SAP SECURITY
Resume:
FERNANDO ROMERO
*** ******** ***, #***, *****, FL 33134 - 317-***-**** - ********.********@*****.***; www.linkedin.com/in/fernandoromerodiaz
SAP SECURITY CONSULTANT
Over 18 years of IT experience in Network Security Administration and Application Security projects including 13 years involved in evaluating, designing, and developing SAP Security Architecture and user provisioning.
KEY SKILLS
Security planning for all SAP modules.
User Administration, User Reconciliation, role design and Custom Authorization Checks over SAP NetWeaver, ECC, APO, SRM and CRM
SAP GRC Access Control 12, 10.2
SAP HANA S4 and Hana DB Security administration and user provisioning
SAP FIORI application security and user administration
SAP IBP User Management
SAP Cloud Identity Management, BTP platform for user Administration
SAP Success Factors RBP security authorization concept
Enterprise Portal for User and Content administration
SAP BW Security and SAP BI analysis authorization concept
SAP BO BI and BPC authorization concept
HCM security model including SuccessFactors user authorizations
Solution Manager for Transport Management and Request for Changes
Microsoft Active Directory Services for network user administration, Azure, DevOps
SAP Identity Management
PLM authorization concept
PROFESSIONAL EXPERIENCE
Archer Daniels Midland, remote Mar 2021 – Jul 2025
SAP Application Security Support
Responsible for role design and solution architect for security issues for new and existing roles throughout the SAP landscape (S4 Hana, FIORI, EWM, GRC, GTS, BTS, SM), perform risk analysis for change management process. Provision HR user access via Success Factors to all locations globally. Security analyst and coordinator between SAP abap platform and Cloud, BTP, PIPO. Support monthly quality checks, SOPs, and EWA security checks.
Allison Transmission, Indianapolis, IN Feb – Jun 2021
SAP Security Consultant
Supported second phase of SAP IBP Implementation Project – Phase 1B: Supply Chain.
Supported phase 1 of SAP IBP Implementation Project – Phase 1A: Sales Planning.
Designed and developed all IBP roles for user assignments.
Administered user creation and configuration in IBP landscape.
Supported SAP Analytics Cloud for User Management during SAC configuration project.
Security architect for EHSM (Environment, Health and Safety Management) deployment.
Created Security Risks to ruleset and created mitigating controls for security access.
Amgen, Tampa, FL Oct 2020 – Mar 2021
GRC Access Control Analyst
Supported the ERP Compliance team, monitored ERP Security and User Access Review for Q4 2020 and Q1 2021. Analyzed and proposed solution for excessive Unblinding access, analyzed and approved Role Owner changes, role management and security changes, reviewed ruleset with business and PwC.
Worked with business units and internal audits to ensure risks appropriateness level and set risks and conflicts up appropriately within Technical Specifications.
Run separation of duties (SOD) analysis on new task-based roles, job/template roles, and against end user assignments; Worked with business owners and SAP Functional Team Leads to re-mediate SOD conflicts. Provided SOD status reporting with all involved LOB's and IA stakeholders. Maintained key mitigations for SOD violations.
FPL-NexTera, Miami, FL Mar 2020 – Aug 2020
GRC Access Control Administrator
Supported GRC Admin team, GRC AC SME for troubleshooting, reporting and user provisioning, Risk Analysis, FF access and BRM. Developed a GRC Automated Process for terminated Role Owners.
Worked with various parties including Audit, GRC (Governance, Risk and Control) admin and the Functional Team Leads to continually refine roles and optimize the security implementation based on SOD analysis and continuous controls monitoring.
Smithfield Foods, Lisle, IL May 2017 – Feb 2020
Sr IT Security Analyst
Provided analytic support for the OneSAP landscape, user provisioning and application services, including SAP Service Market user administration, Secure Area, and work alongside with Basis and SAP Support for SAP platform issues, SAP HANA user administration.
Administrated access for Blacksmith app.
OneSAP project integration SAP among all company divisions last 2 yrs. Project involved role definition, role development, testing, troubleshooting until production.
Supported the team during HANA security deployment, upgrade and migration.
Setup Hana security for SAP products: Cloud (SAC, IBP etc.) and on premises (BOBJ, BW, FIORI).
Worked on HANA Security role design, user access, Interfaces. Supported Hana Security during upgrade operations to Netweaver landscape.
Performed process risk assessment and designed mitigating controls for new or modified SAP functionality and processes.
Defined and documented controls for cut-over, privileged access users.
Coordinated with SOX (Sarbanes-Oxley) team and External Audit regulatory changes for testing of configurable controls specific to ITGCs and compliance processes by leveraging SAP and another automated tools.
Worked closely with other COE/project teams to understand implications of Process and functionality changes and Organizational changes and the implications for Security and Controls.
Setup up FIORI backend roles (catalogue, groups, and roles).
Collaborated with basis team, troubleshoot, and configure HTTPs and Single Sign-On in SAP Fiori system landscape.
Worked on mobile user security, SAP gateway and troubleshoot issues.
Troubleshoot and assisted with HCM structural authorization.
Provided support during HCM migration.
Roche Diagnostics, Indianapolis, IN Feb 2016 – Feb 2017
SAP Security consultant
Validated and incorporated an SAP system into Roche SAP Internal Security Standards.
Completed SAP role clean-up and created new roles for DMS/EHS business areas.
Worked on security migration during upgrade to Netweaver centralized platform.
Performed various end-to-end role provisioning (Enterprise role-based).
SONOVA-Advanced Bionics, Valencia, CA Nov 2015 – Dec 2015
SAP Security Architect
Participated in the new SAP authorization concept kicked off for the integration of subsidiary Advanced Bionics SAP platform.
Created test users and test roles as part of new security concept, monitoring and adjusting transaction access.
Briefly worked with business managers for FI, SD, MM and PP to test and align the existing SAP authorization concept at SONOVA to be implemented at AB.
CITRIX, Fort Lauderdale, FL Oct 2015 – Dec 2015
SAP Security Administrator
Provided daily support to business users including role changes, role access, user creation, user provisioning, password resets through ticketing system for the global organization.
Allison Transmission, Indianapolis, IN Jul 2015 – Oct 2015
SAP Security Architect
Adjusted composite role redesign for Finance business job roles.
Contributed to role redesign and testing for new Payroll authorization concept.
Redesigned a new authorization concept for HCM Department.
Cleaned up report access through enabler roles for new restriction access on HCM.
Helped during daily support to business project users for test user access.
Capital Group, Irvine, Ca Jun 2014 – Apr 2015
SAP Security Administrator
Supported the Financial Systems Transformation (FST) Project for business user access and test scenarios in non-prod systems and during Global APD Cutover plan.
Enabled daily operations to business users for SAP BW, BOBI, BPC, ECC, SolMan, HCM landscape.
Remodeled reporting roles in SAP BI, defined BPC teams, task profiles, data access profiles for user access.
Administered user access and provisioning in Portal systems for ECC and BI environments.
Implemented monthly report consolidation load to SAP platform by BOBI/BPC team.
Johnson Controls, Glendale, WI Mar 2013 – Mar 2014
SAP Security Consultant
Performed various end-to-end role provisioning (Enterprise role-based).
Designed the Security for the NWBC PLM environment.
Collaborated on the EAD projects for the SAP platform globally through Help support and Remedy tickets.
Main security architect for Internal Auditing adjustments for preparation of 2014 audit and completed the External Auditing Project for ECC & BI environments.
Supported the user access and role tests during integration and regression phases and Project team during production migration for SPS Project -Upgrade and migration of Prod ECC Enhancement Support Pack.
Utilized GRC 10.0 for conflict risks on user and Role level as part of role configuration or user provisioning in prod.
Shire Pharmaceuticals, Wayne, PA May 2012 – Nov 2012
SAP Security Consultant
Helped during the upgrade of SAP GRC 10.0 and adjusted with business managers and role owners the new generated risks.
Globally supported the user provisioning through Help Desk Support and Remedy tickets for Shire global SAP environment.
Defined report roles based on analysis authorizations and assigned users with new security authorization concepts during Upgrade and migration of BW system to BI 7.3.
Created new roles for HCM and APO during upgrade and supported role testing.
Bayer CropScience, Raleigh, NC May 2010 – Mar2012
SAP Security Consultant
Supported the Integration of IDM-GRC.
Performed configuration changes and troubleshooting (CHARM and RM).
Commissioned to constant improvement of SAP authorization administration by cleaning up unused roles, updating roles with new transactions and assigning and removing access to users on the SAP Global landscape including ECC, BW, APO, Solution Manager, CRM and SCM.
Created 155 new roles updating Org. values on child roles and assigned roles to users during Athenix project.
Changed Naming convention of 46 existing roles and added new tcodes to 24 roles based on new authorization concept.
Implemented Dart roles for NAFTA users and QA Management Approver of Change Management Tool test cases to comply with SOP (Standard of Procedures) during Dart Project: Data Retention tool.
Supported BW team with BW role assignment and RAVTC updates to users.
Coca Cola Enterprises, Atlanta Feb 2010 – Apr 2010
SAP IDM Consultant
Participated as a liaison between the SQL development team and IDM support team.
Worked with SAP Identity Management 7.1 to handle authorizations to employees, new positions in the organization, and de-provisioned inactive users. Monitored privileges that control access to tabs associated to the IDM portal with the correct roles currently assigned to users.
Created Business Object users in the SAP environment. These IDs contained validity, role and printer settings and communication date like telephone number, fax and email address.
Balchem Corp, New Jersey Aug 2009 – Jan 2010
SAP Security Consultant
Utilized GRC Access Control 5.3 for SOX and SoD clean up in all SAP platforms and analysis of the possible security problems in pre-implementation GRC process.
Participated in defining the implementation strategy for RAR.
Assisted in defining risks, security roles, and mitigating controls on GRC AC.
Resolved critical & sensitive authorizations, implemented improvements to meet audit requirements.
Empresas Polar (Polar Enterprises), Caracas, Venezuela May 2009 – Jun 2009
Security Administrator
Administered users for ECC 6.0 platform through CUA and Active Directory Services user permissions for the Global organization.
Created, changed user access based on help desk support tickets through HP OpenView.
Provisioned and deprovisioned network and SAP users in Active Directory Services and SAP SRM and ECC.
Wyeth Pharmaceuticals, Guaynabo, Puerto Rico Nov 2008 – Mar 2009
Senior Security Consultant
Opened SAP GRC 5.2 extensively for handling SOD conflicts. Worked with GRC EUP to define all Firefighter IDs with owners/approvers. Mapped Fighter IDs to users and configured various options to include tracking of Successful/unsuccessful sign on of approved users during Fire Fighter mode of operation.
Worked with SAP GRC RAR to produce Role Definition and change history reports for Internal/External Auditors. Handled the comparison of Role definition with actual Roles created by PFCG to ensure integrity using Role Expert.
Reichhold, Inc. Durham, NC ( Bearingpoint, Inc) Jul 08 – Sep 2008
Senior Security Analyst/Admin
Supported the Security Team with best practices on post-upgrade activities related to authorizations assignments to users from SAP R/3 4.6C to ECC by using the upgrade tool tcode SU25 and Authorization checks.
Closely worked with the Functional, Basis and ABAP Staff for the implementation of special business modifications and SAP enhancements as part of upgrade to ECC.
Monitored user and management activity, errors, and other exception reports to ensure security is being maintained consistent with the Information Security Policies and Procedures.
Assisted in identifying gaps in security administration processes and procedures as well as areas for significant improvement, optimization and automation during upgrade.
Teamed as a liaison between the R/3 Development Team, Basis and Security Team.
Honeywell, Minneapolis MN ( Bearingpoint, Inc) Oct 2007 to Jun 2008
Senior Security Analyst/Admin
Participated in analyzing and writing security related standard procedures for the new Composite role concept and User Master Records.
Designed and maintained user authorizations in single, composite and derived roles including critical & sensitive authorizations and organizational levels.
Implemented improvements to meet audit requirements for CRM systems due to different user groups with access to CRM data. Internal employees were assigned roles for the internal CRM system, and external partners were provided with access to CRM data via portal.
Handled SAP and OSS ID administration. Provided developer’s key and opened service connection.
Configured users in Enterprise Portal with Single sign on functionality, exchange role information with ABAP based systems, uploading SAP Roles into the SAP Enterprise portal.
Phillips Medical Systems, Seattle, WA ( Bearingpoint, Inc) Aug 2007 to Oct 07
Senior Security Analyst/Admin
First contact for the Security Team between Seattle and Eindhoven, Netherlands as part of the test and validation phase of new role assignment. Supported Live security for the entire SAP Landscape. Responsibilities included Controlling Access to Restricted Transactions, daily security checks, monitoring unsuccessful logons, monitoring inactive users and locking inactive users in non-prod systems.
Komatsu America, Chicago Illinois (Prosoft group) Feb 07 to July 07
SAP Security Consultant
Designed and provided the SAP R/3 security support for SAP R/3 4.6c. Generated role matrixes and created end users as per the Organizational Structure.
Modified and assigned roles for CRM, APO, SEM, SRM components in DEV and QA systems.
EDUCATION AND TRAINING
B.S. Systems Engineer. University of Los Andes, Merida city, Merida, Venezuela, 2000.
Training: SAP EP 6.0 Administration and Configuration at Prosoft Technology Group, Chicago, Il. 2004.
Certification: MCSE (Microsoft Certified Systems Engineer) at Microsoft Venezuela. 2001.
Certification: MCSA (Microsoft Certified Systems Administrator-Messaging) at Microsoft Venezuela. 2001.
Miscellaneous
-Legally authorized to work anywhere in the US and for any Employer.
-Available to travel as requested.
-Multilingual English, Spanish, Portuguese, Italian.
References:
Available upon request.
Contact this candidate