Keywords
Auditing
Regulatory Compliance
SAP Applications
National Institute of Standards and Technology (NIST)
Controles de Acceso
Advanced Cardiovascular Life Support (ACLS)
Amazon Web Services
Authentications
Disaster Recovery
System Monitor
Skills
SAP User and Role maintenance, ITGCs, Walkthrough, Management Directives - Policies, Standard and Procedures, Internal Audit, SOX, Disaster Recovery, SOC Review, HIPAA, PCI DSS, NIST RMF, NIST CSF, ISO27001, TPRM, Authentication and Access Control, Vulnerability Assessment, System Monitoring & Regulatory Compliance, Risk Management and Segregation of Duty (SOD).
- SAP
- Teammate
- ACL
- RSA archer
- ServiceNow
- Oracle
- AWS Security
- MS Office.
Project history
SAP SECURITY CONSULTANT August 2018 - Till Present (Contract)
- Design, Developing, Testing and Implementing SAP Security Roles, Profiles and Authorizations for various landscapes.
- Performed User creation and user termination (SU01).
- Designed and maintained Single, Composite, and derived roles for all SAP Modules (PFCG).
- Created and updated Roles as per team requirements for FI, MM, PP and SD.
- Worked on Mass profile Generation using SUPC.
- Mass transported roles from Development to Production System using transport option in PFCG.
- Worked on troubleshooting user roles, tracing the users, security authorization objects and custom reporting authorization objects to debug an authorization error.
- Analyzed user's outputs and corrected security faults using SU53 & SU56.
- Monitoring logged users and checking unauthorized logins in the system using SM04.
- Performed locking of all the critical transactions using SM01.
- Worked on main SAP transactions like PFCG, SU01, SU10, SU24, SU21, SU22, PFUD, SUPC, SUIM, SU53, SU56, ST01, SE54, STMS, SE09/SE10, SM18, SM19, SM20, SE16, SM30 etc.
- Performed detailed walkthrough reviews, identified, mapped and documented infrastructure and applications risks and controls through process narratives, RCM, flowcharts for various applications within the firm.
- Assessed ITGCs, application controls, as per COSO/COBIT risk management framework.
- Conducted detailed review and testing of general computer controls, change control process, access control lists, Segregation of Duties template.
- Reporting of control deficiencies with management responses and with external auditors and stakeholders
- Information Security Risk Assessor August 2012 – November 2015
- Planned and executed security risk assessments for all third-party vendors/suppliers
- Worked with our Vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access towards.
- Designed and constantly upgrading supplier’s questionnaires to ensure all areas of new threat signatures discovered are covered.
- Administered questionnaires to all vendors.
- Conducted onsite and virtual risk assessment to continuously determine the security posture at the vendor sites.
- Reviewed and validated all controls at the vendor site to ensure data confidentiality.
Validated security questionnaires during onsite visits, to ensure up to date data protection on vendor site. - Conducted on-site risk assessments based on agreed upon procedures guidelines.
- Reviewed the physical and logical access control managements on the vendor site in other to ensure data entrusted with them as well protected.
- Performed data loss prevention analysis of applicable data held at vendor site.
- Reviewed all essential security policies and procedures documentation.
- Provided detail reports of the assessment to business owners and the Vendor Management office.
- Managed communication with vendors to ensure risk discovered are remediated within reasonable time.
- Escalated issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO).
Local Availability
Only available in these countries:
USA
