Tek02056

SAP - 11 + Year


MBA

Highlights

  • Having 11.5 years of IT experience into Design, Implementation and solutioning for Governance and compliance, Compliance audit i.e.ITGC,SOX, risk assessments.

  • Also involved SOX Audit, Defining Base line controls, IT Sensitive Controls, Security Gate Way Controls (ONAPSIS).

  • Implemented multiple End to End SAP GRC (AC) Access Controls 10.o and 10.1& 12and PC – Process Control components.

  • Having hands on implementation, support and upgrade experience in different flavors of Security i.e ECC 6.0, FIORI, BI, BO security and HANA security.


Skills
Primary Skills
  • SAP GRC
  • Security

Secondary Skills
  • Fiori
  • SAP ECC
Other Skills
Compliance:
  • Control work for remediation steps, creating incidents and follow up with security team for completion
  •  Work on the CCMs
  • Process FF logs
  • Work with Auditors on remediation issues – evidencecaptutres
  • Work on UAR
  • Work on Risk Analysis to identify Risks at both Role and User level
  • Support onshore lead in gathering evidence and preparing for auditor and client meetings
  • Flexible to work late hours as needed.
  • Worked with project team to audit ERP environment to comply with Sarbanes-Oxley standards.
  • Developed processes to quarterly check on Segregation of Duties (SOD) issues.
  • Implemented Automated Solutions for redundant tasks
  • Defined Base line Controls for User, System, Process etc.. Across the Landscape
  • Performed Periodic Reviews and governance check on IT Sensitive Controls
  • Performed Feasibility Check across the landscape for Security Gateway Tool implementation
  • Extract, analyze and executed the ONAPSIS Critical, High level Controls
  • Enabled the Review process for all the Custom builds across landscape for various business process
  • Periodic review on password , system parameters
  • Securing the Critical objects and profiles
  • Securing the Custom tables, Tcodes and Programs
Technical Expertise:
  • GRC Access control and Process control experience
  • Experience in Role Re Design projects
  • Experience in Role Re Design projects
  • Experience in Roll-Outs and Upgrade projects
  • Experience in new SAP Initiatives (S/4 Hana, Fiori etc.)
  • GRC 12 (ARA, ARM, EAM, UAR) Configuration
  • ECC , BW, FIORI, HANA and S4 Hana Security
  • S/4 Hana authorization Design and support
  • GRC Process Control
  • FIORI Security
  • Enabling Basis and Security Policies
Projects

Project 1: TCI ( Tokyo Chemical Industries - IT Industry (38 months)

    Project Type :Green field Implementation & Support ( GRC, S4 Hana & Fiori)




    • Conducting business workshops for various business process



    • Implementing Customized rule set



    • Design and construct of GRC 12.o Solution on ECC, Solman, BW etc



    • Involved with Governance team for Z* Tcodes and Z* Reports



    • Created Virtual and Technical roles for different Business Processes Like MM, SD, LE etc



    • Conducted End user trainings for business.



    • Conducted different meetings with business for Derivation of roles based on KDS values given by business



    • Role re designs, Sensitive access Segregations



    • Rule set customizations




    TOYOTA




    • Fiori & S4 HANA Role Design



    • Supporting GRC AC & PC



    • Trouble shooting S4 HANA & Fiori Authorization



    • Performed Ruleset assessments



    • Working on SOX & ITGC Controls



    • Working on Periodic controls review



    • Governance reviews on Custom developments



    • Working on HANA DB security



    • Creation and maintenance of Views and privileges



    • Enabling Audit logs in HANA DB



Project 2: ACCRETE - IT Industry (9 months)

    Roles & Responsibilities:




    • Analyzing the requirement and user impact across land scape



    • Project plan for Roll out execution



    • Preparing the documentation for same



    • Uploading SOD files, performing Initial Risk analysis



    • Identifying the custom requirements



    • Connecting and configuring the systems to GRC AC






    • Approving Access requests SSRS and tracking the same



    • Preparing SOD sheets for Mitigation process and applying the Mit Controls



    • Creating test scenarios for testing



    • Creation and maintenance of FFIDs in GRC 10



    • Extracting the logs for analysis



    • Changing & updating the roles with new approvers



    • Maintaining the owners for FFIDs per Business process



    • Role upload in GRC



Project 3: ITC Fusion - IT Industry (6 months)

    Roles & Responsibilities:





    • Conducting Walkthrough discussions with Business



    • Project plan preparation



    • BBP Preparation for all the modules in GRC 10



    • Uploading SOD files, performing Initial Risk analysis



    • Analysis on Existing custom Action usage



    • Configuration GRC AC



    • Creation and Maintenance of Mitigation Controls



    • Configuring Workflows by MSMP and BRF+



    • Role design on for ECC modules i.eMM ,SD, LE etc



    • Business approach document for Localization



    • Analyze and implement the KDS from the business



Project 4: Unilever - IT Industry (21 months)

    Roles & Responsibilities:




    • Creating new Master and derived roles for Project with OTM requirements



    • Authorizations for OTM  ( Oracle Transport Management )



    • Generating Global reports on Critical access levels for Auditing






    • Control testing for SOX compliance



    • Creating scripts for LSMW scripts for mass user Creation and Role assignment



    • Knowledge on tables (AGR*, USR*)



    • Performing Risk analysis in ARA



    • Role upload in GRC system



    • Applying Mitigating controls to roles



    • Creation of Authorization Groups



    • Applied Program and Table level Security for custom Transaction codes



    • Organized and maintained for changes made to user accounts, Roles and security profiles like SUIM



    • Analyzing and solving the missing authorizations and day-to-day security issues that are being raised by the user



    • Working with Analysis Authorization creation and modifications for BI authorization



    • Extensive knowledge on BI modeling , extraction and reporting



    • Working with S_RS_COMP and S_RS_COMP1 to analyze and fix auth BI Auth issues



Project 5: Daimler (Mercedes Benz) - IT Industry (18 months)

     





    • Handled Complete Role Admin Activities which includes Creation and Maintenance of Composite, Master & Derived Roles



    • Creating scripts for LSMW scripts for mass user Creation and Role assignment



    • Having Experience in Trace user



    • Knowledge on tables (AGR*, USR*)



    • Creation of Authorization Groups



    • Critical Authorization Objects such as S_TABU_DIS, S_PROGRAM, and S_DEVELOP were restricted and monitored



    • GRC experience for Access control( ARA, ARQ, EAM)



    • Involved in master data preparation for EAM and ARQ



    • Configuration of AC 10 SPRO settings



    • Configuration of Connector settings



    • Maintain configuration parameters for Access control



    • Designing the workflows through MSMP by creating different stages and paths



    • Creating and managing Agent and Initiator Rules in BRFplus



    • Maintaining configuration in Access Request, Access Risk Analysis, Emergency Access



Project 6: Estee lauder - IT Industry (28 months)

    GRC Integration with HANA DB :




    • Integrated GRC with HANA DB

    • Enabled IDE cockpit for EAM.

    • Worked on Audit Policies

    • Periodic Log reviews on Privilege usage



     



    Compliance:




    • Automated ICUs using RPA BOTS

    • Developed SOX procedures.

    • Worked on LO and FI Controls

    • Sampling for Internal & External Audits



     



    Role Re engineering:




    • Re engineered LO and Finance Roles based on Action Usage

    • Enabled Front gate Governance review for Z* objects

    • Automated Governance review for Auth Sign offs

    • Developed IT sensitive Ruleset

    • Performed Log reviews and control reviews



    Cloud Applications Security :




    • User Admin on BTP,CPI & CPI DS

    • Maintain Connections

    • IBP security ( User Admin, Role Admin, Trouble shooting)

    • IAS Security

    • MFA implementations for cloud Applications

    • HANA cloud Security


Awards
  • Certified in SAP GRC Access control  
  • CISA Certified

Similar Talent

Key Skills - Self Rating

View

Key Skills - Self Rating

View

Key Skills - Self Rating

View

Key Skills - Self Rating

View

Key Skills - Self Rating

View