Security Specialist It
Resume:
CARRIER SUMMARY
Solutions-oriented IT Security Specialist with notable success directing a broad range of corporate IT initiatives while participating in planning and implementation of information-security solutions in direct support of business objectives.
Having around 13 years of IT experience, which includes SAP ECC Security, GRC 12, S/4HANA and FIORI Security.
Implementation and support experience on all the components of GRC 12.
Proficient in S/4HANA backend roles, custom catalogs/groups and mapping of Fiori Custom Tiles as per the business requirement.
Extensively worked on Fiori Security.
Experience in Identifying OData Services & Web Dynpro Applications required for Fiori Apps.
Experience in SAP HANA DB User and Role management
Expertise in SAP Security administration support including audit.
Customizations are done to incorporate various business requirements.
Performed post-installation and connector setup in GRC 12.
Configured Access risk analysis.
Done Ruleset administration which includes ruleset download, upload, generation of rules, scheduling jobs.
Created and maintained Risk ID, function IDs and Mitigation Controls.
Implemented Emergency Access Management for ID based emergency firefighting.
Implemented plan for Emergency Access (Automation through MSMP Access request process ID workflow)
Implemented monitor Emergency Access (Automation through MSMP FF Log review process ID workflow)
Implemented Business role management component of access control.
Designed and managed business roles.
Configured role methodology.
Implemented role maintenance workflow (Automation through MSMP Role approval process ID workflow)
Implemented Access Control MSMP workflow setup and BRF+ configurations.
Hands-on experience in access provisioning using HRTRIGGER based solution.
Maintenance of business process owners and functional spoc’s in SharePoint.
Implemented UAR workflow.
Implemented SOD review workflow.
Done end user logon configuration.
Created custom Email templates.
Extensively used Fiori apps library for the creation of applications.
Created custom Fiori apps according to the business requirements.
Hands-on experience on SAP Fiori UI and OData authorizations.
Role administration with catalogs and groups, troubleshooting authorization issues.
Extensive experience in Requirement gathering, Design, Development, and Maintenance of SAP applications security.
Implementation of mass changes using LSMW and SECATT.
SU24 entry maintenance according to business requirements depending on the functionalities being tailored for the project.
Extensively used STAUTHTRACE for trouble shooting.
SAP R/3 Security for User Master Records Maintenance, maintaining Authorizations Group/Profiles/Roles and assigning roles/profiles to users.
Hands on experience on Active control tool for transport management.
Hands on experience on ServiceNow for ticketing and change request management.
Multiple customizations suggested and implemented to keep the system clean and compliant.
User ID creation/modification/deletion in Production and Non-Production systems.
Composite, Single, Master- Derived Role creation as per the requirement from the Business according to the Access requested per design.
Administration of ID's/ roles of different modules in ECC box like SAP MM, SAP FI, SAP SD, SAP PP, SAP PM, SAP HR, SAP CRM, SAP SRM etc.
Customized and Workbench Transport creation and Release of Transport request.
Created user account templates and setup the required System/Service/Communication user accounts for ALE, Workflow and background processing.
Worked with development and business users to identify authorization requirements.
Setup BI security for user roles Built Analysis Authorizations using the transaction RSECADMIN.
User ID creation in EP portal. Assignment of User group for Users in EP portal.
Authorizing EP portal roles for users.
WORK EXPERIENCE
TATA CONSULTANCY SERVICES (TCS).
Working with the Organization from June 2014 to till date, as a SAP Security & GRC Consultant.
IBM.
Worked with the Organization from June 2010 to Nov 2012, as a SAP Security & GRC Consultant.
Career Path
Master of Computer Applications (MCA) from Jawaharlal Nehru Technological University
PROFESSIONAL EXPERIENCE
SAP Security & GRC Consultant
Company / Consulting Partner : TCS.
Client : AbbVie
Overview
AbbVie is a global biopharmaceutical company focused on discovering, developing, manufacturing, and commercializing medicines to address complex and serious diseases. They are known for their research in immunology, oncology, neuroscience, and other areas. Their headquarters are in North Chicago, Illinois.
KEY ENGAGEMENTS
Extensively working on S/4 HANA and GRC systems.
Role administration with catalogs and groups, troubleshooting authorization issues.
Creation of catalogs and groups.
Creation of roles with catalog and groups.
Creation of custom Fiori application.
Troubleshooting in the Fiori and backend system.
Extensive use of Business role management (BRM) for managing the roles
Extensively worked on SAP GRC Access Risk Analysis, configuring and updating the ruleset.
Performing Risk analysis and Remediation by using ARA.
Mitigating the risk to avoid SOD violations.
Imported roles in SAP GRC using BRM.
MSMP workflow configuration, Defining Connectors and Configure RFC connection in SPRO, updating the Approver delegation records in GRC Access control as per request, Maintaining Role Owners and SOD stage Approvers.
Analyze Access Request Audit logs for Failures.
Extensive experience in ITGC Audit Controls
Mitigation and Remediation of Identified Risks associated with Roles and User accounts.
Troubleshooting security/authorization related issues related to Fiori apps/tiles and provided effective solutions.
Activated and deactivated HANA DB users.
Company / Consulting Partner : TCS.
Client : JOHNSON & JOHNSON
Overview
Johnson & Johnson (J&J) is an American multinational corporation founded in 1886 that develops medical devices, pharmaceuticals, and consumer packaged goods. Johnson & Johnson (J&J), through its operating companies, is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the pharmaceutical, and medical devices, and diagnostics markets. More than 260 Johnson & Johnson operating companies employ approximately 152,700 employees in 60 countries and sell products throughout the world.
KEY ENGAGEMENTS
Extensive experience in daily user maintenance like creating user ids, assigning roles, resetting passwords and locking/unlocking user.
User replication in quality system to resolve end user issues.
HR roles creation and modifications.
Good knowledge on Relationships and structural authorizations.
Efficiently used HR related Tables PA*, HRP*, etc.
Providing access on queries and analysis authorization.
Extensive experience with resolving ticket issues and troubleshooting security authorization problems while adhering to Service Level Agreements (SLA).
Analyzing the queries for end user issues.
Regular collaboration with the IT internal and external auditors.
Review of SOX controls to ensure compliance.
Handling UAR activity on monthly basis to keep the system clean.
Provide training and mentor junior associates.
Company / Consulting Partner : TCS.
Client : AURIZON
Overview
Aurizon is Australia’s largest rail freight operator and a top 100 ASX company.
Each year, the Company transports more than 250 million tonnes of Australian commodities, connecting miners, primary producers, and industry with international and domestic markets. It provides customers with integrated freight and logistics solutions across an extensive national rail and road network, traversing Australia. The Company also owns and operates one of the world’s largest coal rail networks, linking approximately 50 mines with three major ports in Queensland.
KEY ENGAGEMENTS
Implementation and support experience on all the components of GRC 12.
Extensively worked on Fiori Security.
Expertise in SAP Security administration support including audit.
Customizations done to incorporate various business requirements.
Performed post-installation and connector setup in GRC 12.
Configured Access risk analysis.
Done Ruleset administration which includes ruleset download, upload, generation of rules, scheduling jobs.
Created and maintained Risk ID, function IDs and Mitigation Controls.
Implemented Emergency Access Management for ID based emergency firefighting.
Implemented plan for Emergency Access (Automation through MSMP Access request process ID workflow)
Implemented monitor Emergency Access (Automation through MSMP FF Log review process ID workflow)
Implemented Business role management component of access control.
Designed and managed business roles.
Configured role methodology.
Implemented role maintenance workflow (Automation through MSMP Role approval process ID workflow)
Implemented Access Control MSMP workflow setup and BRF+ configurations.
Hands on experience in access provisioning using HRTRIGGER based solution.
Maintenance of business process owners and functional spocs in Sharepoint.
Implemented UAR workflow.
Implemented SOD review workflow.
Done end user logon configuration.
Created custom Email templates.
Extensively used Fiori apps library for the creation of applications.
Created custom Fiori apps according to the business requirements.
Hands-on experience on SAP Fiori UI and Odata authorizations.
Role administration with catalogs and groups, troubleshooting authorization issues.
Extensive experience in Requirement gathering, Design, Development, and Maintenance of SAP applications security.
Implementation of mass changes using LSMW and SECATT.
SU24 entry maintenance according to business requirements depending on the functionalities being tailored for the project.
Extensively used STAUTHTRACE for trouble shooting.
SAP R/3 Security for User Master Records Maintenance, maintaining Authorizations Group/Profiles/Roles and assigning roles/profiles to users.
Hands on experience on Active control tool for transport management.
Hands on experience on ServiceNow for ticketing and change request management.
Multiple customizations suggested and implemented to keep the system clean and compliant.
Company / Consulting Partner : TCS.
Client : SHELL
Overview
Shell is one of the world’s major energy companies, employing an average of 93,000 people and operating in more than 70 countries. The headquarters are in The Hague, the Netherlands. The parent company of the Shell group is Royal Dutch Shell plc, which is incorporated in England and Wales. Shell is one of the most diversified international energy company in India with over 8500 employees and presence across upstream, integrated gas, downstream, renewable energy, and deep capabilities in R&D, digitalization and business operations. With a retail presence across six states – Karnataka, Tamil Nadu, Telangana, Maharashtra, Gujarat and Assam Shell is expanding its network of fuel stations across the country. It has the entire Lubricants end-to-end value chain in India, from conceptualization and development, to production and distribution. This includes a world class lubricant oil blending plant with a capacity of more than 115 million litres, a distributor network of more than 185 and over 60,000 retailers across the country.
KEY ENGAGEMENTS
Configuration of Access risk analysis and Emergency access management.
Creation and maintenance of Risk and function IDs.
Creation and maintenance of Mitigation controls.
Managing Ruleset which include download and upload of new ruleset files and transporting it across the landscape.
Active member in project team and coordinated with business and other support teams to bridge the gap in requirement gathering.
POC for Fiori app implementation from scratch which include creation of license types, authorization groups, roles and users for various parties in the new system.
POC for SNC implementation throughout the landscape which need high level of coordination with all the support teams and testing parties.
Fire Fighter administration - Creating fire fighter ids and assigning owner and controller to the fire-fighter ids and developing Reason codes as per the requirements.
Execution and Simulation of risk analysis at user level and role level against Global and Customized rule set.
Generating reports for the fire-fighter logs.
Extensive experience in daily user maintenance like creating user ids, assigning roles, resetting passwords and locking/unlocking user.
Analyzed authorization access issues using SU53 and ST01 and STAUTHTRACE
Extensive working experience in role administration and regular support work.
Company / Consulting Partner : TCS.
Client : TATA MOTORS LTD
Overview
Tata Motors Limited is an Indian multinational automotive manufacturing company headquartered in Mumbai, Maharashtra, India and a subsidiary of the Tata Group. Its products include passenger cars, trucks, vans, coaches, buses, construction equipment and military vehicles. It is the world's 17th-largest motor vehicle manufacturing company, fourth-largest truck manufacturer, and second-largest bus manufacturer by volume. Tata Motors has auto manufacturing and assembly plants in Jamshedpur, Patnagar, Lucknow, Sanand, Dharwad, and Pune in India, as well as in Argentina, South Africa, Thailand, and the United Kingdom. It has research and development centers in Pune, Jamshedpur, Lucknow, and Dharwad, India and in South Korea, Spain, and the United Kingdom.
KEY ENGAGEMENTS
User ID creation/modification/deletion in Production and Non-Production systems.
Composite, Single, Master- Derived Role creation as per the requirement from the Business according to the Access requested per design.
Administration of ID's/ roles of different modules in ECC box like SAP MM, SAP FI, SAP SD, SAP PP, SAP PM, SAP CS, SAP HR etc.
Customized and Workbench Transport creation and Release of Transport request.
Created user account templates and setup the required System/Service/Communication user accounts for ALE, Workflow and background processing.
Worked with development and business users to identify authorization requirements.
Performed ST01 Trace for Authorization error analysis.
Setup BI security for user roles Built Analysis Authorizations using the transaction RSECADMIN.
User ID creation in EP portal. Assignment of User group for Users in EP portal.
Authorizing EP portal roles for users.
Company / Consulting Partner : IBM.
Client : JOHNSON & JOHNSON
Overview
Johnson & Johnson (J&J) is an American multinational corporation founded in 1886 that develops medical devices, pharmaceuticals, and consumer packaged goods. Johnson & Johnson (J&J), through its operating companies, is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the pharmaceutical, and medical devices, and diagnostics markets. More than 260 Johnson & Johnson operating companies employ approximately 152,700 employees in 60 countries and sell products throughout the world.
KEY ENGAGEMENTS
User administration (creating, changing, maintaining, deleting user accounts) using SU01, SU10.
Lock/unlock users and reset user passwords.
Trouble shooting missing access or additional access for the user using SU53 and ST01.
Worked extensively with user information system (SUIM).
Involved in creating new Roles & Profiles as well as changing the existing Roles.
Created and maintained Derived and Composite Roles
User administration using GRC CUP.
Administering Virsa Firefighter access (Super User Privilege Management SPM).
Performed Unit testing & User acceptance testing for SPM & CUP functionalities.
Finding SOD violations through RAR in user and role level.
Updating & generating rule sets in RAR and scheduling background jobs in that process.
Prepared & executed test scripts for pre-go live testing of SPM & CUP.
Role creation and modifications according to the client requirement.
Generating SOX Audit reports on monthly, Quarterly & Semi-Annual and Annual basis.
Working experience on BMC Remedy ticketing tool.
CREDENTIALS
Honored with the 'Delivery Excellence Award' from TCS in 2024 for outstanding contributions to the Johnson & Johnson project.
Awarded the 'Best Performer Award' by Johnson & Johnson in 2012.
Honored with the 'IBM Service Excellence Award' in 2011 for project contribution.
Recognized with the 'Award for Excellence' multiple times by TCS for project work.
Received the 'Beyond Performance Award' from the Shell Group.
Awarded the 'On the Spot' award multiple times by Aurizon client.
Contact this candidate