Keywords
Skills
- Managing Consultant for SAP GRC Access Control 5.3 and GRC 10.0/GRC10.1
- Hands on Experience in creating mitigating control, control owners & mitigating control monitors in GRC 5.3 and GRC 10.0/GRC10.1.
- Applied Segregation of Duties (SOD) within all SAP Implementations.
- Configured the ARM workflow, stages, approval step in GRC 10.0/10/1/5/3.
- Configuration of HR Triggers in GRC 5.3 CUP
- Responsible for maintaining the GRC Rule set in GRC 5.3/10.1
- GRC10.1-SUN IDM Integration
- GRC 10.1 Access control and process control integration
- Creation of Fire Fighter ids for support user and linking their base ids and FF ids through GRC (SPM/EAM).
- Involved in SOX Risks remediation Project and completed it successfully.
- Experience with ECC, APO, HR, Sol Man Security
- Managed ECC upgrade projects.
Project history
Presently working with Accenture Services Pvt Ltd from 3rdAugust 09 till date.
Client Caltex (4th January 2016 –till date)
Posting Australia (Sydney-28th May 2016-1st Jan 2017), New Delhi (India-Currently in India)
Designation SAP Security/GRC Access Control-Project Manager
Posting Gurgaon (Delhi)
Designation SAP GRCAC 10.1 Implementation lead (Associate Manager)
Solution Environment: SAP ECC 6.0, SAP Net Weaver BI 7.0, SAP Enterprise Portal 7.0, WIN XP, GRC Access Control 5.3, GRC 10.0,GRC10.1 CHARM (Sol Man 7.0)
Job Profile:
Posting: Sulzbach (Germany)
Designation: SAP Security/GRC Delivery lead (Associate Manager)
Tools: SMS (Service Management Suite), MS Outlook 7.0, ARIS, Remedy tool, HPQC
Solution Environment: SAP ECC 6.0, SAP Net Weaver BI 7.0, SAP Enterprise Portal 7.0, WIN XP, GRC Access Control 5.3, GRC 10.0, CHARM (Sol Man 7.0)
Job Profile:
Posting: Accenture Malaysia, Kuala Lumpur/Singapore (23rd June 2010-21st Sep2012), Accenture India (22nd Sep 2012-4th Nov 2013)
Designation: SAP Security Specialist (Senior SAP Consultant-Associate Manager)
Job Profile:
Client: BHP Billiton – Australia
Posting: Mumbai (India), Singapore
Designation: Senior Software Engineer (SAP Security)
Job Profile:
Designation: Operations Specialist (SAP Security)
Posting: Chennai(India)
Tools: Lotus Notes Data base 7.0, UniCentre Service plus Service Desk (USPSD).
Solution Environment: SAP 4.6 C & 4.7, SAP Enterprise Portal, WIN XP.
Job Profile:
Client: KPMG, USA (IT Advisory and Audit)
Posting: Bangalore(India)
Designation: Associate (IT Auditor).
Job Profile:
From 29th may 06 to 19th October 07.
Client: Delphi GEAS Support/Maintenance- North American Competency Centre, Troy. USA
Posting: Bangalore(India)
Designation: ERP Associate {SAP Security & Basis Administration}.
Tools: Service Centre (Peregrine), Magic, SAP Web Tools, Virsa tools (VRAT), Microsoft Outlook, LLMW Status 6.0, Lotus Notes Database.
Solution
Environnent: SAP 4.6 C & 4.7, HP UNIX, WIN XP
Job Profile:
Client Caltex (4th January 2016 –till date)
Posting Australia (Sydney-28th May 2016-1st Jan 2017), New Delhi (India-Currently in India)
Designation SAP Security/GRC Access Control-Project Manager
- Streamlining the SAP Security Procedure and Policies.
- Managed the account planning by providing an approach, estimates and implementation plan as part of a GRC Access Control proposal.
- Managing and leading the offshore SAP Security/GRC AC delivery model for the customer.
- Managing the configuration and design of Segregation of duties risk and designing the controls for the same.
- Requirement gathering with client and preparation of Risk framework and internal controls
- Management reporting of the weekly status of the task handled by team and attending review meeting with the key stake holders.
Posting Gurgaon (Delhi)
Designation SAP GRCAC 10.1 Implementation lead (Associate Manager)
Solution Environment: SAP ECC 6.0, SAP Net Weaver BI 7.0, SAP Enterprise Portal 7.0, WIN XP, GRC Access Control 5.3, GRC 10.0,GRC10.1 CHARM (Sol Man 7.0)
Job Profile:
- Leading the implementation of GRC 10.1 Access Control(ARM.ARA,EAM,BRM )
- Import of all technical roles in BRM and creation of business roles and responsible for the mapping of portal roles to them.
- Managing the setting up of the connection b/w SUN IDM myAccess with the GRC 10.1 to support the user provisioning landscape for SAP.
- Involved in Design and preparation of Client blue print (ARIS L4 and L5step).
- Requirement gathering with client and preparation of process documentation and configuration rationale
- Managing and leading the offshore SAP Security delivery model for the customer.
- Accountable for creation of test scripts for GRC 10.1 Access Request process.
- Weekly Management reporting of the current status of the project and attending GATE review meeting with the key stake holders.
Posting: Sulzbach (Germany)
Designation: SAP Security/GRC Delivery lead (Associate Manager)
Tools: SMS (Service Management Suite), MS Outlook 7.0, ARIS, Remedy tool, HPQC
Solution Environment: SAP ECC 6.0, SAP Net Weaver BI 7.0, SAP Enterprise Portal 7.0, WIN XP, GRC Access Control 5.3, GRC 10.0, CHARM (Sol Man 7.0)
Job Profile:
- Implementation of SAP Security for EMEA/LATAM/ASIA/NORAM regions.
- Involved in Design and preparation of Client blue print
- Worked in design of process controls and access control for the client.
- Managing the project for automation of role assignment for Standard HR JOBS.
- Helped the client to define the SOD matrix rule set and making the business understand the rules set and its importance in daily business.
Posting: Accenture Malaysia, Kuala Lumpur/Singapore (23rd June 2010-21st Sep2012), Accenture India (22nd Sep 2012-4th Nov 2013)
Designation: SAP Security Specialist (Senior SAP Consultant-Associate Manager)
Job Profile:
- Leading and managing the onshore and offshore team
- Responsible for maintaining the blue print for SAP Security and Enterprise Portal.
- Managing Configuration of GRC RAR and CUP IN GRC 5.3
- Involved in the Business Impact Analysis of Security (Involving Portal Security) change in SAP.
- Responsible for Risk Analysis & Mitigation in GRC 5.3/10.0
- Working with different functional architects/Business leads to mitigate the Critical risks in the respective functional area.
- Responsible for maintaining QRG (Quick reference Guide) for GRC 5.3/10.0 to help the business to understand the risk and controls.
- Responsible for maintaining the GRC Rule set.
- Acting as SME for Accenture India SAP Security team (Related to Project) and helping them in resolving the issues related to project.
- Updating and Managing ARIS Governance in case of any changes in business blue print for security.
- Attending the weekly CAB (Change Advisory Board) meeting and approving the change requests in security area.
- Involved in Staging project and Defining the process of user provisioning across staging environment.
- Part of many SAP Security Initiative projects and also part of Go-Live Support to the business.
Client: BHP Billiton – Australia
Posting: Mumbai (India), Singapore
Designation: Senior Software Engineer (SAP Security)
Job Profile:
- Responsible for SAP Security Support and managing the incidents across the landscape in position based security set up.
- Responsible for creating single roles/Composite role as per business requirements and transporting across landscape
- Running Risk analysis on monthly basis and sharing the report with business in case of any risk
- Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements and configuration/Support of GRC components including CUP, RAR, and SPM.
- Create the mitigating control owners & mitigating control monitors and business units, functions in RAR.
- Configured the workflow and approval step in GRC CUP.
- Responsible for creating and administering user request in GRC CUP and provisioning them in landscape
- Creation of Fire Fighter ids for support user and linking their base ids and FF ids through GRC (SPM).
- SAP Net weaver Portal User Administration
- Trouble shooting HR Trigger failure and also getting the necessary details updated in HR system if needed.
- Manually provisioning users in HR systems and assigning roles to their position.
- Checking user HR data in HR system through virsa tables and communication info type if maintained for the users
- Handling the Security team and managing the inflow of incidents and change requests and reporting to higher management on weekly basis.
- Involved in SOX Risks remediation Project and completed it successfully.
Designation: Operations Specialist (SAP Security)
Posting: Chennai(India)
Tools: Lotus Notes Data base 7.0, UniCentre Service plus Service Desk (USPSD).
Solution Environment: SAP 4.6 C & 4.7, SAP Enterprise Portal, WIN XP.
Job Profile:
- Responsible for the user management and trouble shooting SAP Security issues in SAP R/3 across different instances. (Production, Development and Quality).
- Handling user provisioning in SAP Central user administration.
- Helping the end users to get the correct base role in SAP R/3.
- Handling user administration (addition and role modification) in SAP Enterprise portal.
- Assigning base roles to the users and suspending the users in the Enterprise portal and CUA on daily basis.
- Tracing missing authorizations of the user using su53 and st01.
- Working on security change requests and also responsible for adding missing authorization or transaction code in a base role using PFCG.
- Responsible for Additions, deletions and role modifications on SAP R/3 on daily basis.
- Working on Central user logs (SCUL) and resolving the errors in user creation.
- Responsible for creating user groups (SUGR) and assigning requested query groups to the user (SQ03).
- Responsible for generating the user account across SAP System for license audit.
- Handling of users request across development, production, test, quality systems.
- Responsible for taking out the reports of users with critical authorizations, users count in production, development and quality systems.
- Resolution of tickets logged through Global Helpdesk.
- Responsible for opening OSS connection and creation of OSS developer keys and object access keys.
- Monitoring and responsible for deleting the locked tables using sm12.
- Working directly with the super user to resolve the SOD conflicts for the end users.
- Responsible for creation/modifying user on the Active Directory. Responsible for creation of home folders for the user manually in the domain.
- Creating Secure ID on RSA Server and testing it to verify the accuracy of the access.
- Responsible for updating the user database in lotus notes (creation/deletion).
- Working with external and internal auditors to generate the report across all the systems.
Client: KPMG, USA (IT Advisory and Audit)
Posting: Bangalore(India)
Designation: Associate (IT Auditor).
Job Profile:
- Designing the IT and Security Control elements in SAP R/3 and mapping it with ITGC.
- Testing the SAP R/3 IT controls.
- Analyzing the IT controls and testing specifications in SAP R/3 and sending the report to the US engagement team.
- Took the task to reviews and investigate documents.
- Develop an understanding of IT Audit approaches, methodologies & tools.
- Evaluate the design and operating effectiveness of technology controls based on the testing results.
- Mapping the SAP R/3 controls to ITGC and evaluating the same.
- Testing the SAP R/3 IT Controls. Sending the review reports to the client.
- Helping the KPMG, US Team evaluate controls & designs in order to prepare the TOD & TOE.
- Assist in the support and execution of IT Audit and Attestation engagements delivering quality service.
- Prepare summary of findings reports to support technology control assessment.
- Review of deliverables to help ensure that agreed upon quality standards are met
From 29th may 06 to 19th October 07.
Client: Delphi GEAS Support/Maintenance- North American Competency Centre, Troy. USA
Posting: Bangalore(India)
Designation: ERP Associate {SAP Security & Basis Administration}.
Tools: Service Centre (Peregrine), Magic, SAP Web Tools, Virsa tools (VRAT), Microsoft Outlook, LLMW Status 6.0, Lotus Notes Database.
Solution
Environnent: SAP 4.6 C & 4.7, HP UNIX, WIN XP
Job Profile:
- Trouble shooting in the Area of Label Management Activities &SAP security Issues.
- Administration of SAP USER’S production, development & quality requests.
- Have a basic understanding of SAP security approach, SOX and authorization concept (transaction codes, base roles, derived roles, composite roles and functional user groups)
- Helping the users to get the needed role according to their daily job functions.
- Helping the user in tracking the missing authorizations for their access and adding them by following security procedures.
- Used extensively in-house developed tools, VRAT & SAP tools for analyzing SOD conflict, mitigating controls and roles assignments to users.
- Checking the analysis and management reports in VRAT and forwarding it to client for analysis.
- Client provided tool is SAP, where the security, Label printing and Role modification are performed on a daily basis
- Responsible for transports through HP UNIX server in Toronto.
- Analyzing ABAP dumps, sys log and subsequent follow up with module/development staff to rectify errors.
- Responsible for monitoring critical Interface for the IDOCs through Cross world server.
- Responsible for kicking off the user.
- Letting a helping hand in security audit for the client.
- Resolution of tickets logged through Global Delphi Helpdesk.
Local Availability
Only available in these countries:
India
Ok for 50-70% travel
Other
SAP senior consultant with 11 years of global SAP consulting experience. Currently Security & Authorizations lead for projects, leading the implementation and configuration of GRC Access Control 10.1 as well as security role design and build.
Has delivered SAP Security & Authorizations solutions to top tier companies in Chemical, Oil& Gas and transportation industries. Has done onsite implementations for clients in Asia, Australia, North America and EMEA markets. Has led the deployment of SAP Solution Manager globally.
Has delivered over 3 full cycle implementations. Experience in SAP Security & Authorizations, GRC Access Control 5.3/10.0/10.1 and Identity Management encompasses SAP ECC 6.0, BI 7.0, , NetWeaver Portal. Modules include FI/CO, MM, HR, WM, PP, QM, SD, BW, PI, CRM. Has experience in Security & Authorizations implementations for industry solutions for Utilities.
GRC AC 10.1 experience includes configuration and implementation of Access Controls including Access Risk Analysis and Mitigation. Knowledge on Emergency Access Management, Access Request Management and Business Role Management. Security & Authorizations experience includes role design and build via PFCG, issue investigation via trace analysis, user management via SAP Identity Management, application support within ITIL standards. Also, familiar with non-SAP applications like Tivoli Identity Management.
Was the Security SME and was instrumental to the SAP RePlatforming project. This was a critical project for Oil and Gas Customer migrating all of their 14 SAP applications (including non-Production and Production) to Azure cloud.
Experience in dealing with requirements for SOX, ISO 27001.
Has led and managed teams of consultants while performing various roles such as Project Manager, SAP Security Architect SME, Team Leader, Global Training Owner, Process Owner.
Onsite consulting experience in Australia, Germany, Singapore, Malaysia.
Has delivered SAP Security & Authorizations solutions to top tier companies in Chemical, Oil& Gas and transportation industries. Has done onsite implementations for clients in Asia, Australia, North America and EMEA markets. Has led the deployment of SAP Solution Manager globally.
Has delivered over 3 full cycle implementations. Experience in SAP Security & Authorizations, GRC Access Control 5.3/10.0/10.1 and Identity Management encompasses SAP ECC 6.0, BI 7.0, , NetWeaver Portal. Modules include FI/CO, MM, HR, WM, PP, QM, SD, BW, PI, CRM. Has experience in Security & Authorizations implementations for industry solutions for Utilities.
GRC AC 10.1 experience includes configuration and implementation of Access Controls including Access Risk Analysis and Mitigation. Knowledge on Emergency Access Management, Access Request Management and Business Role Management. Security & Authorizations experience includes role design and build via PFCG, issue investigation via trace analysis, user management via SAP Identity Management, application support within ITIL standards. Also, familiar with non-SAP applications like Tivoli Identity Management.
Was the Security SME and was instrumental to the SAP RePlatforming project. This was a critical project for Oil and Gas Customer migrating all of their 14 SAP applications (including non-Production and Production) to Azure cloud.
Experience in dealing with requirements for SOX, ISO 27001.
Has led and managed teams of consultants while performing various roles such as Project Manager, SAP Security Architect SME, Team Leader, Global Training Owner, Process Owner.
Onsite consulting experience in Australia, Germany, Singapore, Malaysia.
