Sap Security Internal Audit
Resume:
Anil Kumar N Email: ****************@*****.***
SAP Security/GRC Consultant Mobile: +1-954-***-****
Professional Summary
Having 7+ years of IT experience as a SAP Security / GRC Consultant.
Experience with the following SAP Products: ECC 6.0, BI, BPC, GRC AC 10.0 and 12.0 & Internal Audit.
SOLMAN 7.2 Implementation (Role Design)
Involved in Migration activities from SOLMAN 7.1 to SOLMAN 7.2
Having knowledge on SAP FIORI.
Having good knowledge in MS word, Excel and Powerpoint for reporting.
Good team worker, Time management and having Positive Attitude. Ticketing tools
Worked on resolving ECC/GRC/ related issues using Solution Manager 7.2, HPSM and Remedy Ticketing tools.
Educational Qualification
B.Tech. (ECE) from JNT University Anantapur in 2012. Current company Name: Ekodus
SAP & Internal Audit Experience
Client Internal
Role SAP Security & GRC consultant and Internal Auditor Duration June 2023 – Till Date
Team Size 9
Role and Responsibilities:
User management: Raising GRC request for User’s new access, Change access, Reactivation, Deactivation, Unlock and for role addition & removal.
Knowledge in raising GRC request using Access request, Copy request and Model user request for single and multiple users.
Maintaining some user defined parameters and password maintenance.
Locking and changing the validity date for the expired users.
Worked with security related tables such as AGR* and USR* etc.
Role management: Working on role creations, modifications and transport of single, derived, composite and business roles.
Addition, Removal of Transaction Codes, authorizations, authorization objects and org values by modifying existing roles based upon change request. Page 1
Resolved critical authorization issues. Troubleshoot security/authorization related problems using SU53, ST01, SUIM and STAUTHTRACE.
Updating the role owners and approvers of roles in GRC.
EAM: Fire Fighter administration – raising GRC request for FF access and approving the log reviews for the same. Proficient in FF log review.
Mapped Owners, Firefighters and Controllers using NWBC and Created Mitigation Approvers & Monitors and created mitigating IDs.
On-call support for FF related SCATS on off working hours.
GRC: Performing role level and user level simulation depends on request.
Approving GRC requests in compliance stage with necessary action for populating risks.
Worked in SOD remediation and mitigations.
Supporting ARM in role owner stage and compliance stage. Approving GRC requests through Admin node. Analysis of GRC requests which are stuck in GRC.
Reporting: Daily ticket allotments (Incident/ARMs) in Remedy tool.
Maintaining daily tracker and preparing daily reports.
Presenting monthly SLA report to client.
Working on monthly SOD report and taking necessary action like risk remediation and mitigations.
Review: Involved in half yearly UAR, RAR and Yearly reviews.
Supporting internal and external audit for evidences.
Scheduling background jobs for various activities. Running sync jobs in GRC whenever it required.
Updating GRC system generated notifications in GRC related to GRC request.
ITGC: extensive experience in: IT General Controls across platforms (SAP Application) for following areas:
Change Management
Logical Access Management
Identification of key risks by testing Information Technology General Controls (ITGC)
Testing IT general controls (ITGC) categorized by security, change management, and operations and producing evidence in a Centralized Repository that ensures all necessary evidence is collected and retained per control frequency requirements (Monthly, Quarterly, Reoccurring)
Auditing the controls and send & receive E-Mails from Developer/ Approver / SOX manager for confirmation / discrepancies.
Evidence collection, Ticket Resolution and providing Data for Internal/External Audit.
Documented the test results and worked on remediation plans to turn ineffective/failed controls into effective control.
Company Name: Deloitte
SAP Experience
Client Internal
Role SAP Security and GRC Consultant
Duration April 2022 – May 2023
Team Size 10
Page 2
Role and Responsibilities:
ARM: Raising GRC request for users new access, Change access, Reactivation, user unlock and for role addition & removal.
Knowledge in raising GRC request using Access request, Copy request and Model user request.
Performing role level and user level simulation depends on request.
Addition, Removal of Transaction Codes, authorizations, authorization objects by modifying existing roles based upon change request.
ARA: Knowledge of ARA for risk analysis and generating reports.
Running the risk analysis on Role Level & User level by scheduling background jobs.
Review: Involved in half yearly UAR, RAR and Yearly reviews.
EAM: Fire Fighter administration – approving Fire Fighter IDs through GRC request at compliance stage.
Proficient in FF log review.
ECC/ S4 HANA: Resolved critical authorization issues. Troubleshoot security/authorization related problems using SU53, ST01 and SUIM.
Created Mass number of Users using transaction SU10.
Editing and adjusting all the Parent and child roles as per the requirement.
Performed Mass role generation using transaction SUPC.
Resetting Passwords for users and intimating password policy.
Worked with security related tables such as AGR_TCODES, AGR_USER, and AGR_DEFINE etc.
Supporting internal audit for evidences.
Have knowledge on role creation and transport.
Reports: Providing wrong mitigation control data to the client as monthly activity.
Daily ticket allotments (Incident/Catalog and ARMs) in Remedy tool.
Maintaining daily tracker and preparing daily reports.
Worked on raising OSS messages in SAP Support portal and implementing the SAP notes provided by SAP.
Worked on Expert Chat with SAP team through SAP Support portal.
Supporting internal audit for evidences.
Client V2M Technologies/Sony
Role SAP Security & GRC Consultant
Duration April 2018 – March 2022
Team Size 5
Sony India Software Centre Private Limited (SISCPL) was set up as a subsidiary of Sony India in the year 1997. Primarily set-up to drive embedded software development, application development, and support, it has been offering cost-effective, high-quality solutions to Sony Group of Companies, worldwide. It has been providing development and support of technology platforms and solutions for Sony globally and is also envisioned to grow as Sony's Global Competency Centre for Product Engineering and IT Solutions Development. Page 3
Role and Responsibilities:
SOLMAN 7.2 Implementation (Role Design)
Involved in Migration activities from SOLMAN 7.1 to SOLMAN 7.2
Creating Business Partner ids to users
Created business roles based on projects.
Role transport using charm tool.
Extensively worked on User administration (SU01) activities.
Worked on Mass User maintenance.
Worked on Master/Derived role creations.
Worked on transport management of roles from Development to Production Server.
Importing the transports to Unit testing Client from development Client.
Extensive experience on SAP authorization management and restricting the user authorizations in various levels.
Authorization investigations - Analyzing and resolving missing authorization.
Created User Groups for user administration and restricting users.
Worked on Admin Change, Urgent Change, Normal Change. Company Name: KGPCo
SAP Experience
Client Linde
Role SAP Security consultant
Duration October 2017 – March 2018
Team Size 8
Linde India Limited, formerly BOC India Limited, is a member of The Linde Group and the leading industrial gases company in India. Combining The Linde Group’s advanced technology, our deep understanding of our customers’ businesses and strong local expertise in gases and engineering, we can provide tailor-made solutions that help our customers to increase efficiency, productivity, and flexibility in their operations, while reducing energy costs and safeguarding the environment. Role and Responsibilities:
Worked on creating, changing, deleting, locking/Unlocking users.
Worked on Role administration.
Worked on extracting reports using User/Role related tables.
Worked with security related tables such as AGR_TCODES, AGR_USER, and AGR_DEFINE etc.
Coordinating with GRC team for new role uploads, role approver mapping and changes.
Involved in User group clean up.
Troubleshoot security/authorization related problems using SU53, ST01 and SUIM.
Handling tickets using HPSM ticketing tool.
Page 4
Page 5
Contact this candidate