Sap Security 4 Hana
Resume:
MATTHEW K. OTWELL
**** ******** **. ******, *****, 75033
Cellular 214-***-****
*******@**********.***
SUMMARY OF QUALIFICATIONS
A Senior SAP Security and GRC consultant specializing in the architecture and implementation of regulatory-compliant security and authorization concepts, concentrating on SAP security architecture and performance, and SAP functional support. Current experience includes ten complete global S/4 HANA/ECC implementations and nine GRC implementations with an in-depth practical understanding of SD, MM, FI/CO, and PM modules.
Experience implementing and supporting technical and functional aspects of SAP security and authorizations for all components, including SAP S/4 HANA, ECC, Fiori, SuccessFactors, GRC 12/10x, SRM, SCM, BI, and BPC.
Education
Texas Tech University, Lubbock, Texas – Bachelor of Business Administration – Management Information Systems
TECHNICAL AND PROFESSIONAL SKILLS OVERVIEW
Years of Experience
26 Years SAP Experience
26 Years of SAP Security Experience
10 Full Cycle SAP Implementations
9 Full Cycle GRC 10/10.1 Implementations
22 Years of Project Team Experience
6 Years of Management and Leadership Link Enabling (ALE)
SAP Module Solutions
Business Intelligence (BI)
Customer Relationship Management (CRM)
Finance and Controlling (FI/CO)
Human Capital Management (HCM)
Materials Management (MM)
Warehouse Management (WM)
Plant Maintenance (PM)
Product Lifecycle Management (PLM)
Production Planning (PP)
Quality Management (QM)
Sales and Distribution (SD)
Supplier Relationship Management (SRM)
Supply Chain Management (SCM)
SAP - Enterprise Portal
EP 6.0, 7.0
Strategy, Design, and Implementation
User Admin: UME, Groups, Roles, Security
Content: iViews, Pages, Content Management
System: Transports, Monitoring
SAP Systems
CPGRC (Control Panel GRC)
S/4 HANA Enterprise Cloud
Ariba Buying & Invoicing/ Commerce Automation/ Contracts
Ariba Commerce Automation
Datasphere Cloud Platform
ECC 6.0, 5.0
SuccessFactors
Fiori
BW 3.5, BI 7.0 & BPC 10.1
CRM / SRM 7.0, 6.0 (SUS and LAC)
SCM 7.0
Solution Manager 7.0, 4.5
Security Solutions
SAP GRC Access Controls 12
SAP Identity Management (IDM)
Central User Administration
Security Weaver
SAP GRC (Virsa) Access Controls
GRC 12, 10.1, 10.0, 5.3
12/10.x Solutions: ARA, ARM, EAM, BRM
5.3 Solutions: RAR, CUP, SPM, ERM
Regulatory and Compliance Expertise
Sarbanes Oxley – Audit/Mitigation/Controls
Technical Expertise
Scalable Security Architecture
SOX Compliant Security Design
Workflow Design & Configuration
Security & Access Automation
GRC Rule Set Customization / Configuration
Recruiting
Super Recruiter Award as Ernst & Young Campus Recruiter
OTHER KEY CLIENTS
Tyson Foods – Springdale, Arkansas
Pilgrim's Pride – Pittsburg, Texas
Phillips Petroleum Company (Phillips 66) – Bartlesville, Oklahoma
Texas Instruments (TI) – Dallas, Texas
Fossil Group Inc. – Richardson, Texas
CenterPoint Energy, Inc. – Houston Texas
Exxon/Mobil – Irving, Texas
Celanese – Irving, Texas
Lennox International Inc. – Richardson Texas
Forest City Enterprises – Cleveland, Ohio
Top Golf USA Inc. – Dallas, Texas
Peets Coffee & Tea – Madison, Wisconsin
Reliance Steel & Aluminum – Scottsdale, Arizona
Macy's Inc. – New York, NY
Commercial Metals Company (CMC) – Irving, Texas
Driscoll’s Inc. – Watsonville, California
Electronic Data Systems (EDS) – Plano, Texas
Unilever USA – Englewood Cliffs, New Jersey
Panasonic – Newark, New Jersey
Roche Diagnostics USA – Indianapolis, Indiana
RELATED PROJECT HISTORY DURING EMPLOYMENT
ConocoPhillips, Houston, Texas 5/31/2024 – 2/28/2025
UTRM LEAD nxtGEN ERP (User to Role Mapping for USA)
SAP ECC Global upgrade to S/4 HANA 2024
Initial Mapping for USA workstreams
Identify users and their core access required to perform daily job responsibilities
Managed workstream leads through user-to-role mapping for 7,000 users
Ran SOD Checks and Mitigation
Traveled to BU locations for in-person assistance for SIT 1, MOCK 2, SIT 2, MOCK 3, UAT, CUTOVER, HYPERCARE, & GO-LIVE
Create and load the BU-specific SAP & GEP Roles for USA into the Security Dashboard
SSM Health, St Louis, Missouri 12/26/2021 – 05/2024
SAP Security Lead
SAP Analytics Cloud (SAC), GRC12, S/4 HANA 2022 Upgrade & Ariba Supplier Lifecycle and Performance
Coordinated with the SAP America Team to gain Capital Project Approval for SAP S4 Governance Risk and Compliance (GRC). Our team was approved and awarded the project in January 2024.
SAP Ariba Supplier Lifecycle & Performance Integration
SAP SAC & FIORI Security Support & Provisioning
Liaison between Deloitte IT Audit and SSM Security Team
Control Testing and Design
Developer Support Role Design and Analysis
FIORI Catalog, Group, & Role Creation
DAWN FOODS, Jackson, Michigan 4/1/2019 – 10/31/21
SAP Security Lead
GRC 10.1 – 12.0 GRC Program Design Partner
Founded GRC Governance Team
Founded GRC Steering Committee
Advised Executive Sponsors
Compliance with IT General Controls (ITGC)
Ruleset Maintenance and Change Management Processes and Impact Analysis
Facilitation of violation review procedures and annual review of rulesets with Ruleset Owners
User-provisioning oversight and change management.
Role maintenance and change management.
Compliance with role maintenance controls and guiding principles
Compliance with access management controls (role ownership) and security standards
Regulatory Timely completion and accuracy of access review procedures
Configuration and workflow maintenance
Monitor, track, and report GRC tool maintenance.
Avantor/ NuSil 8/1/2021 – 12/31/2022
SAP Security Lead
NS2 National Security Services ITAR Environment/ SAP Analytics Cloud (SAC) and in S/4 HANA/Governance, Risk and Compliance Access Control 12.0
GRC AC 12.0 - S/4HANA
S/4 FIORI Architecture Alignment
GRC AC Architecture Alignment
SAP Security Architecture & Naming Convention Document
Security Requirements for workstreams.
GRC workflow design requirements
Business Partner requirements
MICROSOFT April 2019 to May 2020
SAP Security Team
GRC 12.0 Upgrade/Fiori/ S4 HANA/Portal
Configure SAP GRC Access Control 12.0 Upgrade
Architecture Assessment
Infrastructure Assessment
Security and Compliance Assessment
Requirements
Blueprint- GRC/IDM/Sec Design
Blueprint - SoD Monitoring (Prev and Detective)
Test (System/Int/UAT)- GRC/Sec Design
SOD Monitoring and Prevention
Training and Readiness
BOEING, Bellevue, Washington June 2018 to April 2019
SAP Security Team
GRC 12.0 Implementation
Project Management
Realization Design for Business Role and Job Mapping
Process Design
Role Builds for ECC, BW, S4 Hana
Regression Testing
Mock 1,2,3 & UAT Testing
Knowledge Transfer Sessions
GRC RAR 12.0 SOD Testing and Pre-Go Live Controls Prep
HR/PII – Information & GRC Triggers
GRC/SPM Configuration
CHARM & SAP Portal
DAWN FOODS, Jackson, Michigan July 2016 to December 2017
SAP Security Lead
GRC 10.1 Implementation/Fiori/ S4 HANA/Portal
HANA/ BI Security – Configured
oStandard
oTechnical
oRestricted Users
oSystem, Object, Analytic, and Package Privileges
oCatalog (Run Time) and Repository Roles (Design Time)
oActivating Audit Policy (License Check)
oHana Admin Tasks
oDesign of roles & authorizations
oImplemented a security framework and role matrix for the SAP/ HANA Enterprise platform.
oSAP Hana Studio
Configure SAP GRC Access Control 10.1
Emergency Access Management (EAM) Pre-Implementation
oDefault Parameter Configuration
oSetting up Emergency Access Roles
oMaintaining Time Zones
oMaintaining Owners
ARTHREX, Fort Myers, Florida January 2016 to June 2016
SAP Security Team
Security Redesign
GRC 10.1
Establish reporting metrics.
Review/approve changes to the SOD framework.
Review/approve changes to the Security Design.
Establish business-sensitive criteria.
Establish and review existing policies and procedures for adequacy.
Review mitigating controls for appropriateness and controls test effectiveness
Establish quantification guidelines for SOX-relevant entities.
GRC - This new capability build project was to implement the Governance Risk Compliance (GRC) tool from the SAP suite of products to perform the below services.
Control Point
Governance - A defined governance structure for security design/GRC support was outlined and created.
INTEL/ MCAFEE, Plano, Texas January 2015 to December 2015
SAP Security Team
Restricting Federal Entity - Integration activities, a new legal entity will be created within SAP systems for the Federal government.
Scoping the affected data will allow the business and IT support teams to reduce effort in analyzing the landscape for retrofit development and process changes.
oLogical access controls only.
oLogical access controls in conjunction with data obfuscation
oParallel processing
Nationality
Points of Access
Process Changes
SAP Conversion Services
Incident Management
oProblem Management
oChange Management
oRequest Fulfillment
oEvent Monitoring
oServices and Application
TREEHOUSE FOODS Chicago, Illinois September 2014 to December 2014
SAP Security Team
Documenting process streams in Swim Lanes
Security requirements for PLM and Solution Manager
Testing security roles for their respective areas
Coordinate the integration testing of security roles
Coordinate with key business stakeholders on end-user IDs and role assignments in preparation for Go Live
AVAYA, Coppell, Texas October 2013 to August 2014
SAP Security Process Lead
SOX IT Process Control Lead
Accountable for maintaining an effective control environment for their respective processes
Develop and maintain process documentation
Implement documented remediation plans.
Document our control structure.
Record test results
Record Issues & Action Items
SAP Portfolio Management & Cross Application Time Sheets Security Design
Authorization analysis
Job Roles design & development
Testing
Deployment
TXUE, Irving, Texas June 2013 to October 2013
SAP Security Lead
IT Risk, Process Control Design, Security, & Compliance
Sarbanes-Oxley Act (SOX) about SAP/ECC & GRC10
SAP Security IT General Computing Controls framework
SAP Security & GRC 10 objectives, goals, policies, standards, guidelines
SAP Security Compliance Program external compliance requirements
Company-wide security awareness and education programs
Supported Internal Audit activities and remediation requirements.
UNILEVER, Englewood Cliffs, New Jersey February 2013 to June 2013
SAP Security Team
SOD Resolution for SOX VP
Conducted Security Assessment
GRC 5.3 Process Evaluation
GRC 10 Upgrade
MCAFEE, Plano, Texas July 2012 to January 2013
SAP Security Team
FI/SD 46C upgrade to ECC 6.0
CRM 4.0 upgrade to CRM 7.0
Process Control Design
Approved One Process Changes
Verification of landscape to ensure SOX compliance.
Resolution for UAT Defects
Review of business roles for new objects
SU25 Syncs
USOBT_C comparison with PRD/CMP
Transaction to Role Assignments FIQ/MHQ to PRD/CMP
Object/Values to Role Assignments FIQ/MHQ to PRD/CMP
Designed and Implemented Security Risk Assessment for COE
DELEK US HOLDINGS, Nashville, Tennessee June 2012 to December 2012
SAP Security Lead
GRC 5.3 SOD Resolution to SOX VP
Review Ernst & Young to conduct an assessment related to SAP Security
SOD Resolution through Security Reengineering & Process Control Design
Project Management to US-based and Off-Shore teams
Role Builds for ECC6.0
GRC 5.3 Analysis & Rulesets
PEPSICO, Plano, Texas April 2010 to June 2012
SAP Security Lead
Management
Realization Design for Business Role and Job Mapping
Process Design
Role Builds for ECC 6.0, CE, BI, & SEM
Regression Testing
Mock 1,2,3 & UAT Testing
Knowledge Transfer Sessions
GRC RAR 5.3 SOD Testing and Pre-Go Live Controls Prep
HR/PII – Information & GRC Triggers
GRC/SPM Configuration 5.3
CHARM & SAP Portal
CAP GEMINI/ USIS/Altegrity, Falls Church, Virginia July 2009 to January 2010
SAP Security Lead
HCM Security & Process Control Design
Personnel Administration
Organization Management
Travel Management
ESS/ MSS
Benefits
Payroll
Time Management
GRC 5.3 Configuration
SMITH & NEPHEW, Memphis, Tennessee September 2007 to December 2008
SAP Security Lead
GRC upgrade from VIRSA 4.0 to SAP Access Controls 5.2
SAP Re-Architecture
HR Process Control Design for MSS/ESS
BW 7.0 Architecture Design and rollout
Project Scoping & Planning
Blueprint
Building and Unit Testing
Integration Testing
Live and Support
GRC upgrade from VIRSA 4.0 to SAP Access Controls 5.2
Access Enforcer 5.2
Compliance Calibrator 5.2
Fire Fighter 5.2
Role Expert 5.2
ECC 6.0 Security Re-Architecture
VERIZON, Richardson, Texas August 2007 to December 2007
Interim Global Security Administrator
Gather role requirements for ECC 6.0, XI 7.0, SRM 5.0, & Portal 7.0 Implementation.
Designed ECC6.0 Global Security Architecture
BW 3.0 upgrade to BI 7.0 & migration
BW 7.0 Naming Convention and Architecture Design
Approva SOD analysis and resolution
SILICON LABORATORIES, INC, Austin, Texas February 2007 to September 2007
Interim Global Security Administrator and Audit Manager
Security Team lead interfacing with/ External Auditors
Performed Forensic Audits around the security team to ensure they are performing best practice processes and following company policy.
Installed Virsa Compliance Calibrator & Firefighter Version 5.2
Assisting with Segregation of Duties Analysis, development, and implementation to remove the conflicting access within SAP R/3 & Interfaces using Virsa Compliance Calibrator
Audit Remediation tasks
Developed Global Policies & Procedures
Defined Security Key Controls and process Design
AMS - Incident Management
oProblem Management
oChange Management
oRequest Fulfillment
oEvent Monitoring
oServices and Application
MCAFEE, Plano, Texas April 2006 to February 2007
Interim Global Security Administrator
HCM (Human Capital Management) – Developed the security roles associated with MSS (Manager Self Service) and ESS (Employee Self Service) in the areas of Open Enrollment, Time Reporting, Personnel Requisition Forms (PRFs), and Personnel Action Forms (PAFs)
Developed the security roles associated with HTCM (High Tech Channel Management)
Developed additional security roles for extended R/3 functionality in the FI, CO, MM, and SD modules. Established the test User IDs and supported complete testing and remediation of all associated security roles. Performed portal security administration related to the ESS/MSS portal. Coordinated work effort with project team members in the US, the UK, and India
Approved implementation and rule book design in coordination with the business and Approva leadership
EDS – ERNST & YOUNG, Plano, Texas October 2005 to April 2006
Senior Manager
Assisting with Segregation of Duties Analysis, development, and implementation to remove the conflicting access within SAP R/3 & Interfaces using Virsa Compliance Calibrator
Assisting with testing change control and other custom processes
Performing Forensic Audits around the security team to ensure they perform best practice processes and follow company policy.
ERICSSON, Plano, Texas June 2005 to October 2005
SAP Global Security Remediation PM
SAP Security Implementation
Process Control Design
Role Definition
Mapped User to Roles
Transactions and End-Users
SOD Resolution
Organization and Field-Level Value Selection
Non-Organization and Field Level Value Selection
Address Critical High-Risk Transactions
Cutover & Support
Rewriting Policies, Procedures, and monitoring Documents for Global Security
Assisted in the Segregation of Duties Analysis, Development, and Implementation to remove the conflicting access within the SAP R/3 4.0B environment.
Worked with Basis Administration, Tech Development, and Security Teams in facilitation of meetings to reach deadlines and new approaches to remove the Audit Findings of PWC
Performed Security Support
CENTER POINT ENERGY, Houston, Texas April 2005 to May 2005
SAP/R3 Business Warehouse Model PM
Define SAP security requirements and goals.
Extract and categorize existing roles and authorizations from the SAP R/3 transactional system.
Document the existing transactional security structure in matrix form
Extract and categorize current roles and authorizations in the BW data warehouse system.
Document the existing BW security structure in matrix form
Analysis and Development
Identification of potential Sarbanes-Oxley (SOX) segregation of duties issues
Document an alternative transactional security model for SOX compliance
Acquire client/auditor approval of future transactional security model.
Match the transactional security model to the business warehouse security structure.
Document future state business warehouse security structure
Assess cultural impact on the future security structure.
Deployment Planning
Work with CNP to develop a cultural approach to deploying the new structure.
Develop and document a plan to deploy the new security structure.
Assess and document resource requirements for deployment.
MCAFEE, Plano, Texas July 2004 to April 2005
SAP Global Security Remediation PM
Sarbanes Oxley (SOX)
Key Responsibilities
SAP Security Admin Policies & Procedures
Detective and Design initiatives using the SAP RBE Tool
Only Authorized users were able to schedule, delete, execute, and manage Batch Jobs & BDC Sessions
Install and test Application Security around Composite Roles and Simple Profiles
Manage Problem & Incidents
Restriction of Access to Security Authorization Objects and Security Transactions
Monitoring of RSAPARAM
Unauthorized users at the Database Level
Super User Group Access
Fire-Call
Four significant categories were defined for compliance with the PCAOB within these different areas.
Program Development
Change Control
Computer Operations
Logical Access
DUPONT, Wilmington, Delaware
SAP Security Team July 2001 to July 2004
Security Redesign, External Audit Findings
Security Implementation: Role Definition, User Mapping, Analysis of Users to Roles & with Transactions and End-users, SOD Identification & Resolution, Organization and Field Level Value Selection, Non-Organization and Field Level Value Selection, Address Critical, TMA & High-Risk Transactions, Build, Test, & Cutover & Support
Rewriting Policies, Procedures, and monitoring Documents for Global Security
Assisted in the Segregation of Duties Analysis, Development, and Implementation to remove the conflicting access within the SAP R/3 4.0B environment.
Worked with Basis Administration, Tech Development, and Security Teams in facilitation of meetings to reach deadlines and new approaches to remove the Audit Findings of PWC
Production Support
Performed system trace to architect proper security for Dialogue and Non-Dialogue users.
Provided APO Security analysis, maintenance, and support for the 4.0 upgrade.
Developed customized reports in MS Access to document security roles.
Contact this candidate