SAP Security & GRC Program Lead
Resume:
SAMEERA HUSSAIN
Cel: 630-***-****
SUMMARY
SAP Technical Lead with over 13 years of global experience spanning SAP Security, Cloud Security, GRC Access Control, SOX/J-SOX Compliance, Access Recertification, and Enterprise Authorization Governance. Proven leader in SAP governance, security, and compliance frameworks aligned with enterprise IT standards. Deep expertise across SAP S/4HANA implementations, S/4 conversions, SAP security audits, role design, cutover leadership, infrastructure-layer controls, and end-to-end project execution. Strong ability to translate functional and finance transformation requirements into scalable, compliant technical architectures that reduce risk and enable global business transformation.
Core Skills & Certifications
SAP GRC Certified – Access Control (ARA, ARM, EAM, BRM)
SAP Security Design & Role Build: S/4HANA, Fiori, ECC, BW, PI, MDG, GTS, CRM, SRM, SuccessFactors, IDM, SOLMAN, BOBJ, CHARM
SAP access management, role design, Segregation of Duties (SoD), and Firefighter (EAM) controls ownership
S/4HANA conversion, security remediation, redesign, SU24 optimization
SAP Fiori Governance: Catalogs, Tiles, Target Mapping, Launchpad configuration
SAP HANA Repository/Catalog Security, Privilege Design & User Provisioning
SOX, J-SOX, GXP, SOC1/SOC2, ITGC audits, SoD risk remediation, mitigating controls, rulebook optimization
SAP Solution Manager ALM, application lifecycle, change and release management
Technical Cutover Management for SAP deployments
SAP Cloud Security (GCP): IAM, Audit Logs, Data Retention Policies, Compliance
Security Policies, Procedures, Global Design Standards & Audit Readiness
RPA security automation delivery, ECATT scripting, mass updates
Cloud Security Principles, Regulatory Frameworks, AR/UAR & Risk and Control Matrix (RCM) oversight
System integration delivery across configuration, testing, and deployment
PROFESSIONAL EXPERIENCE
Roche – Authorization Deployment Lead
San Francisco, CA June 2025 – Present
Leading ASPIRE SAP Security Authorization Governance and SOD Control framework across global programs.
Responsible for maintaining SAP, GRC, and Cloud-based security features while ensuring integrity of application, database, and infrastructure security design.
Conduct gap analysis and security assessments to drive improvements in SAP and Cloud solutions.
Design and configure security in SAP S/4HANA, Fiori, SOLMAN, PO, and GTS to meet enterprise requirements.
Partner with SAP COE Leader, project teams, and business users to support security configuration, unit testing, integration/UAT, and cutover readiness.
Implement and manage GRC Access Control, ARM/EAM/ARA workflows, and risk reporting.
Configure and validate GCP Cloud Audit Logs and retention policies to align with internal compliance standards.
Create and execute Security Test Scripts for sanity checks across SAP landscapes.
Manage daily security governance tasks, participate in cross-functional IT strategy alignment, and collaborate with vendors to ensure secure implementations.
Perform SOD & BCA analysis at Business Role and Business User level and support remediation.
Ensure controls remain effective per Risk and Control Matrix; support internal & external audit reviews.
Led role design for S/4HANA, ECC, Fiori, SuccessFactors, BW, PI, MDG, CRM, SRM, GTS, IDM, BOBJ, CHARM.
Completed HANA Repository/Catalog security builds and validated end-to-end provisioning model.
Auto Plus – SAP Security & GRC Architect
Southfield, MI April 2017 – June 2025
Led SAP Security & GRC operations, including Role Management, AR/UAR cycles, SOD monitoring, and global security roadmap.
Executed semi-annual User Access Recertification and managed ITGC controls across SOX requirements.
Primary ITGC audit lead for SOX evidence, walkthroughs, and SAP Security control testing.
Built security documentation, policies, and SOX-aligned procedures for production and audit cycles.
Developed RPA automation for risk analysis reporting, reducing effort by approximately 1,200 hours annually.
Integrated SAP Solution Manager ALM – change requests, defect lifecycle, service items.
Hands-on: SU24 maintenance, license user classification, mass provisioning, role build, ECATT scripting.
Reviewed SOC1/SOC2 reports and documented required controls for cloud-hosted applications.
DTE Energy – SAP GRC/Security Consultant
Detroit, MI March 2016 – April 2017
Re-designed the Global SAP Security model, reducing role development by 95% and business roles by 80% while maintaining full functionality.
Implemented & configured SAP GRC AC 10.0 (ARA, ARM, EAM).
Delivered production support for user/role provisioning and authorization changes.
Created ECATT scripts for mass user and role updates.
Resolved defects via HPQC and supported change/transport processes.
Accenture Ltd. – SAP Security & GRC Specialist (Associate Manager)
Chicago, IL March 2012 – March 2016
GRC Lead for full-cycle design & implementation of SAP GRC AC 10.0 (ARA, ARM, EAM, BRM).
Partnered with Internal Audit to develop SOX compliance strategy and resolve SOD issues.
Led requirements workshops and coordinated role design across functional teams.
SME Role Designer for SADARA (Saudi Aramco/DOW) covering EHS, SD, MM, FICO, HCM, PM.
Designed end-to-end security for OTC and PMLA modules.
Expertise in authorization objects, SU24 optimization, check indicators, and mass transports.
Delivered ECATT-based automation for user maintenance and mass role assignments.
EDUCATION
MS in Advanced Systems Management.
Bachelor’s degree in science
KEY CAPABILITIES & VALUE ADD
Lead enterprise SAP governance, security, and compliance programs across on-prem and cloud platforms.
Trusted owner of SAP access management, SoD, Firefighter, and ITGC controls.
Proven audit partner ensuring compliance, remediation, and control sustainability.
Strong leadership in S/4HANA upgrades, process design, and finance transformation initiatives.
Expertise in SAP application lifecycle, integration delivery, and release management.
Ability to resolve critical production issues in SAP on GCP, Fiori, S/4HANA, and SAP HANA environments.
Analytical, results-driven leader trusted by business, IT, and audit stakeholders.
Contact this candidate