Profileimage by Christine Huffer SAP Security and Compliance Specialist, Information Risk Management from Berlin

Christine Huffer


Last update: 22.06.2021

SAP Security and Compliance Specialist, Information Risk Management

Graduation: Diplom-Betriebswirtin
Hourly-/Daily rates: show
Languages: German (Native or Bilingual) | English (Full Professional)


CV Christine Huffer.pdf


SAP Compliance, shell, Cloud, Salesforce, SAP Cloud Platform, HANA, SAP, GSAP, SAP BW, IBM, CRM, SOX

Project history

08/2018 - Present
Compliance and Controls Specialist
Royal Dutch shell plc (>10.000 employees)
Energy, water and environment
  • Infrastructure vulnerability specialist for Enterprise Technology Service Operations Management
  • IT compliance and control focal point for IT managed applications
  • Finding management including remediation and improvements of internal and external audit findings
  • Security and compliance lead for the transformation project from ECC to S/4HANA Cloud implementation for the pipeline business
  • Control automation and design and scoping of IT General Control Cockpit in Salesforce
  • Develop security and compliance standards for SAP Cloud Platform and Native HANA

12/2007 - 06/2018
SAP Security and Compliance Lead, SAP Security Architect
Royal Dutch shell plc (>10.000 employees)
Energy, water and environment
  • Design and roll out of Global SAP authorization concept and access provisioning in 30+ countries involving 30K+ end-users (Design, Build, Unit Test, Integration Test, User Acceptance Test, LES, Cutover, Go-Live, Support).
  • Security and compliance lead for GSAP with team members on- and offshore (15-20)
  • Training of Shell staff and other contractors
  • Responsible to technically implement change requests from the business to enhance existing design or implement new design according to business requirements and legal/fiscal regulations
  • Design and implement role concepts that ensure compliance with legal and fiscal restrictions such as competitive sensitive data, Data Privacy, Financial data for Joint Ventures etc.
  • Process design, build, automation and implementation for Security OSS Notes, security change process, Third party role and access provisioning
  • Review and re-design/optimization of existing authorization concepts
  • Design, build, implementation of role design ruleset in GRC to automate quality assurance for role build and prevent loss of data integrity and confidentiality.
  • Regulatory Compliance
  • Planning, management and execution of Security Cutover for ECC Upgrades and Support Packs
  • Authorization strategy for S/4HANA (design, build, implementation)
  • Management of security baseline remediation’s and risk acceptance/step out
  • Analysis and remediation of internal and external IT audit findings
  • SoD Controls and analysis of SoD related conflicts and mitigation
  • Design and implementation of an online portal form to ensure automated, compliant and standardised access provisioning across all non-production environments (50,000+ User ID’s) (incl. automation of all end user administration, provision of approved emergency & OSS ID’s, whilst entirely being driven by workflow approved access to organisational/country level data in order to meet all legal requirements on the protection of competitively sensitive information)
  • Managed security aspects for SLO tool divestment projects
  • Consistently worked on defining cost-effective and time saving business & process improvement strategies, often requiring buy-in from multiple global and local stakeholders
  • Forged strong, successful working relationships with senior IT management and quickly became a trusted focal point
  • Close engagement with Governance Risk Assurance, Business Security Administrator, Information Risk Management, IRM Compliance and Incidents, Enterprise Services Security, Process Experts

10/2007 - 11/2007
Principal Consultant
SECUDE Global Consulting GmbH (10-50 employees)
Media and Publishers
  • Security alignment with BSI Standard
  • Review of BW authorization concept
  • BI7 upgrade workshop
  • Configuration GRC Suite (Firefighter, Access Enforcer, Compliance Calibrator) Development of training material for the GRC Suite

10/2005 - 10/2007
SAP BW Security Architect (IBM Deutschland GMBH)
  • Design of the BW Authorization Concept for BMW Strategic Planning
  • Team lead for BW Roles and Authorizations                  
  • Upgrade of the existing BW 3.5 security concept to BI7
  • Design, implementation of BI7 security
  • Development and Implementation of automatic generated authorization profiles for end users (Automatic Profile Generator)
  • Implementation of security concept in various business areas (Finance, Supply, Sales, Real Estate, Material Management, CRM, HR etc.)
  • Weekly Client-facing
  • Reporting to Senior IBM and Ericsson Management
  • Problem analysis and conflict resolution
  • Knowledge Transfer
  • Adherence of security compliance, SOX Section 404 and BS7799 (as well as corporate security)
  • Preparation of business and system blueprints
  • Design, build, test and implementation of authorization roles and concepts
  • Maintenance of existing authorization concepts and clean-up activities
  • Go-Live and post Go-Live support
  • User administration

Contact form

Contact details