SAP Security GRC

Summary

A seasoned professional with extensive experience in SAP GRC and Security consulting, supported by a robust background in management and technical roles across industries such as construction materials, banking, and consumer goods. Expertise includes designing and implementing SAP security solutions, conducting gap analyses, managing role redesigns for S4HANA, developing comprehensive authorization matrices, and ensuring compliance with SAP best practices.

Skilled in workshop facilitation, defect resolution during SIT/UAT phases, handling go-live transitions, supporting BAU operations, providing training sessions for end-users, and managing change requests efficiently. Holds an in-depth understanding of Access Controls implementations and a strong technical aptitude for technologies like Fiori catalogs/pages and SU25 steps related to system upgrades.

Accumulated substantial professional insights by driving project success across various sectors while ensuring seamless alignment of security measures with business objectives. Career aspirations include advancing expertise in SAP Security Architecture roles, focusing on transformative projects, and leveraging modern tools and frameworks in industry-leading organizations.

Work Experience

June 2023 -Till Date

Senior SAP GRC Security Consultant Heidelberg Materials.

Conducted discovery sessions to analyze the existing security design and identify

gaps in alignment with best practices.

Delivered comprehensive gap analysis reports detailing discrepancies and actionable recommendations for improvement.

Organized workshops with business teams for role redesign tailored to S4HANA requirements.

Developed Role-Matrix and Authorization Matrix to support streamlined permission structures.

Collaborated with Fiori consultants to create catalogs, spaces, and pages aligned with defined business roles.

Designed security roles following SAP best practice methodologies, ensuring compliance and optimal functionality.

Performed unit testing and provided defect resolution support during SIT (System Integration Testing) and UAT (User Acceptance Testing).

Managed cutover processes and delivered ongoing hyper care support for seamless go-live transitions.

Supported BAU (Business-As-Usual) operations through regular monitoring, troubleshooting, and governance measures.

Processed change requests efficiently and facilitated end-user and business-user training sessions to enhance system adoption.

Oct 2013 -

May 2023

SAP GRC Architect Truist Bank

Conducted workshops for S4 Transformation from ECC 6.0, facilitating discussions to

align on project objectives.

Prepared detailed analyses on role impacts following the upgrade to S4HANA, ensuring thorough assessment and mitigation of potential risks.

Led the execution of SU25 steps by gathering necessary business inputs, providing guidance to the team, and performing unit testing on impacted roles.

Coordinated SIT and UAT defect resolution activities, supported Cutover and Go-live phases, and provided hyper care to ensure seamless transitions.

Designed detailed solution documentation for Access Controls 12.0 after discovery and explore workshops; obtained review-signoff from stakeholders while overseeing configuration and implementation efforts.

Delivered end-user training sessions, supported security audits, managed BAU activities, handled change requests, and ensured compliance with operational standards.

Mar 2011 -

Oct 2013

Senior SAP idM/GRC Consultant PepsiCo

Summary:- Led end-to-end SAP Security and GRC implementations (GRC 5.3 & 10) for global clients, including PepsiCo and Frito Lay, covering ECC, BI, HCM, Portal, and LDAP systems. Designed and configured security roles, MSMP workflows, BRF+ logic, and structural HR authorizations. Integrated GRC with SAP idM for automated provisioning and supported role remediation aligned with SoX controls. Delivered system testing, go- live support, and daily operations while ensuring compliance and security risk mitigation across varied business units.

Nov 2010 -

Mar 2011

SAP GRC Security Consultant Novus International

Summary: - Configured and implemented SAP GRC Access Control 5.3 suite, including RAR, SPM, and CUP modules. Worked with Basis team to establish RTA connectors and supported internal/external audits by identifying and mitigating access risks. Customized risk rules in RAR and configured Firefighter roles in SPM. Developed user provisioning workflows and collaborated with process control teams on risk remediation strategies. Supported SAP license audit compliance through system usage analysis.

June 2008 -

Nov 2010

SAP Security Consultant Smurfit-Stone Container Corp

Summary: - Led SAP Security implementation from the ground up for ECC 6.0 modules including MM, SD, PP, LE, FI, CO, and FSCM as part of the COMPASS project. Managed end-to-end security design, development, and deployment activities, coordinating across COE, audit, and business teams to ensure SoX compliance and mitigate SOD risks. Implemented and configured SAP GRC Access Control 5.3 suite (CUP, RAR, SPM), developed compliant provisioning workflows, and administered Firefighter IDs. Managed structural HR and CRM security, portal and LDAP integration, license audits, and user provisioning strategies. Championed role redesign, documentation, and security training aligned to SAP best practices.

Aug 2007 -

Jun 2008

SAP Security Consultant Danfoss

Summary:- Provided global SAP Security support across ECC, HR, BW, APO, and EP

systems during and post-upgrade (4.7 to ECC 6.0) for Sauer-Danfoss. Collaborated with business process owners and end users to resolve complex authorization issues at transaction and object levels. Designed and maintained security roles, managed structural authorizations in HR, and implemented SSO across systems. Utilized tools like VIRSA Compliance Calibrator to detect and remediate SOD conflicts. Led role redesign initiatives, created test plans, and ensured compliance through audit checks and monthly SOD evaluations. Delivered end-to-end support, change coordination, and system alignment in a multi-time zone, global environment.

Contact this candidate