Programmer analyst
Resume:
Gouri Sharma
Email: sfu2hp@r.postjobfree.com
Linked-in profile - http://ca.linkedin.com/pub/gauri-sharma/15/780/222
Contact# +1-647-***-****
Address: ***, ** ********* ****
Davisville,Toronto
Ontario Canada
M4V2B9
Career snapshot:
I am a skilled SAP Security and GRC professional with 5 years of experience and currently employed with Major IT giant ACCENTURE as an SME for SAP Security. I have worked on 4 implementations and am well versed with all the cycles of design, plan, build, implement and test of the implementation cycle of SAP Security. I have been honored with awards from major clients for successful implementation of SAP Security best practices in their
domains. I am also well versed with Audit Information Systems, License
management, GRC including RAR, SPM, CUP and ERM. Currently I am responsible for establishing the SAP Security Services for a new critical Pharma client for Accenture. This entails engaging clients, providing consulting for improved business services, proposing and developing automation, streamlining and re-organizing SAP Security design and performing as Single Point of Contact and Team Lead.
Key Points:
1) Worked on 4 implementations and well versed with complete life cycle of SAP Security implementation
2) Youngest Lead in Infosys.
3) Awarded for Innovation and performance by Organization and also the Employer
4) Automated various processes for SAP Security Practices. Examples include automating process of creating derived roles and filling org values, default locking of inactive users taking into consideration specific client requirements.
5) Worked on the enhancement and development of SAP Security Workbench tool to include user administration, role management, and compliance with GRC, SOD Checks and also up gradation of the Tool to be compatible with BI Environment also.
6) Worked as SME for SAP Security involving complete redesign and re-organization of SAP Security strategy for a Client
AWARDS:
Sno Organization/Customer Award Contribution
1 KRAFT foods Outstanding work for APAC Implementation Cut the security implementation time by fifty percent by developing new tools and automation.
Innovations:
Sno Organization/Customer Details
1 Infosys Automated Security Role creation by developing a tool. This tool reduced the work required for customer implementation
Experience:
SNo Company Duration Designation Comments
1 Accenture Services Pvt Ltd, Pune Jan 2010 onwards Analyst Programmer Established most stable service for the client. Security Service selected as POC for move to managed services. Excellent service led to increase in business from Client to cover BI, CRM. SRM, Legacy environments. Acted as SPOC for the Client and total dependency of the project interaction and implementation.
2 Infosys Technologies, Chandigarh Jul 08 to Jan 2010 Programmer Analyst Among youngest leads of Infosys.
Awarded by KRAFT foods for outstanding work for their APAC Implementation.
3 Larsen and Toubro InfoTech Limited, Mumbai Oct 2005 to Dec 2007 Software engineer
Projects:
April 2010 onwards
Organization : Accenture Technologies, Pune
Customer : UCB Pharma
Responsibilities:
• Leading the Security and Authorization team for UCB Pharma
• Responsible for initializing this Service for Accenture, Pune and signing of Scope of Work with the Client directly during the onsite Visit
• Successfully defined the Standard operating procedures and best practices for Security and Authorization services to be serviced out of Accenture, Pune
• Team lead activities involve client interaction, status reporting, establishing the Key performance Indicators for the Services, handling open escalations with the client
• Security and Authorization project is seen as pilot for Costing model changes and achievement of 100 % KPI compliance
• Team management activities, resource estimation and building, shared service model structure based activities, coordination 100% compliance with SLAs
• S&A Service established new SLAs with the client based on their outstanding performance
• User administration, role management, locking of inactive users, termination of obsolete users, role modifications, role creations, maintenance of SLAs
• License Management activities using SLAW performed on a monthly basis
• Automated the Inactive User locking process and led to increase in performance and eliminated human errors.
• Exposure to REMEDY tool for handling Service requests, Incidents and Change requests.
• Phase 2 of this project extended to production support for GRC suite including the handling of user provisioning using CUP(Compliant User provisioning) and controlled Emergency access through SPM(Superuser Privilege Management).
• SOD violations check and risk analysis to be integrated in the role designing and user assignment phase using RAR(Risk analysis and remediation).
• Role management is then planned to be handled through ERM for better SOD violation check and improved exhaustive documentation.
Aug 2010 to Dec 2010
Organization : Accenture Technologies, Pune
Customer : CPS Color, Italy
Role : Subject Matter Expert
Responsibilities:
• Role design and Implementation project for CPS Color SAP Security Implementation for Italy and India
• Collaboration with Business users and end users and understanding of the business model and organizational level structure of CPS to design the blueprint of Security Implementation
• Design and build of template roles, authorization strategy, SOD violation mitigation strategy, testing strategy and transport techniques
• Assessment of effort estimations and resource planning for the CPS implementation
• Build and implementation of template roles, derived roles, authorizations and organizational level mapping based on the business model
• Testing of role structure and SOD violations for Integration testing and support during Cutover Phase
• User master maintenance , transport management through STMS and Client copy activities
• Exposure to RTR, OTC, STP and PLM business process for role designing
• Troubleshooting activities for Authorization issues and Intensive support to users and testers with direct collaboration with the end users and Business users
• Consulting and advisory activities for management to decide the various go live practices and strategies for this Implementation
Jan 2010 – March 2010
Organization : Accenture Technologies, Pune
Customer : Metler – Audit Information Systems (AIS)
Responsibilities:
• Implementation, analysis and reporting through Audit Information Systems(AIS).
• Implementing and working on menu based and authorization based roles and set up roles for system and business auditors.
• Reporting and analysis using AIS for the purpose of SOX audits and setting up Static and Dynamic filters.
• Working on SAP Audit Information System and other SAP Security Monitoring Tools.
• Controlling access to transaction codes, tables, programs and reports.
• Customizing role maintenance tools in my SAP through SU24.
• Using the Security Audit log and CCMS monitoring.
• Overseeing application logging, workflow logging, change document logging, table data changes logging, transport logs, HR reports.
• Using system trace tool for Auditing purposes.
Jan 2009 – Jan 2010
Organization : Infosys Technologies, Chandigarh
Customer : Kraft APAC Security Implementation
Responsibilities:
• Implementation involves sap security implementation for APAC Landscape comprising Indonesia, Australia, Taiwan, China, Philippines, Thailand, Singapore and Malaysia.
• Design of Composite Job Role mapping and mapping it to the user positions in Kraft for the specific country taking care of the global template of Kraft as well as Local considerations of the country of implementation.
• Defining Job role descriptions for all the master roles based on which the Job role to single role mapping was done as per the position of each user.
• Upload of Master Roles and mapping to user positions based on transactions contained in them.
• Deriving Derived Roles from these roles and restricting them at the suggested organization levels.
• Design of the organization level mapping sheet along with Business team of client for all regions of APAC implementation and various business process of RTR, STP, MTI and OTC.
• Worked with Internal controls and SME team directly to consolidate the matrix of organization level mapping, job role mapping and user mapping.
• Involved with internal controls for Segregation of Duties (SOD) conflicts analysis.
• Analysis of sensitive transactions and restricting their access.
• Analysis of restricting critical financial data like cost center, profit center, GL transactions in the roles.
• Streamlined the critical access of Master Data Maintenance across the various organization levels of the country of implementation. Various recommendations to streamline job role to user mapping in the area of STP and OTC were highly appreciated like suggestions to map responsibilities according to the Kraft job position or title of the user and not to the person itself as its ever changing. So that the same position across the APAC region has similar access and responsibilities.
• Cleaning of existing Master Roles for the values of Activity, Movement Type and Document Type so that the derived roles don’t have unintended unrestricted access.
• Creation of Job Roles and users and assigning these roles to respective user ID.
• Development of ecatt scripts for creation of users for various countries in APAC landscape and running scripts to assign roles to them which minimizes the need for manual role and user addition.
• Automation comprising development of an ABAP program that creates the derived roles and generates their profiles automatically and populates their organization values as well. This program reduced time and effort in building derived roles by 70% and was highly appreciated.
• This ABAP program can also be used to correct organization values of derived roles built if and when required by simply giving inputs through a CSV file input.
• Resolving Authorization Issues on a daily basis involving provisioning issues, role and transaction authorizations. Authorization analysis is done based on interaction with the end user, SU53 dumps, running the trace ST01 and SUIM analysis as required.
• Assigning and analyzing extra roles to the users as per requests.
• Responsible for daily security checks, monitoring unsuccessful logons, inactive users.
• Display & Maintain Update records and lock entries.
• Worked with analyzing data using AGR* and USR* tables for various requirements.
• Role maintenance activities like addition of access to the users and at the same time taking care of Permission creep in the roles.
• Preparation and design of test plan and documenting it for the testers, creation of Test IDs, Identification of tes t scripts to be run by the testers and the complete process of recording of their test results during integration testing.
• Setting up of CUA (Central User Administration) client to centralize the provisioning process and maintain user master records centrally in one system.
• Building of Hypercare, Emergency and Cutover Roles for the implementation.
• Defining of the Support process that was followed by the client after go-live and during pre production as well as production support phases of the implementation. This involved defining processes that were followed by client in areas of provisioning, de-provisioning, role access and transaction access changes, necessary approvals and SOD analysis.
• Worked on Approva tool (Similar to VIRSA) for provisioning process, de-provisioning and role creation activities.
• Worked on SD4 and SM7 ticketing tools for managing the production support activities after Go-Live.
• Defining metrics for the overall performance evaluation based on Schedule deviation, effort deviation and timesheet compliance.
• Mentoring of team members and driving them and myself to achieve professional as well as personal career goals.
July 2008 – Dec 2008
Organization : Infosys Technologies, Chandigarh
Customer : Novartis Security and GRC Production Support
Responsibilities:
• SAP Security and GRC Production Support activities involved overseeing the Security as well as GRC Access Suite including ERM(Enterprise Role Management),CUP(Compliant User Provisioning),SPM(SuperUser Provisioning Management) and RAR(Risk Analysis and Remediation).
• Segregation of duties analysis and simulation using RAR.
• Development of ecatt scripts to automate various tasks like mass password reset,unlocking of users,assigning roles in EBP (SRM) systems.
• Used SM7 as ticketing tool and familiar with RIR(Incident) and RFC(Change request) resolution.
• Followed change management process using Rev Trac
• Used SPM for monitoring use of Firefighter ID’s and managing and auditing superuser access.
• CUP or Access Enforcer was used for provisioning purposes. Involved in maintenance issues.
• ERM was used not only to build compliant roles but also for providing detailed documentation for Audit purposes.
• Direct interaction with end users for resolution of production support tickets within the supported SLA. Also, communication to run trace tools for troubleshooting as well gaining testing evidence as a part of QA approval to move the changes to Production.
• Interaction with Internal controls to get their approvals before moving the role into Production. Also, this was done for SOD analysis and checks.
• Interaction with Role and Business owners to gain approvals for assigning the specified roles to the users as per the business justification.
Aug 2006 – Dec, 2007
Organization : Larsen and Toubro InfoTech Limited
Customer : Procter and Gamble Security GRC Implementation
Responsibilities:
• Experience on Virsa Access control Suite.
• Worked on Risk analysis and remediation(Compliance Calibrator(VIRSA)) to define rule matrices and get information about all user access and risk summary. This was for the SOD (segregation of duties) analysis and simulation.
• Worked on Enterprise role management (ERM ,formerly Role Expert of VIRSA) to maintain role definitions,authorizations and documentation.
• Worked on Superuser privilege management to define Superuser access and firefighter IDs and owners to manage firefight ID access.
• Worked on Compliant User provisioning for automated provisioning access control.
• Maintenance of Authorization Groups and Roles as defined by the Rule Matrices and Workflows.
• Implement authorization groups or embedded authorization into SAP custom programs.
• Upgrade procedure involved making adjustments to user and role administration.
• Involved in converting profiles that were manually created to Roles using SU25.These roles are then derived and organization levels have to be maintained in the derived roles.
• Report trees structure was changed in SAP R/3 release 4.6B therefore report trees needed to be migrated to put reports in the user menu in the role maintenance.
• Check Indicators and field values need to be compared after upgrade. After a Release upgrade, default check indicators and the field values of the previous and new Release were compared by calling Transaction SU25.
• After the upgrade, SAP_NEW_* profiles from the composite profile SAP_NEW for releases before the last revision of authorization concept were deleted and SAP_NEW composite profile was assigned to all users. This means that they can continue to use the functions that they have used until now.
• Job Role creation and user set up and mapping these job roles to users.
• During Production support phase, resolving Authorization Issues on a daily basis involving provisioning issues, role and transaction authorizations. Authorization analysis is done based on interaction with the end user,SU53 dumps, running the trace ST01 and SUIM analysis as required.
• Worked on SD4 as ticketing tool to manage production support tickets and approvals.
Oct 2005– July, 2006
Organization : Larsen and Toubro InfoTech Limited
Customer : Gillette CCM (Catalog content management) and security implementation
Responsibilities:
• Worked on SOX Audit for GILLETTE, USA to achieve SOX Certification.
• Analysis work for security on SAP custom tables and SAP custom programs.
• Implement authorization groups or embedded authorization into SAP custom programs.
• Administration of Bugs eye and emerge for Catalog content management (CCM).
• Loading/Exporting of catalogs in Bugseye(hosting) and emerge(staging)
• Analyzing catalog load errors and content quality
• Handling processing of catalogs from the APAC, North America and EMEA regions according to the client interaction.
• Day To Day Production Support Activity involving code correction, notes application, customization to existing programs, user exits, business add-ins, sapscripts, smartforms, Debugging etc.
• Handled the project as a quality leader that included Monitoring and reviewing MAP (metric action plan), Review of PAL (project action plan), managing the Risk monitoring log, Issue log and Defect prevention log.
• Faced ISO audit and received ISO 9000:2001 certification.
• Security Implementation activities from blueprinting phase through implementation phase through testing and cutover phase and finally agter go live support phase.
• Creation of master and derived roles based on the blueprint document.
• Design of Composite Job Role mapping and mapping it to the user positions.
• Creation of Job Roles and users and assigning these roles to respective user ID.
• Involved in training of users.country leads and role owners in troubleshooting activities to enable them in smoother processing and routing of security related tickets during hypercare and cutover phase.
• Worked on Solman as ticketing tool to monitor tickets and provide production support after go live.
• Preparation and design of test plan and documenting it for the testers, creation of Test IDs, Identification of test scripts to be run by the testers and the complete process of recording of their test results during integration testing.
• Building of Hypercare, Emergency and Cutover Roles for the implementation.
EDUCATION:
• Bachelor of Engineering in Electronics and communication from Mody college of Engineering and Technology,Rajasthan with 70% aggregate.
• All India Senior School Certificate Examination(CBSE 12th) with 83.8 % Aggregate from Bhavan Vidyalaya, Chandigarh
• All India Secondary School Examination(CBSE 10th) with 92.2 % Aggregate from Bhavan Vidyalaya, Chandigarh.1st rank in school and 7th in Chandigarh.
CERTIFICATIONS:
• Microsoft Certified Professional with 100% score.
Objective:
• To establish myself as an industry expert in SAP security and solve new challenges through innovation and process optimization.
Contact this candidate