Sap Security
Resume:
Olawale Babalola
**** ********** ****, #*****, ****** Tx 75287 Cell: 972-***-****, Home: 972-***-****
**********@*****.***
________________________________________
Professional Summary:
* ***** *f SAP Security, GRC and control implementation involving all the major releases of SAP including ECC 5.0/6.0, VIRSA/GRC (CUP,RAR,ERM & SPM) Releases 4.0.5.0 and5.3 .Handled projects such as pre and post implementation, security and controls review from SOX Standpoint, SAP GRC implementation and advisory. Proficient in analyzing and translating business requirements to technical requirements in SAP. Thorough understanding of Segregation of Duty (SOD) concept with respect to SAP Security implementation and ITAR compliance. Solid Knowledge of the concept of roles, profiles and authorizations and their relationship. Experience in driving the Security Administration deliverables in ECC, CRM and BI. Familiarity and hands-on experience on GRC 10.0 Configuration. Solid verbal, written and interpersonal communication skills.
Accenture: 07/2009-Present
Client Engagement: Aerospace
Location: Centennial, Colorado
Period: 07/2011-08/2012
SAP Security Administrator
Follow standard business processes, approval mechanism in order to create user ID, set up roles [roles enhancement], and transport policy.
Create, change and maintain user master record as per standard Business processes which include creation of user in SAP production system, obtain approval from roles owners, assign respective roles to users in SAP Back end and in portal
Make use of Central User Administration [CUA] for user management
SAP GRC tool: RAR Module, simulate users before actual assignment in SAP.SOD violations found is mitigated by using mitigation control document.
SAP GRC tool: Fire fighter: Assign fire fighter ID to support user in order to support provisionally broad issue
Make use of role creation [Role Change Request] form in order to create a new role or make change to an excising role; Change Request Board approvals mandatory for transports. Simulate the role using GRC before moving changes to quality environment.
SOX Audit Report [Monthly], inactive SAP user
Generate monthly and quarterly report so it can be useful for SAP Security audits
Create/Modify user ID in Enterprise portals and connect to the Backend SAP Systems
Assigned roles to users in Enterprise Portal Applications
Make use of BI Analysis Authorization (RSECADMIN) to maintain security for reporting users and troubleshooting the reporting problems using RSECPROT
Enable/Disable of Analysis Authorization concept in BI component
Client Engagement: Global Manufacturing
Location: Dallas, Texas
Period: 02/2009-06/2011
SAP GRC/SAP Security Consultant
Responsible for the implementation of SAP GRC RAR 5.3 and SPM after successfully leading a complex redesign of existing SAP roles to reduce the risk associated with SOD and SOX violation.
Customized Role creation for SOX audit tool SAP GRC RAR for action and permission level SOD violations in roles for various business process and function.
Compared the Role based and ID based approaches for implementing GRC Firefighter and recommend the best approach to the client
Worked with SAP Security team and business process owners to identify Fire fighter ID (FFID), controllers, administrators and owners and mapped this in SPM 5.3
Created users and groups in portal system and assigned portal based group to users in DEV, QA and PRD.
Performed GRC pre-implementation checks and verified status of RTAs, IGS Server, Daemon Job, J2EE Server, SLD and JCO Connection.
Created customs and standard risk matrix
Liaise between GRC team and other teams- Security, Audit compliance
Served as technical subject matter resource to the client for SAP GRC 5.3
Client Engagement: Global Integrated Energy
Location: Houston, Texas
Period: 10/2007-12/2008
SAP GR Consultant
Implemented SAP GRC CUP for user provisioning
Configured Basic, Detour and parallel workflows
Imported Roles from back end systems and define role configuration
Set up Risk and analysis and mitigation
Set up email reminder
Developed and implemented process for monitoring reports from the security and audit perspective
GRC SPM logs
GRC SPM Login notification
Audit logs
Email alert for failed logons through solution manager
Streamlining the GRC SPM access
Maintaining non-dialog user’s credential
Performed SOD analysis on user’s credentials
Performed SOD analysis on user’s access using SAP GRC RAR
Supervised and supported the production support team in resolving production issues
Employer: DUS Technology
Client Engagement: Public Corporation
Location: Dallas, Texas
Period: 03/2007-09/2007
SAP Security Analyst
Performed the following activities for an upgrade project
Made use of transaction SU25 to compare SAP tables and customers tables of source and target release
Identify the roles with new authorization objects added and for which there are changes transactions
Manually maintain authorization data for all these roles ; maintain authorization values for new object depending upon the transactions provided in the role
Created test user I’d in CUA and performed security testing [positive and negative]; followed by user acceptance testing
Verified the roles, transaction codes and user master records in SAP 4.6C and SAP ECC 6.0 for appropriateness after an upgrade
Used profile generator [PFCG] for creation, modification of single roles, composite roles and derived roles in R/3
Utilized trace [ST01] results to identify the expected authorization values and incorporated them into the security roles after the upgrade
Create and Maintain roles for FI/CO, MM, HR modules
Utilize SE16 and SUIM to retrieve various data for team lead and managers as required
Develop best practices and procedures to simplify user administration and role maintenance
Client Engagement: Global Integrated Energy
Location: Tulsa, Oklahoma
Period: 05/2005-02/2007
SAP Security Administrator
Day to day implementation of security and administration of security in SAP production environment
Review of critical and sensitive authorization, implementing improvement to meet audit requirement
Performed user administration [create,lock,unlock, change and delete user account] using SU01, SU10
User account provisioning management using CUA
Troubleshooting existing user roles, authorization, security object, workflows and batch job to resolve issues in SAP Security role
Update transaction via SU24 [managing authorization object]
Find out missing authorization using SU53, ST01, SUIM report
Interfaced with the External SOX Auditor and involved in SOX Audit documentation and process involvement
Reviewed the security strategy and provided recommendations and provided recommendations for its implementation through the GRC access control suite
Developed Security recommendation plan and resolved Segregation of Duties [SOD] conflicts for the client
Set up Analysis Authorizations using transaction RSECADMIN in BI 7.0
Performed extensive role redesign for the IT and business users in the system
Transported the generated roles and profiles using SAP transport system
Reviewed and analyzed the deficiencies in the existing processes and recommend process improvement
Streamlined the user access request process by clearly defining the appropriate access for each functional team
Extensive use of the profile generator [PFCG] to design and modify roles in ECC
System Experience
Software: SAP 4.X, ECC 5.0&6.0, GRC 5.3&10.0, Solution Manager, CRM and Enterprise portal
Education
Bachelor of Electronics & Electrical Engineering [LAUTECH, Nigeria]
Training
SAP Security and User Administration, Cross ERP Security Training
Hands on training on VIRSA’S Compliance calibrator 4/5
Hands on training on GRC 5.3 [CUP, RAR, ERM & SPM] and GRC 10.0
Contact this candidate