SAP Security and GRC Authorization Consultant
Keywords
SAP Security
Computer Security
Identity Management
Sap Fiori
Advanced Business Application Programming (ABAP)
Acceptance Testing
Software Applications
JIRA
Business Process Modeling
Information Systems
Skills
User Acceptance Testing, ABAP, Business Process Design, Citrix, information security, security architecture, Data base, Enterprise Portal, Access Management, Identity Management, Information System, ids, JIRA, OData, SAP, SAP GRC, HANA, SAP HR, SAP Security, SAP FIORI, Fiori, SAP Portal, Security support, computer applications, Tivoli, User administration, User provisioning
Project history
04/2023
-
04/2023
Project 2: 03 May 2021 - Till
Client: Retail (Kesko)
Role: SAP Security and GRC Authorization Consultant
Environment: ECC 6.0/SAP HR
6.0/BI7.0/GRC10.0/Portals/Fiori, HANA Studio
* HANA Studio.
* Fiori role creation, Catalog & Groups and Tile Creation, trouble shooting.
* Designed SAP FIORI security architecture using Business Roles concept, Catalogs, Groups,
OData services.
* Hana Data base role creation, privileges assignment and user creation
* HANA Studio trouble shooting
* Extensively worked with Profile Generator (PFCG), conducted workshops to drive
Master/Single/Derived/ Composite roles design. User Master Maintenance (SU01) - Creating
Users, Changing/deleting User access, User lock/Unlock and password resets. Made
extensive use of transaction codes SUIM, SE16, ST01, SU53, PFUD, SU24, PFCG etc.
GRC Security Responsibilities:
* Overview in setting up Access Control.
* Access Request Management: User On-boarding, User Off-boarding, Role assignment.
* RAR Analysis: User and Role Level, Mitigation Controls.
* Emergency Access Management (Firefighter).
* Background jobs in GRC.
* Business role creation and maintenance.
* Developed Process based Security Roles with inputs from Business Process owners
* Level-3 Security support in Analyzing and troubleshooting complex security
authorization issues in a timely fashion.
* Proficient in Automated User provisioning using Access Request Management (ARM),
Automated Risk Analysis and Audit Compliance using Access Risk Analysis (ARA) tool,
Emergency Super User Access control and maintenance via Emergency Access
Management (EAM) tool and Centralized Role maintenance via Business Role
Management (BRM) of SAP GRC Access Controls 12.0
* Experienced in developing Security Project Plans and deliverables.
* User Provisioning and Role maintenance requirements gathering from SAP GRC CUP
tool perspective
* Involved in SAP Risk management activities including Risk Identification and Analysis,
* Rule building and validation, Risk remediation using Mitigation controls with respect to
SAP GRC RAR tool
Client: Retail (Kesko)
Role: SAP Security and GRC Authorization Consultant
Environment: ECC 6.0/SAP HR
6.0/BI7.0/GRC10.0/Portals/Fiori, HANA Studio
* HANA Studio.
* Fiori role creation, Catalog & Groups and Tile Creation, trouble shooting.
* Designed SAP FIORI security architecture using Business Roles concept, Catalogs, Groups,
OData services.
* Hana Data base role creation, privileges assignment and user creation
* HANA Studio trouble shooting
* Extensively worked with Profile Generator (PFCG), conducted workshops to drive
Master/Single/Derived/ Composite roles design. User Master Maintenance (SU01) - Creating
Users, Changing/deleting User access, User lock/Unlock and password resets. Made
extensive use of transaction codes SUIM, SE16, ST01, SU53, PFUD, SU24, PFCG etc.
GRC Security Responsibilities:
* Overview in setting up Access Control.
* Access Request Management: User On-boarding, User Off-boarding, Role assignment.
* RAR Analysis: User and Role Level, Mitigation Controls.
* Emergency Access Management (Firefighter).
* Background jobs in GRC.
* Business role creation and maintenance.
* Developed Process based Security Roles with inputs from Business Process owners
* Level-3 Security support in Analyzing and troubleshooting complex security
authorization issues in a timely fashion.
* Proficient in Automated User provisioning using Access Request Management (ARM),
Automated Risk Analysis and Audit Compliance using Access Risk Analysis (ARA) tool,
Emergency Super User Access control and maintenance via Emergency Access
Management (EAM) tool and Centralized Role maintenance via Business Role
Management (BRM) of SAP GRC Access Controls 12.0
* Experienced in developing Security Project Plans and deliverables.
* User Provisioning and Role maintenance requirements gathering from SAP GRC CUP
tool perspective
* Involved in SAP Risk management activities including Risk Identification and Analysis,
* Rule building and validation, Risk remediation using Mitigation controls with respect to
SAP GRC RAR tool
04/2023
-
04/2023
SAP Security Analyst
Project 3: 16-DEC-2021 To Till now
Client: Bank of Butterfield, Bermuda
Role: SAP Security Analyst
Environment: ECC 6.0
ECC Security Responsibility:
* SAP User administration - Includes user creation, deletion, validation and Mass user
administration and other day-to-day operations relevant to the user administration through
SU01 and SU10.
* Authorization maintenance - Designing new roles (Single, Composite, Master, and Derived
Roles), creation/modification of roles using PFCG, SU24 Updates.
* Worked extensively on incidents & change requests.
* Hands on System Trace, Transport of Security changes, Off-boarding Tasks, Security
Review, Analyzing and solving Service Catalog Security Analyst Pending incidents.
SAP Auditing Responsibilities:
* Fetching reports as per demands from Auditor team.
* Supported audit team for generating audit reports as per the audit rules provided by the
auditors.
* Fetching SLA monitoring reports.
* Preparing SLA Exclusion Matrix sheet and finding RCA for breached SLAs.
Tools Worked on:
* Ticketing Tools: SNOW (Service Now)
* IBM TIM (Tivoli Identity Manager): User Identity Management tool
* Citrix: SAP and related system and applications launch pad
* Adaxes Tool for assigning AD groups to user for Citrix SAP Icon and SAP portal
accesses
* Service Catalog: Automated workflow for Business Role assignment in coordination with
TIM and GRC
* Profile trailer dynamics
* xpandian tool for user and role provisioning
* JIRA tool for change management
* Charm for change management
Client: Bank of Butterfield, Bermuda
Role: SAP Security Analyst
Environment: ECC 6.0
ECC Security Responsibility:
* SAP User administration - Includes user creation, deletion, validation and Mass user
administration and other day-to-day operations relevant to the user administration through
SU01 and SU10.
* Authorization maintenance - Designing new roles (Single, Composite, Master, and Derived
Roles), creation/modification of roles using PFCG, SU24 Updates.
* Worked extensively on incidents & change requests.
* Hands on System Trace, Transport of Security changes, Off-boarding Tasks, Security
Review, Analyzing and solving Service Catalog Security Analyst Pending incidents.
SAP Auditing Responsibilities:
* Fetching reports as per demands from Auditor team.
* Supported audit team for generating audit reports as per the audit rules provided by the
auditors.
* Fetching SLA monitoring reports.
* Preparing SLA Exclusion Matrix sheet and finding RCA for breached SLAs.
Tools Worked on:
* Ticketing Tools: SNOW (Service Now)
* IBM TIM (Tivoli Identity Manager): User Identity Management tool
* Citrix: SAP and related system and applications launch pad
* Adaxes Tool for assigning AD groups to user for Citrix SAP Icon and SAP portal
accesses
* Service Catalog: Automated workflow for Business Role assignment in coordination with
TIM and GRC
* Profile trailer dynamics
* xpandian tool for user and role provisioning
* JIRA tool for change management
* Charm for change management
12/2016
-
03/2021
SAP Security and Authorization Consultant
Client: Retail (Electrolux)
Role: SAP Security and Authorization Consultant
Environment: ECC 6.0/SAP HR 6.0/BI7.0/GRC10.0/Portals
R/3 Security Responsibilities
* Worked Onsite (in Curitiba, Brazil) 6 Months for SAP Security Role
design/Implementation Project.
* SAP User administration - Includes user creation, deletion, validation and Mass user
administration and other day-to-day operations relevant to the user administration through
SU01 and SU10.
* Authorization maintenance - Designing new roles (Single, Composite, Master and Derived
Roles), creation/modification of roles using PFCG, SU24 Updates.
* Worked extensively on incidents & change requests.
* Worked as Change Developer and the responsibilities include developing the changes,
UAT (User Acceptance Testing).
* Worked as Change Process Expert and the responsibilities includes moving changes to next
phases, creating TR, importing TR, conflict analysis, setting up changes ready for P
(production system).
* Worked on Custom Transaction Codes, so that they are maintained with correct security
check.
* Worked on Transport Expresso which is used to create TR, importing TR, for conflict
analysis.
* Hands on System Trace, Transport of Security changes, Off-boarding Tasks, Security
Review, Analyzing and solving Service Catalog Security Analyst Pending incidents.
* SAP Portal User Administration - user creation, user deletion, Role assignment in portals,
password reset, User lock-unlock.
* Knowledge Transfer - Mentoring and guiding new team members.
* Worked on Various Internal Security Projects related to R/3 Security
* Expert in Security Role Design (Single, Composite, Master/Derived, Enabler roles) via
PFCG transaction
* Trouble-shoot authorization problems using Repository Information System and
tracing authorizations using SU53, SU24 and ST01
* Handled many authorization issues by end users and super users by SU53 analysis, SU24
and ST01 trace
* Used Central User Administration (CUA) to handle User Administration/maintenance
activities setting up user ids, assigning roles, resetting password, locking/unlocking
users (SU01, SU10).
* Creating report variants, identifying controls, generating access review reports
and security reports using the transaction SUIM for user access, roles, profiles and
authorizations, lock/unlock user in client etc.
* Reviewed end-to-end Business Process Design for mapped transactions and
required security restrictions
* Coordinated security design with controls team to minimize SOD conflicts into
Production role design.
* Scheduled background jobs using SM36, SM37 transactions.
* Performed audit monitoring activities using SM19, SM20 transaction codes.
* Comprehensive use of transactions PFCG, SU01, SU10, SU24, SU25 and all SAP
security related tables
* Prepared special Role for Audit team according to their requirements
* Created and managed Security roles for BI and worked in creating Reporting
Authorization objects for BI
* Supported and Trained Business Process Owners, ABAP developers, IT Business
Support team members, involved in SAP Security Role testing procedures resulting in
dramatic reduction of time and resources required for testing, while simultaneously
providing a documented, audit compliant, security role change management
procedure.
* Implemented best practice procedures for dramatic decrease of production support
help desk requests
Role: SAP Security and Authorization Consultant
Environment: ECC 6.0/SAP HR 6.0/BI7.0/GRC10.0/Portals
R/3 Security Responsibilities
* Worked Onsite (in Curitiba, Brazil) 6 Months for SAP Security Role
design/Implementation Project.
* SAP User administration - Includes user creation, deletion, validation and Mass user
administration and other day-to-day operations relevant to the user administration through
SU01 and SU10.
* Authorization maintenance - Designing new roles (Single, Composite, Master and Derived
Roles), creation/modification of roles using PFCG, SU24 Updates.
* Worked extensively on incidents & change requests.
* Worked as Change Developer and the responsibilities include developing the changes,
UAT (User Acceptance Testing).
* Worked as Change Process Expert and the responsibilities includes moving changes to next
phases, creating TR, importing TR, conflict analysis, setting up changes ready for P
(production system).
* Worked on Custom Transaction Codes, so that they are maintained with correct security
check.
* Worked on Transport Expresso which is used to create TR, importing TR, for conflict
analysis.
* Hands on System Trace, Transport of Security changes, Off-boarding Tasks, Security
Review, Analyzing and solving Service Catalog Security Analyst Pending incidents.
* SAP Portal User Administration - user creation, user deletion, Role assignment in portals,
password reset, User lock-unlock.
* Knowledge Transfer - Mentoring and guiding new team members.
* Worked on Various Internal Security Projects related to R/3 Security
* Expert in Security Role Design (Single, Composite, Master/Derived, Enabler roles) via
PFCG transaction
* Trouble-shoot authorization problems using Repository Information System and
tracing authorizations using SU53, SU24 and ST01
* Handled many authorization issues by end users and super users by SU53 analysis, SU24
and ST01 trace
* Used Central User Administration (CUA) to handle User Administration/maintenance
activities setting up user ids, assigning roles, resetting password, locking/unlocking
users (SU01, SU10).
* Creating report variants, identifying controls, generating access review reports
and security reports using the transaction SUIM for user access, roles, profiles and
authorizations, lock/unlock user in client etc.
* Reviewed end-to-end Business Process Design for mapped transactions and
required security restrictions
* Coordinated security design with controls team to minimize SOD conflicts into
Production role design.
* Scheduled background jobs using SM36, SM37 transactions.
* Performed audit monitoring activities using SM19, SM20 transaction codes.
* Comprehensive use of transactions PFCG, SU01, SU10, SU24, SU25 and all SAP
security related tables
* Prepared special Role for Audit team according to their requirements
* Created and managed Security roles for BI and worked in creating Reporting
Authorization objects for BI
* Supported and Trained Business Process Owners, ABAP developers, IT Business
Support team members, involved in SAP Security Role testing procedures resulting in
dramatic reduction of time and resources required for testing, while simultaneously
providing a documented, audit compliant, security role change management
procedure.
* Implemented best practice procedures for dramatic decrease of production support
help desk requests
Certifications
SAP GRC access control 12.0
SAP
2022
Local Availability
Open to travel worldwide
