Sap Security Risk Management
Resume:
Sujala Yadavakunta
SAP Security & GRC Consultant
Full legal name
Sujala Yadavakunta
Location
Seattle, WA
****.********@*****.***
Contact number
LinkedIn URL
www.linkedin.com/in/sujala-yadaavkunta-1b4b00211
Bachelors / Masters (College, Stream, Location)
Bachelor of Technology (ECE) from J.N.T.U University, India 2005-2009.
PROFESSIONAL SUMMARY
Results-driven SAP Security and GRC (Governance, Risk, and Compliance) Consultant with 13 years of experience in designing, implementing, and managing security frameworks across SAP landscapes. Expertise in SAP GRC Access Control, Process Control, Role Design, Risk Management, Audit Compliance, and SOX, GDPR, HIPAA, and PCI DSS regulatory standards. Proven ability to lead security transformations, enforce least privilege access models, and mitigate SOD (Segregation of Duties) risks through proactive risk analysis and remediation. Skilled in integrating SAP security with IAM solutions, streamlining access governance, and ensuring compliance with organizational and regulatory mandates.
TECHNICAL SKILLS:
SAP: ECC R/3 Security, S/4 Fiori Security, BI/BW Security
GRC: Access Control & Process Control, Risk management & Compliance
Security & Compliance: GDPR, HIPAA, SOX, PCI DSS, ISO 27001, ITGC
GRC Platforms: SAP GRC, RSA Archer
Cloud Applications: BTP security IAG
Identity Access Management (IDAM): IAS, IPS, IAG, OKTA
ITGC Controls: Access Controls, Change Management
Tools: IT ServiceNow, BMC Remedy, CSI SOX, Cloud Connector, SAP GUI 7.7, OKTA IAM tool, CHARM, OSS Support
PROFESSIONAL EXPERIENCE:
SAP:
Experienced in working Go-Live, Post Go-Live, and Production Support projects.
Managed SAP ECC user provisioning, role assignments, and access terminations.
Designed SAP security roles Single, Composite, Master & Derived roles for business modules FI, MM, SD, HR, PP, BW, CRM. Interfaced extensively with clients to gain insight and develop solutions to meet customer business needs across the entire SAP landscape.
Enforced least privileged access by restrictive roles and transactions based on business needs.
Worked with profile generator (PFCG) in creating roles, profiles, composite roles, composite profiles, derived roles, and global roles.
Very good knowledge of producing and analyzing reports in SAP using SUIM, and security related tables (AGR*, USR*, etc.)
Having experience in Rollout of SAP ERP
Experienced in SAP HR Security and SAP BW Security (Analysis authorizations)
Handled mass user creation and role assignments using by using automation scripting methods.
Moving transport requests from development to quality systems and performing approval in quality system.
Troubleshot the authorization issues in Implementation, GO-Live, Post Go live and Hypercare.
Designed and implemented custom authorization objects to enforce security controls.
Developed and documented role matrix for different SAP user profiles.
Designed Fiori security architecture for SAP S/4HANA Greenfield implementations.
Configured Fiori Launchpad roles, catalogs, groups, spaces, and pages.
Trouble shooting Fiori issues using USOBHASH table, IWFND_GW_Client, IWFND_ERROR_LOG
Worked on ODATA services TADIR services both for IWSG and IWSV.
GRC:
Having experience in implementing and managing SAP GRC Access Control solutions (ARA, ARM, BRM, EAM).
Extensive expertise in SOD conflict analysis, access provisioning automation, emergency access management, and audit compliance.
Configured GRC Access Risk Analysis (ARA) module to detect SOD conflicts.
Defined and maintained GRC rulesets for ECC, S/4HANA.
Conducted SOD analysis for users, roles, and profiles to identify and remediate risks.
Configured GRC ARM workflows for automated user provisioning & de-provisioning.
Designed and implemented GRC Business Role Management (BRM) for role lifecycle governance.
Automated role assignment workflows with dynamic role approvals.
Configured Emergency Access Management (EAM) for Firefighter ID request and logging.
Assigned Firefighter roles based on business-critical needs with proper monitoring.
Implemented firefighter access reviews (FF Log Reviews) for audit compliance.
Conducted periodic access reviews (UARs) and SOD Reviews
Configured GRC mitigating controls and risk remediation workflows
Configured Regulations, Control Objectives and Risk Catalogs.
Check the export compliance setup flags ITAR, EMEA, TC1, TC2, TC0 and TC00 for users and make sure that the users need security flags before raising GRC requests.
Working on Security regulations SOX, GDPR and knowledge on HIPAA, PCI-DSS and compliance reports for audits and internal reviews.
Maintain Users logon Parameters and password parameters by using RZ10.
Configuring Enterprise organizational unit, Business process and Sub process Controls and Regulations.
Run Risk analysis for users based on user level and role level and check the mitigation of risks.
Expertise in SAP GRC process Control (PC) configuration, automation and monitoring for compliance and risk management.
Implemented SAP GRC Process Control (PC) for real-time compliance monitoring.
Created and managed Data Sources & business rules for continuous control monitoring (CCMS).
Defined and maintained business processes, risks, and control catalogs in SAP GRC PC.
Configured Ad-hoc Issue management and Policy management.
Configured control self-assessments (CSA) and surveys for compliance tracking.
Designed management workflows for approvals, escalations, and remediation by using Custom determination Agent rules.
AUDIT:
Experience in implementing legal and regulatory related to SAP security SOX (session 404) and GDPR standards.
Identify inactive, redundant, or unauthorized user accounts and take corrective action.
Verify that users follow the least privilege principle to prevent excessive access
Ensure that users have appropriate business-role-based access and remove unnecessary permissions.
Validate Firefighter ID usage and activity tracking using SAP GRC EAM.
Generate and review security audit reports (SOD conflicts, role assignments, Firefighter usage).
Document and track security incidents, risk assessments, and remediation actions.
Conduct security awareness training for SAP users and administrators.
BTP Security IAG:
Strong experience in SAP Identity Authentication (IAS) & Identity Provisioning (IPS) for user lifecycle management
Skilled in configuring SAP IAG for access control, risk analysis, and role governance across cloud and on-premises SAP landscapes.
Applied OAuth 2.0, SAML and OpenID Connect protocols for secure authentication.
Configured custom role Collections & policies in SAP BTP cockpit to enforce least privilege access.
Job Scheduling and Monitoring for IAG Provisioning.
OKTA IAM:
Designed and implemented, various Identity and Access Management (IAM) solutions
Implemented Okta Lifecycle management (LCM) for automated user provisioning and deprovisioning.
Designed and implemented OKTA IAM Solutions for User authentication, authorization and access policies.
Review and adjust existing IAM processes (provisioning, de-provisioning, re-certifications, etc..) to ensure that they are aligned with industry’s best practices.
Assist in problem resolution for Identity Management infrastructure and integrated applications when necessary
Expertise in OKTA Provisioning, Profile attributes synchronization.
Management of the Identity and Access Management services including Access Management, password management, SSO, Active Directory (AD)and authentication.
Experience in administrating OKTA and providing support to Okta clients.
Enabled SSO for cloud-based application like Salesforce and Office 365 in OKTA.
Experience in Integration with Okta and worked on MFA using Okta.
Managed day-to-day activities creating and managing Okta policies and creating and managing Okta applications including SAML, OAUTH (OPEN ID) and SWA applications.
Experienced in Direct integration with Okta with AZURE Active Directory (AD)
Monitor login activity and detect suspicious behavior using OKTA Identity threat protection.
Lenora Systems, Redmond, WA. December2024 – Present
Role: SAP Security, GRC & S4 Hana Consultant
Project#1
Client: CORVIAS
Description:
Corvias is a company that works with the Department of Defense and higher education institutions to create long-term solutions for infrastructure and energy resiliency. Corvias includes Military housing, higher education, Energy resiliency and Resiliency projects. Corvias' approach to design, construction, and renovation is integrated, and they start by understanding a client's strategic goals and priorities.
Responsibilities:
I am currently working as SAP Security administrator for SAP Security project.
Responsible for support for all SAP systems in client landscape (ECC, BI, GRC Access control, SNC, GRC Process Control, CHARM, BTP, SAP Portal, Fiori, Gateway).
Responsible for all SAP security related tasks such as user administration, role administration, monthly licensing reporting, user access review, troubleshooting authorization and SAP access issues.
Working on SAP Cloud BTP applications.
Conduct workshop with the client to gather requirements for SAP GRC 12.0 including Fiori interface.
Preparation of solution design document (Blueprint) for ARA, BRM, EAM and ARM
Integrate GRC with various SAP systems including ECC, HANA, CRM, SRM, BW, Solution Manager, Fiori
Gateway, BPC, portals for User provisioning and LDAP group provisioning through GRC
Integrated GRC 12.0 with ECC, HANA, CRM, SRM, BW, Solution Manager, Win shuttle (EAM), Fiori Gateway
for EAM
Integrated GRC to ECC, HANA, CRM, SRM, BW, Solution Manager, Fiori Gateway for Access risk analysis
Configured and maintained Access Risk Analysis (ARA), Emergency Access Management (EAM), Business Role Management (BRM), and Access Request Management (ARM) in GRC 10.1/12.0
Designed and implemented SAP security roles and authorization concepts across multiple SAP modules (ECC, S/4HANA, BW, GRC, Fiori, etc.
Created users in SAP BTP platform and assigned required role collections to users.
Check the license subscription of subaccounts and raised service request to SAP team and maintained the subscriptions of BTP production subaccounts.
Creation of Subaccounts and Implementation of IAS, IPS and IAG.
Implemented SAP GRC Access Control 10.1/12.0 for role-based access management, ensuring compliance with SOX and internal security policies
Checking the connection between BTP subaccounts and IAS, IPS and IAG.
Creating Rule sets, Risks and maintaining Synchronization jobs in Identical Access Governance (IAG).
Maintain the synchronization between BTP platform and IAS and IAG in Users and Roles Responsibilities.
Expertise in OKTA Provisioning, SSO and MFA.
Integrated SAP GRC with Identity Management (IDM) and Single Sign-On (SSO) solutions to enhance authentication and user provisioning
Provide guidance and support for management of non-human accounts
Responsible for creation of role-based access policies & risk profiles for associated applications.
Management of the Identity and Access Management services including, Access Management, password management, SSO, Active Directory (AD)and authentication.
Experience in administrating OKTA and providing support to Okta clients.
Enabled SSO for cloud-based application like Salesforce and Office 365 in OKTA.
Experience in Integration with Okta and worked on MFA using Okta.
DXC Technology, INDIA Sep’2022 – May’2024
Role: Professional Application Designer
Client: PIMLICO
Project: 1FG
Description:
Pamlico is the integrated agribusiness and food subsidiary of the Aboitiz Group. Well-positioned at the beginning of the food value chain, we are fully committed to becoming a total solutions provider consistently and continually delivering operational and business excellence.
Pamlico is comprised of four divisions: Flour, Feeds, Farms, and Commodity Solutions; enabling growth to its partners through its consistent quality products and unparalleled supporting services. Armed with our mission of feeding humanity, they aim to take a leadership position in innovating the food value chain in Asia Pacific.
Responsibilities:
• Working on S/4 Fiori implementation authorization matrix Working on Greenfield implementation.
• Working on defects which are encountered in UAT in different modules.
Working on creation of Catalogs, Groups, Spaces, Pages and Sections by using Fiori Launchpad designer.
Working with codes Catalog Content Manager and Catalog Aggregator.
• Working on adding Tiles/Apps to Catalog, group and pages and processed roles from Development to quality in different modules.
• Trouble shooting on test user ids with system trace and assign required access and do necessary changes as per defects.
• Using CHARM process to move the TRs and TOC.
• Maintain the authorization matrix as per work stream/Group, Catalog details.
• Working with S/4 HANA Fiori library for apps.
• Working on Single roles, Composite roles, Master and derived roles.
• Worked in Go-live, post Go-Live activities, Hypercare activities and End user Training and Documentation.
Wipro Technologies, INDIA Apr’2022 – Sep’2022
Role: Techno Functional Consultant
Client: DSM
Project Name: RDSM
Description:
DSM, part of dsm-firmenich, is a global, purpose-led leader in health and nutrition, applying bioscience to improve the health of people, animals, and the planet. DSM’s purpose is to create brighter lives for all which we achieve through developing products and solutions that address some of the world’s biggest challenges while simultaneously creating economic, environmental, and societal value.
DSM's five business groups are clustered according to product and market combinations, with the business group directors reporting directly to the Managing Board. Since 2015, DSM's activities have been grouped into three clusters: Nutrition, Materials and Innovation Center.
Responsibilities:
• Creating users and setting user expiry date, assigning Roles, Creation of Role and changing the authorization data of Role, Resolving the authorization failures.
• Creating customizing requests and changing the owner of the request, importing requests into target system by using CHARM.
• Designed firefighter access and emergency access management (EAM) workflows in SAP GRC 12.0 for privileged access control
• Worked on Role administration like creating, modifying, deleting, and transporting roles.
• Resolved many authorization issues by analyzing the missing authorizations and suggesting roles accordingly.
• Raised GRC access request based on requirement for users, in new account, Change account, FFID request, termination request
• Run Risk analysis for users and try to mitigate the risks to remove and add roles to users and send for approvals.
• Checking fresh desk requests every day and trying to follow the GRC access requests with user managers and respective role owners.
• And check the export compliance setting up flags for users and make sure that the users need security flags before raising GRC request.
• User administration like creating, changing, locking/unlocking the users, reset passwords, assigning the roles to users in production as per the requirement.
• Check the business role for users and create multiple access requests by using the program.
• Worked on user information system (SUIM) to execute different reports while analyzing any authorizations issues to the users.
• Provide access to SAP default users and maintained credentials in secured area for OSS support.
• Subject Matter Expert for all SAP Security and SAP GRC.
• Performed Post Installation and Configuration activities in GRC Access Controls 10.1.
• Configured the GRC Access controls 10.1 Access Risk Analysis (ARA), Emergency Access management (EAM) and Access Request management (ARM) modules.
• Integrated GRC Access Control to SAP ECC, BW, PI and Solution Manager Systems.
• Implemented MSMP Workflows for Access Request Approval, Mitigation Control Maintenance, Firefighter Log Report Review.
• Developed custom workflow components using Business Rules Framework (BRF+) tool.
• Configured custom notification messages based on the business flows.
• Prepared GRC Access Control training manuals and trained End Users and Approvers.
• Prepared Unit Test & Integration test plans and test scripts and executed for SAP Security changes and GRC AC 10.1.
• Administration of Portlets, tile browsers, Troubleshooting with Proxy.
• Designed and implemented SAP Security Strategy for clients.
• Designed and wrote implementation strategy for SAP GRC AC10.1.
• Implemented technical roles in ECC, Biller Direct, Solman, SuccessFactors, BW, PI, BOBJ, BODS, BPC, GRC, FIORI.
• Implemented security roles for BW modules.
• Implemented and maintained CUA via solution manager (Solman).
• SAP ECC Profile Generator (single roles, master / derived roles, composite roles).
• SAP Enterprise Portal (EP) UME administration.
• Established and implemented Internal controls and segregation of duty concepts within SAP applications.
• Performed SAP Security related task such as Security Audits, SOX (Sarbanes Oxley) Compliance.
• Assist/Reports weekly/Monthly/Quarterly reports and support for both Internal Auditors.
INFOSYS Pvt Ltd, INDIA Apr’ 2017 – Apr’ 2022
Role: Consultant
Client –CYTEC March 2020 - April 2022
Project Name: SOLVAY(CYTEC)
Description:
Solvay is a chemical manufacturing company whose technologies bring benefits to many aspects of daily life. bond with customers and partners to address today and tomorrow’s megatrends. As a global leader in Materials, Chemicals and Solutions, Solvay brings advancements in planes, cars, batteries, smart and medical devices, water, and air treatment, to solve critical industrial, social, and environmental problems.
Responsibilities:
Provided support for ECC, HR and GRC. Resolve Security Tickets within the approved SLAs.
Worked on Role administration like creating, modifying, deleting, and transporting roles.
Resolved many authorization issues by analyzing the missing authorizations and suggesting roles accordingly.
Raised GRC access request based on requirement for users, in new account, Change account, FFID request, termination request
Run Risk analysis for users and try to mitigate the risks to remove and add roles to users and send for approvals.
Checking fresh desk requests every day and trying to follow the GRC access requests with user managers and respective role owners and checking the export compliance setup flags for users and making sure that the users need security flags before raising GRC request.
User administration like creating, changing, locking/unlocking the users, reset passwords, assigning the roles to users in production as per the requirement.
Check the business role for users and create multiple access requests by using the program.
Worked on user information system (SUIM) to execute different reports while analyzing any authorizations issues to the users.
Provide access to SAP default users and maintained credentials in secured areas for OSS support.
Designed Firefighter roles, business roles, (support services) for business area SD, PP, PM, MM and CRM. Maintaining, Creating, modifying existing roles (Single, Composite and Derived) for project team.
Expertise in SAP Security and Authorizations which includes User Management, User Administration, Monitoring, and User Tracing (ST01).
Support Basis team for user master export and import, lock mass user during systems maintenance.
Implementation and support for Risk Management and Risk aggregation/heat Map. Custom fields
BW reporting for Access control and process control
Designing of Business rules, Data source to Design and configure Automated rules (Continuous control
monitoring) for e.g. NERC-CIP Revocation using BEX query, Criminal report (Same user should not park
and post for the same document type) using ABAP query, Configuration.
Automated rule designing through BRF+ and through custom program development.
Configuring/maintain master data like Organization/Process/sub-process and its entity role assignment,
Assessments (Test control effectiveness, Sign-off), Multiple regulatory compliance
Integration of Process control with eDMRM, Greenlight RCM (Regulatory compliance management system)
Process control Security design, Workflow configuration (Reminders and escalation)
Performed post installation activities
Master data configuration like Organization/Process/Sub process/control/Regulation/Roles etc.
Implementing SOX/NERC-CIP control and automated control using SAP Query and BEX query
SCE Security admin activity like role design, implementing roles and authorization for on boarding and off
boarding process, user/role provisioning, security issue troubleshooting
Maintain SCE ECMS tool for compliance and integrating it with GRC Process controls
Implementing position-based requests through SAP GRC, HR trigger, Qualification checks
ARQ implementation for SAP as well as non-SAP system using Greenlight RTDS.
Custom rule book design, BRF+ Configuration.
Supporting ECC security, CRM security, BI security roles and maintaining them based on position.
Client –NEWMONT April 2017 - Feb 2020
Project Name: NEWMONT
Project Description:
Newmont is the world’s leading gold company and a producer of copper, silver, zinc, and lead. The Company’s world-class portfolio of assets, prospects and talent is anchored in favourable mining jurisdictions in North America, South America, Australia, and Africa.
Newmont has approximately 31,600[6] employees and contractors worldwide.
Responsibilities:
• Worked with profile generator (PFCG) in creating roles, profiles, composite roles, composite profiles, derived roles, and global roles.
• Created new roles for ECC 6 systems: FI, CO, HR, MM, PP, QM, and SD modules, based on concepts of task roles and position roles.
• Responsible for complete lifecycle, from designing, unit testing, integration testing, user mapping, go-live and post-production support.
• Worked on Role administration like creating, modifying, deleting, and transporting roles by using solution manager.
• Resolved many authorization issues by analyzing the missing authorizations and suggesting roles accordingly.
• Worked on HR security like checking whether the users have unique position or not and assign roles to users as per requirement.
• Worked on creating organization units, positions, jobs using PPOME transaction and assigning roles and users to the respective positions.
• Maintain the relations in PA20.
• Provide structural authorization through PD profile in PO13.
• Assign role in position with transaction PO13
• Moving transport requests from development to quality systems and performing approval in quality system.
• User administration like creating, changing, locking/unlocking the users, reset passwords, assigning the roles to users in production as per the requirement.
• Worked on user information system (SUIM) to execute different reports while analysing any authorizations issues to the users.
• Co-ordinate Functional Unit testing (UT), User Acceptance Testing (UAT) for Roles and authorizations to ensure accuracy and segregation of duties.
Tech Mahindra, INDIA Apr 2011- Mar 2017
Role: Associate Consultant
Client –GENT April 2015 - March 2017
Project Name: ARCELOR MITTAL
Project Description:
Arcelor Mittal is the world’s leading steel and mining company. Guided by a philosophy to produce safe, sustainable steel, it is the leading supplier of quality steel products in all major markets including automotive, construction, household appliances, and packaging. Arcelor Mittal operates in 60 countries and employs about 245,000 people worldwide.
Responsibilities:
• Working Knowledge in SAP Security in Versions SAP R/3 4.7 and ECC 6.0.
• Worked on Role administration like creating, modifying, deleting, and transporting roles.
• Resolved many authorization issues by analyzing the missing authorizations and suggesting roles accordingly.
• Worked on HR security like creating new organization structures or modifying the existing structure.
• Worked on creating organization units, positions, jobs using PPOME transaction and assigning roles and users to the respective positions.
• Moving transport requests from development to quality systems and performing approval in quality system.
• Perform tracing to check the missing authorizations of the user.
• User administration like creating, changing, locking/unlocking the users, reset passwords, assigning the roles to users in production as per the requirement.
• Worked on user information system (SUIM) to execute different reports while analyzing any authorizations issues to the users.
• Monitoring all production systems - Checking updated records, system logs, managing user sessions, checking the work process status, global work process overview.
• Worked on CSI tool (CSI Data translator, Authorization Auditor and Export to Excel) for generating the SOX reports every month.
• Created queries and modified existing queries in CSI tool for generating the SOX reports according to the customer needs.
Client –GE June 2015 - March 2015
Project Name: GE-GAMS-OIL & GAS
Project Description:
GE Oil and Gas Portfolio provides various types of tools for Drilling & Surface, Subsea Systems, Measurements & Controls, Dresser & Wayne, Turbo machinery and Global Services which are used in many Oil and Gas industries. This Portfolio operates with 33000 employees; it has operating in 150 countries with 13 revenues of 35 billion $’s.
Responsibilities:
Creation of the users, Roles, profile maintenance based on ticketing tool in ITSD etc.
Handling security requests raised by users like missing authorizations, new account and Change accounts and role maintenance etc.
Worked on SAP security in GRC 5.3 version
Reports generation for monthly Auditing.
MSMP Configuration and activation, Detour, Escape path configuration
Approver stage level setting, Notification settings, Custom Email notification for various approval in GRC access control Done
Auto Provisioning Setting, CUA Configuration, Service level agreement configured
Password Self Service, User Access Review (UAR) and Segregation of Duties Review (SOD Review)
Implemented.
Client – SSU-EIS Duration: April 2011 - May 2013
Project Name: SHINE&OPTIMA
Project Description:
SHINE (Satyam Human Resources Information Network) is the implementation of SAP HR for Satyam computers services ltd.
Collaboration Projects (C projects) is a cross-industry tool used to plan and monitor development and consultant projects. Collaboration Projects (C Projects) support the product development process from planning through product and process approval to external communication with partners or customers and therefore have a positive influence on project duration and quality. This is a web-based tool which is easy to implement, use and enables project participants to work together.
Responsibilities:
• Creating users and setting user expiry date, assigning Roles, Creation of Role and changing the authorization data of Role, Resolving the authorization failures.
• Creating customizing requests and workbench requests and changing the owner of the request, importing requests into target system. Transporting the roles from one system to another, monitoring the transport logs.
• Monitoring high availability of servers
• Maintenance of backups (Offline and Online)
• Reports generation for audits
Certifications:
C_GRCAC_13: SAP Certified Application Associate - SAP Access Control 12.0
Udemy Training certifications
Personal Details
Current Adress: 14675 NE32nd ST C 201, Bellevue, WA.98007
Visa: H1B
Passport: U7564769
Contact this candidate