Limited
City & Guilds Level 2 in Information Technology
Microcomputer operating systems and environments
and database methods.
1989 - 1992 University of Greenwich
BA Hons Humanities, Upper Second
Covered the study of literature, philosophy, politics, geography and history.
This broad based first degree course provided me with the chance to cultivate oral and written presentation skills Study methods that included independent research, leading seminar discussions and group projects. It was here that I gained an initial insight into the Media and Information Societies and found a stimulus for a growing interest in technology.
Contact this candidate