Sap Security 4 Hana
Resume:
Role: SAP Security/GRC Consultant (S/* HANA & GRC)
G Sankethu Babu +1-940-***-**** : ***************@*****.***
linkedin.com/in/sankethu-guntaka
S/4 HANA, FIORI, BW, BPC, ARIBA Security and GRC Consultant
Career Objective:
A dynamic professional with over 13 years of experience in IT technologies, including SAP S/4Hana and GRC. Proficiency in comprehending and executing authorizations in accordance with business needs. A team member who possesses exceptional communication, analytical, and problem-solving abilities.
Experience Summary:
Having 13+ years of SAP expertise, including SAP S/4 HANA Security and GRC.
Experience in designing authorization roles for SAP S4, FIORI, ECC, BW, CRM, BOBJ, GRC 5.3, GRC 10, BPC, SAP HR, ARIBA, Solution Manager & CADENCY systems.
Lead the end-to-end security migration process (developed, configured, testing, troubleshooting & support) from ECC to S4/Hana.
Lead experience in mid-to-large organizations. Experienced in leading and managing individuals, implementations, mentoring team members.
Experience in S/4 HANA Implementation, Support, Rollout, and upgrade projects.
Experienced in S/4 HANA FIORI Catalogs, Groups, Space, and Pages Creation/Configuration.
Experienced in S/4 Hana FIORI troubleshooting techniques and ODATA, SICF services activation.
Led SAP GRC Access Control implementations, focusing on risk analysis, role management, and emergency access management.
Streamlined access request workflows by integrating SAP GRC with SAP ECC, reducing manual effort and improving efficiency.
Involved in the implementation of Access Risk Analysis (ARA), Emergency Access Management (EAM), and Access Request Management (ARM).
Worked on the mitigation process by creating some of the Mitigation controls for specific users.
Engaged in Emergency Access Management, facilitating Firefighter Access for users.
Worked on Access Request Management, creating users, and using various apps such as template management and copy requests.
Worked on MSMP workflow for ARM and EAM component, activating SAP delivered workflow as well as creating and activating customized Initiator rules using BRF+ Flat rule. Also worked on the creation of customized Agent Rules.
In BPC have created Teams, Member access profiles as per business requirements in Appsets
Experienced in SAP User Administration and Role Administration.
Expertise in Mass User locking activity during system upgrade, User password resetting, Validity extension, and Termination of users based on requests.
Strong in SAP application Security development by taking business requirements and building Security using the SAP Authorization Concept in Profile Generator tool (PFCG).
Strong working knowledge on Single, Derived and Composite Roles in role administration.
Strong understanding of security design and experience with SU22 and SU24 to create customized check indications for SAP Default Authorizations.
Analyzing and resolving the missing Authorization issues for end users with SU53 and ST01 & STAUTHTRACE.
Worked on security related tables like AGR*, and USR*.
Worked extensively on transport management with SE01, SE09, SE10 for mass maintenance of transport during projects.
Conducted SoD report analysis using SAP GRC, identifying violations and resolving compliance issues.
Led internal and external audit engagements, providing evidence, addressing remediation actions, and maintaining security compliance.
Managed SAP authorization objects and profiles using PFCG, enforcing least privilege principles across the environment.
Performed security audits and vulnerability assessments using Onapsis, Qualys and third-party tools, identifying potential risks.
Implemented security audits, role redesigns, and production issue resolutions using tools like SU53, SU56, and ST01.
Professional Work Experience:
Client: - Sunar Tech Solutions, Texas Feb 2025 – Till Date
SAP Security/GRC Lead
Lead the end-to-end security migration process (developed, configured, testing, troubleshooting & support) from ECC to S4/Hana.
Weekly updated & communicated with the project team about the status of the project.
Implemented strategy for creating/updating the existing business roles to transaction matrix which involved detailed analysis and updated the Su24
Configuring SAP GRC Access Control 10.1 Access Risk Analysis (ARA) and Access request Management (ARM).
Maintaining and Configuring MSMP workflows for Access Request Approval, Role Approval, Fire-fighter Log Review Approval and unlocking the accounts.
Scheduling all synchronization jobs (Authorization Sync, Repository Object Sync, Action Usage Sync and Role Usage Sync) and running Batch Risk Analysis job periodically for Access Risk Analysis Dashboards.
Mass user Creation, Validity Extension and Mass user Locking Activity during the system upgrade.
Client: - Hyster-Yale, North Carolina Oct 2023 – Jan 2025
SAP Security Lead
Successfully completed multiple projects and supervised security team.
Lead the team that performed an initial need assessment and defined the functional requirements.
Gathered the requirements from the business team on S4 Hana FIORI apps and GRC workflows
Creation of Fiori Catalogs, Tiles, and Target Mapping, and PFCG Role Administration.
User Administration which includes user creation, lock/unlock, validate, assigning profiles & authorization and user group creation
Extensively used mass user creation and role assignment
Role administration - Role creation, changes at org levels, authorization level, and transportation
Master role to maintenance at the organization levels and derive child roles
Worked on FIORI troubleshooting techniques and ODATA, and SICF services activation.
Analyzing and resolving the missing Authorization issues for end users with SU53 and ST01 & /IWFND/ERROR_LOG
Performed user maintenance tasks like User Creation, Deletion, and Role removal in GRC and Non GRC systems.
Mass user Creation, Validity Extension and Mass user Locking Activity during the system upgrade, Cut Over plan and Monthly Maintenance Activity.
Worked on ECC System Audit.
To clean-up roles is the system to make them align with the leading best practice of authorizations
Updating GRC Ruleset as per Golden rulebook, updating risk ID’s, Functions in the Ruleset
Updating mitigating owner, risk owners for control
As per system Audit reports, updating the roles to remove the potential causing SOD’s
Worked on several audit reports to correct and minimize the access risk to users at role level
Working with Critical authorization objects restricted and monitored
Worked on EAM to reduce no of FFID’s and to restrict the privilege access to Functional & Technical Teams
Has prepared the process documents for BAU team
Client: - Cole Haan, New York Jan 2022 – Oct 2023
SAP GRC Security Lead
Responsible for designing and implementing SAP security models for various SAP modules like FICO, SD, MM, S/4HANA, Fiori, EWM, GRC & BI.
Ensuring the S/4 authorizations are part of New and Existing roles.
Design & configure SAP Fiori Launchpad security (Catalog, tiles, and PFCG roles) for various business roles.
Activating services for the Fiori apps in /IWFND/MAINT SERVICE
Created custom roles (Single, Composite and Derived) as per new redesign.
Created New roles for the IT team in GRC as per the job function and tested them so that the roles are working fine as per the job function of the user.
Worked on testing all the workflows in GRC 12.0 for Access provisioning to the user, Assigning Firefighter access to a user, User access review, uploading of roles into GRC using BRM functionality.
Experience in extracting the SoD reports from the GRC 12.0 and analyzing the root cause of the SoD’s.
Conducted workshops to gather requirements from various business owners.
Analyze the internal security audit report and provide immediate resolutions to fix security violations
Involved in Specification gathering for Automation program.
Troubleshooting and identifying the missing ODATA Services and authorization issues
Working with Business users to identify the issues with Fiori apps and resolving auth issues
Providing support and issue resolution in quick turnaround during project implementation
Participated in UT & UAT on designed Automation program
Worked on trouble shooting the access issues faced during the UAT, worked on rollout activities.
Troubleshoot security/authorization related problems using SU53, ST01, STAUTHTRACE and SUIM.
Worked with security related tables such as AGR_TCODES, AGR_USER, and AGR_DEFINE etc.
Client: - Kontoor Brands, North Carolina Mar 2020 – Jan 2022
SAP Security/GRC Consultant
Implemented robust role administration strategies, ensuring alignment with organizational structure and security policies.
Proficiently handled user administration tasks, including user provisioning, role assignments, and permissions management.
Created and assigned firefighter IDs, meticulously extracting and analyzing firefighting logs for audit and compliance purposes.
Possess experience in GRC UAR, having successfully executed the UAR across all SAP systems without deficiencies.
Importing Single and Mass roles into GRC tool.
Creation of Business Roles based on functionality.
Approver Delegation and cancel/forward Request in GRC.
Role Approver changes
Working with Critical authorization objects restricted and monitored
Worked on the BI security issues.
Worked on Support pack upgrade in GRC from SP10 to SP12.
Analyzing impact analysis on upgrade and performing all the required pre and post upgrade tests
Fixing post upgrade defects in GRC
Maintaining OSS Connections and Registering OSS ID in Service Market Place.
Client: - Nomad Foods, London, U. K Aug 2018 – Mar 2020
SAP Security/GRC Consultant
Having experience of Phased Rollouts in ECC, BW & BPC.
Working on Security controls for remediating system threats based on ONAPSIS & QUALYS Reports.
Gathered requirements from Business for the new companies and new functionalities to be implemented in the phase and matched up with the existing roles and authorizations
Updated the existing roles with the required authorization objects and values and built new roles, as necessary
Conducted various rounds of testing with the IT and Business teams before migrating those changes to production.
Working on BPC (Business Planning and Consolidation)
Creation of users in BPC system and assigning the Teams to the users in all the APPSETS.
Creating BPC Teams & Member Access Profiles as per Business requirements in all the APPSETS.
As per requirement prepare various customized Audit reports in all the BPC APPSETS.
User Maintenance in CADENCY
Emergency access management through EAM, providing Firefighters to users in EAM upon approvals.
Creating and submitting Access requests in ARM for SAP users. Run SOD analysis inside the ARM request.
Generating various reports in ARA for Audit purposes.
Role maintenance thru BRM adding company codes, tcodes, auth objects e.tc. Importing roles to BRM from backend system.
Extensively worked on GRC UAR, successfully completed the UAR in all SAP systems with no deficiency (Audit Purpose).
Creating the OSS user ids and maintaining authorizations to those users.
Opened SAP Connections to SAP Team and maintained login details in Secured area notifying the same to SAP Team.
Client: - Autodesk Inc., California Mar 2016 – Aug 2018
SAP Security/GRC Consultant
Roles and Responsibilities:
Gathering the requirements from the business for the new job profiles and preparing the role design as per the SOX compliance, converting the same into technical phases for Rollouts.
Validating any custom transaction code and checking whether the proper authorization checks are maintained for the transaction code.
Analyzing the SOD reports as per Compliance model and minimizing the risks to meet the audit controls.
Design and development of SAP application security roles.
Development of custom security solutions when necessary to meet business requirements
Collect all information required to design roles and naming convention from Functional team.
Full troubleshooting support for the user’s authorization failures in all SAP applications and resolve the security issues.
Critical authorization objects such as S_TABU_DIS, S_PROGRAM, and S_DEVELOP were restricted and monitored.
User Management like User Creation, deletion of user, user’s locks.
Working with Critical authorization objects restricted and monitored.
Restricting table access and assigning the corresponding authorization group.
Working with security related tables.
Cleaning up roles and profiles not being used.
Transported the generated roles and profiles using SAP transport management system.
Worked closely with Security and audit teams during Security audits. Providing various reports as part of SAP system Audit.
Having wide experience in GRC 5.3 tool for SOD Analysis such as User level, Role level, Authorization object level etc.,
Working on Simulation process for existing users.
Finding risks and mapping Mitigations based on Approvals.
Client: - Sony Pictures Entertainment, California Jan 2012 – Mar 2016
SAP Security/GRC Consultant
Roles and Responsibilities:
User Management like User Creation, deletion of user, user’s locks.
Performed User Terminations in SAP on weekly Basis.
Worked on CUA (Central User Administration) for providing authorizations and troubleshooting CUA related problems.
Setup and administration of User IDs via Central User Administration
Checking the child systems connectivity and maintenance of child systems in CUA.
Creating the OSS user ids and maintaining authorizations to those users.
Opened SAP Connections to SAP Team and maintained login details in Secured area notifying the same to SAP Team.
Troubleshooting user’s authorization failures in all SAP applications and resolve the security issues.
Experience in Management of Analysis Authorizations (RSECADMIN Tool) in BI. Tracing the authorization problems in RSECADMIN.
Creating Analysis Authorizations with the authorization of relevant info-objects according to Business Requirements.
Analyzing the impact on business when going for authorization changes. Especially on JV Related authorization data.
Critical authorization objects such as S_TABU_DIS, S_PROGRAM, and S_DEVELOP were restricted and monitored.
Working on BPC (Business Planning and Consolidation)
Creation of users in BPC system and assigning the Teams to the users in all the APPSETS.
Creating BPC Teams & Member Access Profiles as per Business requirements in all the APPSETS.
As per requirement prepare various customized Audit reports in all the BPC APPSETS.
User maintenance in ARIBA System providing proper access to the users as per their Master data information.
Termination of user accounts in ARIBA System and if needed re-activation of user accounts.
Emergency access management through EAM, providing Firefighters to users in EAM upon approvals.
Creating and submitting Access requests in ARM for SAP users. Run SOD analysis inside the ARM request.
Generating various reports in ARA for Audit purposes.
Role maintenance thru BRM adding company codes, tcodes, auth objects e.tc. Importing roles to BRM from backend system.
Academic Credentials:
Master of Science in (Electronics & I.T), Sheffield Hallam University, U.K. in 2007
Bachelor of Technology in (Electrical & Electronics), India. In 2004
Contact this candidate