Post Job Free
Sign in

Global Process Leader - SAP Security & GRC controls

Location:
United States
Posted:
September 30, 2025

Contact this candidate

Resume:

PRABHU YARRAMANENI

***W Parkside DR, Palatine,Illinois,60067

224-***-**** **********@*****.*** https://www.linkedin.com/in/pyarramaneni/

Summary

A results-driven and highly skilled senior IT leader and consultant specializing in SAP security with16 years of experience Leverage’s expertise in technical, business process, and audit and control implementation. Highly skilled in full life cycle implementations of SAP security from design to post-implementation phase. Strong experience in using Automatic Profile Generator (PFCG) for the creation and maintenance of roles/activity groups. Recognized for skills in analyzing and processing SOD and SOX issues in business-friendly language. Develop and document complex SAP operations and technical processes, functions and procedures. Utilizes dynamic interpersonal, analytical, and communication skills to act as a liaison between HR, IT, and SAP project teams as well as BASIS administration and auditors. Skilled in mentoring and leading teams for high performance. Experience in working in large/complex application management engagements. and successfully upgraded SAP landscapes with reduced risks. Configured and designed SAP FICO, MM and HR modules.

SAP ECC 6.0, 5.0, 4.7 Structural Authorization SAP Security BW/BI on HANA

Audit and Control Compliant User Provisioning GRC 10.1 RAR, EAM, BRM Access Automation

Risk Mitigation and Remediation BW/BI on HANA Customer Satisfaction

Maintain Check Indicator in SU24 S/4 HANA FIORI Transport Management (OTM) PLM Recipe Ariba SOLMAN EWM/TM PI

Core Competencies

Worked with functional, internal/external auditors, management, and user community regarding the development of SAP Roles, and authorizations.

Leveraged extensive experience troubleshooting authorization-related issues.

Performed User Master Reconciliation (PFUD and SUPC).

Hands-on experience in maintaining Profile Parameters, Security Tables, and Reports.

Expert in setting up transport requests using SCC1, SE9/SE10. Experience in using Line Authorizations for SME/SMB.

Review of functional specifications for role development and system integration test plans and participate in cutover activities during the Go-Live phase. Participate in and facilitate the post-Go-Live support activities.

Organized and maintained audit trails for changes made to user accounts, Roles and security profiles (SUIM).

Worked extensively on Authorization Groups and Customized Transaction Codes.

Customer Support: Providing 24/7 support to SAP customers, addressing their functional and technical system needs.

Process Engineering: Testing, Monitoring and conducting regular tests

Service Quality: Focusing on ensuring service availability, operational capability, and overall service quality.

Team Management: Leading and managing the SAP support team, ensuring they meet service level agreements and client expectations.

Incident Management: Handling incidents, problems, and enhancements related to SAP systems.

Currently handling onshore and off shore team part of Business As Usual (BAU) and projects.

Have good understanding security standards and frameworks, including cybersecurity framework and critical security controls.

Prepared knowledge articles.

Budget Management: Managing the budget for the SAP AMS service delivery team.

Continuous Improvement: Identifying opportunities for improvement in service delivery processes and implementing them.

Compliance: Ensuring compliance with relevant regulations and industry standards.

Reporting: Providing regular reports to clients and internal stakeholders on service performance and status.

Experience with Cloud security including Cybersecurity Encryption and Key Management

Technical Skills

ERP: SAP R/3 (R/3 4.7, ECC 5.0, ECC 6.0), SAP BW (3.1C, 3.5), BI 7.0 GRC, Ariba, BTP, FIORI

Portal: SAP Enterprise Portal, SAP Web AS

Languages: C, JAVA, HTML, XML, ABAP/4, SQL, and PL/SQL

Systems: Windows 2000, Windows NT, Windows Server 2003, AIX and UNIX

Databases: Oracle 9i, Oracle 8.x, MS SQL Server, MySql, MS Access

JAVA Applications: Java Beans, Servlets, JDBC, JSP, Java Scripts

AI – ML – Data analysis, EDA (Exploratory Data Analysis) and building Models

Experience

Corteva Agriscience

SAP Security, ERP Functional S/4, Controls R&M production support – IT Global Process Leader

Johnston, Iowa

June 2022 – Till Date

Scoped key security and control (Explore, Design, Build Test, Deploy and Support) activities.

S/4 upgrade analysis on unavailable, deprecated and successor apps.

Incident Management: Handling incidents, problems, and enhancements related to SAP systems.

Retrofit security transports strategy – Production Vs Project landscape.

Defined strategy for negative testing and data protection.

Providing inputs relating to architecture and design guidance to the development team for enhancements for existing design or new product design.

Closely working security integrations and dependencies.

Defined process for user to role mapping.

SoD Rule Set updated based on new authorizations introduced during upgrade.

SoD analysis performed single, composite and business roles.

Travelled to Canada and Argentina for NA. EMEA and LATAM for UAT testing and Go-live.

Currently working S/4 APAC project.

Designed strategy for Ariba security

SAP Cloud Identity Access Governance (IAG): User Authentication and Access Control, Privileged Access Management (PAM), Data protection and integration with cloud

Created security strategy document for Data loads access based on SAP best practices.

Working with functional information security team through the daily management of information security tasks, including identity management, vulnerability management, change management, reporting, and audit facilitation.

Defined process for custom transition codes via workflow.

Handling vendor management and approving resources after interviews.

Defined firefighter process for project and production support teams.

Designed business roles based on task.

Conducted workshops with leading customers and strategic partners to identify and validate requirements and translate to solution design across various workstreams.

Providing guidance in developing customized Fiori apps.

Daily have status calls with teams for project and production tickets updates.

Developed security strategy and knowledge transfer documents.

Conducted training sessions for GRC firefighter requestors, Role owners, Managers and Controllers.

Around 25 (Security, Fiori, Basis and ABAP)) project resources and business as usual members (production support) reports to me.

Budget Management: Managing the budget for the SAP AMS service delivery team.

Developed statutory process for Brazil, APAC and EMEA countries.

Hands on in SAP Security and Compliance arena covering Role Based Access Controls and UI Masking (GTS, BW, MDG, EWM, Ariba and BTP).

Working in providing technical security expertise into complex, cross-domain, heterogeneous networked environments in collaboration with the business teams.

Team Management: Leading and managing the SAP support team, ensuring they meet service level agreements and client expectations.

Reviewing and evaluating project deliverables.

Validating the work of the technical team and ensuring SAP standards are adhered following best practices in accordance with SAP’s Solution Extensions

Foreseeing conditions, plan ahead and establish priorities.

Implemented custom transaction codes process and involving internal audit team.

Designed/Monitoring ITGC controls for critical objects, critical transaction codes, termination process, IDocs and transports.

Defined project timelines for security and controls.

Used Smartsheet for tracking detailed security/Fiori/ABAP/Basis/functional (all workstreams) activities.

Closely working with enabled workstreams and providing project support.

For S/4 security transports defined the process since it is consuming more time.

Gather requirements to drive the overall design and processes related to the ERP Transformation Project.

Perform the configuration, build and support testing / go-live activities for all relevant ERP applications (GTS, EWM, MDG, BW, ARIBA and BTP).

Acting as a liaison between IT, Internal and External Audit teams and functional business stakeholders to ensure ERP systems meet regulations, policies and compliance requirements.

Work with appropriate stakeholders to automate provisioning process leveraging available IAM, GRC and IAG solutions.

ACCO Brands Lake Zurich, Illinois

SAP Security S/4, BAU support and GRC Lead Sept 2019

– June 2022

Working with functional information security team through the daily management of information security tasks, including identity management, vulnerability management, change management, reporting, and audit facilitation.

Daily Performing enterprise application security assessments, code reviews, and application penetration tests per guidance on security best practices and compliance standards

Build strong working relationships within business units and 3rd party service providers to enhance results-oriented client service focus.

Currently working on BW, S4HANA, FIORI, EWM, TM, Saviynt (Compliance Tool) and implementing SAP for other locations (EMEA and APAC)

Customer Support: Providing 24/7 support to SAP customers, addressing their functional and technical system needs.

Service Quality: Focusing on ensuring service availability, operational capability, and overall service quality.

Team Management: Leading and managing the SAP support team, ensuring they meet service level agreements and client expectations.

Incident Management: Handling incidents, problems, and enhancements related to SAP systems.

Exemplary technical background and demonstrated expertise in architecting, implementing, and managing security systems.

Handling offshore and onshore teams.

TATE & LYLE Hoffman Estates, Illinois

SAP Senior Security Administrator and Lead 2013–2019

Oversaw governance risk and compliance (GRC) 10.0 and 10.1 and Fiori Implementation (Audit & Control).

Managed compliant User provisioning via GRC 10.0 and 10.1.

Mapped Tcodes to functions and risks to build rule set to run for SOD analysis.

Design MSMP workflow to include multiple approval stages for Emergency Access Management (EAM).

Configured Workflow for New Hire for pre-approved access defined by business.

Built mitigating control for risk defined by business and helped testing control for authenticity and validity.

Carried out business role management in GRC to streamline provisioning while achieving 99.99 % accuracy in single Access request in multiple systems in with one Access request.

Leveraged knowledge in security upgrade, including upgrade to Enterprise R/3 4.7 and ECC 5.0.

Generate email alert for Critical Tcodes defined by process leads within Business Leads with Internal Audit approval.

Created and cleaned up sod reports on monthly basis or as business requested to help mitigation or remediation.

Connected GRC production system and non-production GRC system to non-production system.

Built HR Trigger to automate provisioning of new hires with their correct Access.

Implemented Access & Emergency Access Management made available on FIORI to enable approver for quick Access.

Managing vendor and handling on and offshore teams.

Designed Global template for roles across all locations and provided architect solutions.

Worked and working with PMO staff, Functional teams, business users for resolving issues and with system integrators.

Implemented Quarterly Audit Process across all the production landscapes.

For custom transaction codes making sure authority checks are maintained. This is SAP best practice.

Worked and working on Proof Of Concept (prototype) solutions.

Did process improvements for reducing incidents.

Working Environment: SAP ECC 6.0, HCM SME/SMB, BI, Enterprise Portal, PI, BI 7.3, CRM 7.0, HCM, BoBJ 4.0, GRC 10.1, 10.1, APO, BW on HANA, S4 HANA, Transport Management (OTM), PLM Recipe and Fiori Implementation.

Enterprise Central Component (ECC)/SOLAMAN

Utilized SU24 to maintain Check Indicator Defaults and Field values, reduced scope of Authorization checks.

Restricted open authorizations to sensitive Transaction codes.

Analyzed trace files and tracked missed authorizations for user’s access problems.

Worked on critical authorization Objects such as S_TABU_DIS, S_DEVELOP, S_RZL_ADM, S_ADMI_FCD and S_TRANSPRT.

Set-up SAP authorization profiles and Roles that represent different end users job definitions.

Worked with business owners to define authorizations needed for users.

Utilized tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_DEFINE

Served key role in gathering end user requirements and implement SAP R/3 security authorizations.

Business Intelligence (BI) 7.4 on HANA

Served key role regarding Analytic privileges to control access to SAP HANA Data Models.

Performed critical role on teams building security based on catalog and schema management, system management, data import and export etc.

Built security for various privileges including object, package, analytic and application privileges to control.

Transported repository roles within HANA transport container.

Worked extensively on tracing HANA Authorization issues using HANA Studio.

Served key role on SAP HANA Model Generation to access data from BW and HANA Studio.

Teamed with Auditors on providing reports on SoD and Critical Action Risk Analysis in SAP HANA.

Integrated SAP HANA with GRC 10.1 in Test System to automatically provision HANA users.

S4 HANA Security Implementation

Mapped backend end role with Services designed in FIORI for S4 HANA implementation.

Setup users in interface to access backend module sub modules such as sales, purchase requisition and approver etc. via Fiori Tiles.

User Management in SAP Fiori technology.

Built Roles and authorization using Fiori Title Catalog for S/4 HANA business applications eg. financial controlling, treasury, risk management, manufacturing, sales, procurement etc.

Supported migration of existing SAP to S/4 HANA using Productive Test Simulation.

BoBJ 4.0 and KNOA

Setup BoBJ Security at root level to grant access rights to requested folders.

Automate Assignment of BoBJ Folders to end users including new hires and Users who change position and job function within organization.

Worked with Business to develop Dashboard for executive reporting.

Helped in building SSO with AD authentication along enterprise authentication for BoBJ.

SAP FIORI

Integrated, configured and activated S/4 FIORI apps with BOBJ, HANA and CRM business Roles on UI5 (HTML5)

Worked on configuring Security Roles for tile catalogs and groups.

Served key role in testing of SAP FIORI Roles for time and expenses.

Worked extensively on fixing authorization issues in FIORI UI5 landscape.

SOUTHERN CALIFORNIA EDISON California, CA

SAP Senior Security Administrator 2009-2013

Worked with environment SAP ECC 6.0, HCM SME/SMB, BI, Enterprise Portal, PI, BI 7.0, IdM 7.3, SRM/CRM.

Experience in Compliant User provisioning via GRC 10.0

Business Role Management in GRC to streamline provisioning with 99.99 % accuracy in single Access Request in multiple system in with one Access Request.

Human Capital Management (HCM)

Developed concurrent and dual employment authorization roles; context-sensitive roles to eliminate context Issues for MSS & HR Personnel; and structural profiles to read and maintain specific parts of organizational structure to resolve context issues.

Promoted Personnel Area field to an Organizational Level Field to develop derived roles with key differences for Personnel Area.

Enabled custom authorization check to enhance HR functionality.

Worked with OM, PA, PD, payroll, travel, and benefits.

Helped functional team to develop Custom Evolution Path that can be used in structural profile to place a restriction on Organizational Structure.

Implemented hybrid solution for HCM, which uses position-based, and role-based Security solutions.

GRC 10.0 & 10.1

Led automation of workflow process with GRC Access Control.

Created and assigned Firefighter Id’s and extracting Firefighter Id’s log.

Implemented Access Control (AC 10.0), Sustainability Performance Management (SuPM), Risk Management (RAR).

Defined authorization for risk management and process control at entity level eg. corporate, organization, process, sub-process and control and risk.

Customized sap GRC delivered roles for risk management (sap_grc_rm_api*) to customer specific requirement.

Implemented process control to better streamline business processes for vendors and customers.

Configured workflow, actions and rules.

Restrict object grfn_ae, grfn_arr, grfn_ap, grfn_app, grfn_audis etc.

Maintained tight control for authorization object grfn_api, grfn_rep, grfn_conn.

Performed RAR analysis to identify sod violations.

BI 7.1 / BOBJ / BoDS 4.2

Built business intelligence authorization model for analysis authorization if structural authorizations are being transferred from human resources.

Created system level, application level, content level access based on object-level security assigned for users.

Produced custom Access level in BOBJ and granted full control, view control, and view on-demand control for different Roles that were imported from BW/BI

Extensively used RSECADMIN tool to build Analysis authorizations.

Built data service-specific authorization level to further secure data services.

Created development, test, and production profiles depending upon data services for BODS.

Built application-level access to create analysis workspace, send files, edit relationship queries and data access for BOBJ.

Customer Relation Management (CRM) 7.0

Developed roles to create, change and delete Business Tcode eg. leads, opportunities, activities and quotations with authorization Objects CRM_ACT, CRM_LEAD and CRM_OPP etc.

Created BP employees and tie them up with their respective UMR in SU01 via eCATT scripts and manually.

Documented business requirements in by translating them into Business process and then technical document.

Developed Roles for different level of access including Admin Access, Developer Access, CRM Middleware access for different landscape such as development, quality, and production.

Created business partner security by using Auth. Objects B_BUPA_RLT, B_BUPR_BZT etc.

Supplier Relation Management (SRM) 5.0

Maintained ROS, SUS and LAC portals associated with SRM from Authorization Perspective.

Managed organizational structure PPOMA_BBP, PPOME_BPP to assign users (US) to positions (S) etc.

Built roles to restrict approval limit per dollar amount.

Restricted vendors to create their own user ID without maintaining anyone else especially in presences of ROS, SUS and LAC portals.

SAP ECC 6.0/PI

Developed derived roles and single roles by analyzing business scopes.

Created eCATT Scripts to load mass users in Production CUA & eCATT Scripts for maintaining certain fields that were not possible to maintain via SU10.

Experience in CUA Administration to provision Users and Land Scape Design for Production and Non-Production system.

Extracted structural authorization to transport to bi- system via program rhbaus02 & rhbaus00.

Secured tables using authorization group by using object s_tabu_nam to table specific table name.

Created automated scripts to compare roles in different landscape.

DAICHII SANKYO PHARMACY Parsippany, NJ

SAP Lead Security Consultant 2009(4 months)

Worked in environment SAP ECC 6.0, HCM and BI7.0

SAP ECC 6.0

Analyzed Business scope, user Roles, and developed role matrices for better understanding of security authorization plan.

Worked on segregation of duties (SOD) conflict resolution and Sarbanes Oxley (SOX) compliance.

Utilized Automatic Profile Generator (PFCG) to create and modify Single Roles, Composite Roles and Derived Roles.

Secured tables and programs by creating authorization groups.

Worked with business team to prepare and maintain role matrices and user mapping matrices.

Maintained user administration using Central User Administration.

Performed User master maintenance such as creating new users, assigning Roles, deleting users, renaming users, resetting password, lock/unlock User ID using transaction code SU01.

GRC 5.3

Worked with business experts in placing mitigations for Conflicting and Critical Tcodes.

Configured and extensively used Firefighter tool for emergency access and troubleshooting.

Created mitigating controls and upload enable role owners to perform this task.

Ran VIRSA’s VRAT tool to find SOD conflicting Roles and modify them according to the requirement.

Worked with Internal Auditors and Process Owners to define customized SOD.

BI7.0

Built BI authorization model for analysis authorization if structural authorization were transferred from human resources.

Utilized RSECADMIN tool to build Analysis authorizations.

Assigned analysis authorizations access to users using authorization object S_RS_AUTH.

PSE&G

SAP Security Consultant Newark, NJ

2008 -2009

SAP ECC 6.0

Assigned authorization groups to custom ABAP program using program RSCSAUTH and RSABAUTH to update table TPGP with authorization groups.

Worked with automatic profile generator (PFCG) in creating single roles, composite roles, and derived roles.

Followed key security standards such as maintaining check indicators in SU24 for authorization objects and transaction codes, putting proper controls in place for securing programs and tables.

Troubleshot authorization errors using Transaction Code SU53 and ST01.

Worked with ABAP developers for implementing authority checks in custom transaction codes.

Business Warehouse (BW) 3.5

Created roles to restrict access to InfoCubes, ODS Object, Queries and Cost center.

Troubleshot authorization-related problems using RSSMTRACE and ST01.

Created custom objects to secure roles by company code, plant and cost center.

Used BEx Analyzer to analyze and execute query using transaction code RRMX.

SPX Rochester, NY

SAP Security Consultant 2007–2008

SAP ECC 6.0

Restricted access to SE16/SM30 by creating table-specific custom transaction codes to table using SE93.

Monitored access to key authorization objects such as S_BTCH_ADM, S_ADMI_FCD, S_TABU_DIS, S_DEVELOP for debug access.

Assigned authorization groups to custom ABAP program using program RSCSAUTH and RSABAUTH to update table TPGP with authorization groups.

Worked with automatic profile generator (PFCG) in creating single roles, composite roles, and derived roles.

Followed key security standards such as maintaining check indicators in SU24 for authorization objects and transaction codes, putting proper controls in place for securing programs and tables.

Troubleshot authorization errors using Transaction Code SU53 and ST01.

Maintained check indicators for authorization objects in Transaction SU24.

Business Warehouse (BW) 3.5

Created roles to restrict access to InfoCubes, ODS Object, Queries and Cost center.

Troubleshot authorization-related problems using RSSMTRACE and ST01.

Created custom objects to secure roles by company code, plant and cost center.

Used BEx Analyzer to analyze and execute query using transaction code RRMX.

BI 7.0

Made InfoObjects and characteristics authorization relevant as needed using RSD1.

Assigned analysis authorizations access to users using authorization object S_RS_AUTH.

Troubleshot authorizations related issues.

Extensively used RSECADMIN tool to build analysis authorizations.

HR Security

Implemented structural-based authorization.

Carried out basic human resources configuration by setting up evaluation path.

Boost performance by indexing using programs RHBAUS02 & RHBAUS00.

Assigned structural profile to Users using program RHPROFLO.

Built security by tightly controlling objects P_ORIGIN, P_ABAP, etc.

GRC 5.3

Employed Access Enforcer for user provisioning and audit monitoring purposes.

Configured and extensively used Firefighter tool for emergency access and troubleshooting.

Ran VIRSA’s VRAT tool to find SOD conflicting roles and modify them according to requirements.

Utilized VIRSA’s Compliance Calibrator (VRAT) tool to verify requests for business correctness and test for any Segregation of Duties conflicts.

Assisted internal auditors in framing new rules for the combination of new Tcodes in ECC 6.0.

Additional Experience

Unilever, South Africa & India, Security Team Lead 2005-2007. Resolved authorization errors and generate profiles to ensure user privileges Created new roles and users by following the company’s standard process and procedures. Setup BW security for user Roles (query users, administrative users, and data extraction users). Created Custom Reporting Authorization Objects using transaction RSSM. Worked on security-based positions and structural authorizations. Implemented security for HR module at Personnel Area, InfoType levels, Employee Group level. Handled 16 member team in the project.

IBM,USA & India Assistant Manager 2004-2005. Worked closely with all project teams and reviewed current authorization processes and system setup to ensure security was incompliant with their policies and practices. Secured tables and programs by creating authorization groups. Analyzed Business scope, user Roles, and developed role matrices for better understanding of Security authorization plan. Worked on Segregation of Duties (SOD) conflicts. Handled 20 member team. Developed a Security Cutover plan and managed the various mock cutover and final cutover phases. Alongside, also managed integration test phases coordinating with all the team.

Unilever, South Africa & India, Security Team Lead 2003-2004. Planned, coordinated, and implemented SAP R/3 security infrastructure, and necessary authorizations to match business requirements. Created and modified single roles, composite roles and derived roles. Troubleshot authorizations issues using transaction SU53 and ST01. Maintained table USR40 for impermissible passwords. Provided authorization based on InfoCube level, queries, ODS objects. Created reporting Roles in BW 3.1 using transaction PFCG.

Education

IGNOU, Delhi, India

Master’s in Business Administration

Osmania University, Hyderabad, India

Master’s in Commerce

Certification

ITIL Certified

Certified in 6 sigma Black Belt



Contact this candidate