SAP - 11 + Year



  • Having 11.5 years of IT experience into Design, Implementation and solutioning for Governance and compliance, Compliance audit i.e.ITGC,SOX, risk assessments.

  • Also involved SOX Audit, Defining Base line controls, IT Sensitive Controls, Security Gate Way Controls (ONAPSIS).

  • Implemented multiple End to End SAP GRC (AC) Access Controls 10.o and 10.1& 12and PC – Process Control components.

  • Having hands on implementation, support and upgrade experience in different flavors of Security i.e ECC 6.0, FIORI, BI, BO security and HANA security.

Primary Skills
  • Security

Secondary Skills
  • Fiori
Other Skills
  • Control work for remediation steps, creating incidents and follow up with security team for completion
  •  Work on the CCMs
  • Process FF logs
  • Work with Auditors on remediation issues – evidencecaptutres
  • Work on UAR
  • Work on Risk Analysis to identify Risks at both Role and User level
  • Support onshore lead in gathering evidence and preparing for auditor and client meetings
  • Flexible to work late hours as needed.
  • Worked with project team to audit ERP environment to comply with Sarbanes-Oxley standards.
  • Developed processes to quarterly check on Segregation of Duties (SOD) issues.
  • Implemented Automated Solutions for redundant tasks
  • Defined Base line Controls for User, System, Process etc.. Across the Landscape
  • Performed Periodic Reviews and governance check on IT Sensitive Controls
  • Performed Feasibility Check across the landscape for Security Gateway Tool implementation
  • Extract, analyze and executed the ONAPSIS Critical, High level Controls
  • Enabled the Review process for all the Custom builds across landscape for various business process
  • Periodic review on password , system parameters
  • Securing the Critical objects and profiles
  • Securing the Custom tables, Tcodes and Programs
Technical Expertise:
  • GRC Access control and Process control experience
  • Experience in Role Re Design projects
  • Experience in Role Re Design projects
  • Experience in Roll-Outs and Upgrade projects
  • Experience in new SAP Initiatives (S/4 Hana, Fiori etc.)
  • GRC 12 (ARA, ARM, EAM, UAR) Configuration
  • ECC , BW, FIORI, HANA and S4 Hana Security
  • S/4 Hana authorization Design and support
  • GRC Process Control
  • FIORI Security
  • Enabling Basis and Security Policies

Project 1: TCI ( Tokyo Chemical Industries - IT Industry (38 months)

    Project Type :Green field Implementation & Support ( GRC, S4 Hana & Fiori)

    • Conducting business workshops for various business process

    • Implementing Customized rule set

    • Design and construct of GRC 12.o Solution on ECC, Solman, BW etc

    • Involved with Governance team for Z* Tcodes and Z* Reports

    • Created Virtual and Technical roles for different Business Processes Like MM, SD, LE etc

    • Conducted End user trainings for business.

    • Conducted different meetings with business for Derivation of roles based on KDS values given by business

    • Role re designs, Sensitive access Segregations

    • Rule set customizations


    • Fiori & S4 HANA Role Design

    • Supporting GRC AC & PC

    • Trouble shooting S4 HANA & Fiori Authorization

    • Performed Ruleset assessments

    • Working on SOX & ITGC Controls

    • Working on Periodic controls review

    • Governance reviews on Custom developments

    • Working on HANA DB security

    • Creation and maintenance of Views and privileges

    • Enabling Audit logs in HANA DB

Project 2: ACCRETE - IT Industry (9 months)

    Roles & Responsibilities:

    • Analyzing the requirement and user impact across land scape

    • Project plan for Roll out execution

    • Preparing the documentation for same

    • Uploading SOD files, performing Initial Risk analysis

    • Identifying the custom requirements

    • Connecting and configuring the systems to GRC AC

    • Approving Access requests SSRS and tracking the same

    • Preparing SOD sheets for Mitigation process and applying the Mit Controls

    • Creating test scenarios for testing

    • Creation and maintenance of FFIDs in GRC 10

    • Extracting the logs for analysis

    • Changing & updating the roles with new approvers

    • Maintaining the owners for FFIDs per Business process

    • Role upload in GRC

Project 3: ITC Fusion - IT Industry (6 months)

    Roles & Responsibilities:

    • Conducting Walkthrough discussions with Business

    • Project plan preparation

    • BBP Preparation for all the modules in GRC 10

    • Uploading SOD files, performing Initial Risk analysis

    • Analysis on Existing custom Action usage

    • Configuration GRC AC

    • Creation and Maintenance of Mitigation Controls

    • Configuring Workflows by MSMP and BRF+

    • Role design on for ECC modules i.eMM ,SD, LE etc

    • Business approach document for Localization

    • Analyze and implement the KDS from the business

Project 4: Unilever - IT Industry (21 months)

    Roles & Responsibilities:

    • Creating new Master and derived roles for Project with OTM requirements

    • Authorizations for OTM  ( Oracle Transport Management )

    • Generating Global reports on Critical access levels for Auditing

    • Control testing for SOX compliance

    • Creating scripts for LSMW scripts for mass user Creation and Role assignment

    • Knowledge on tables (AGR*, USR*)

    • Performing Risk analysis in ARA

    • Role upload in GRC system

    • Applying Mitigating controls to roles

    • Creation of Authorization Groups

    • Applied Program and Table level Security for custom Transaction codes

    • Organized and maintained for changes made to user accounts, Roles and security profiles like SUIM

    • Analyzing and solving the missing authorizations and day-to-day security issues that are being raised by the user

    • Working with Analysis Authorization creation and modifications for BI authorization

    • Extensive knowledge on BI modeling , extraction and reporting

    • Working with S_RS_COMP and S_RS_COMP1 to analyze and fix auth BI Auth issues

Project 5: Daimler (Mercedes Benz) - IT Industry (18 months)


    • Handled Complete Role Admin Activities which includes Creation and Maintenance of Composite, Master & Derived Roles

    • Creating scripts for LSMW scripts for mass user Creation and Role assignment

    • Having Experience in Trace user

    • Knowledge on tables (AGR*, USR*)

    • Creation of Authorization Groups

    • Critical Authorization Objects such as S_TABU_DIS, S_PROGRAM, and S_DEVELOP were restricted and monitored

    • GRC experience for Access control( ARA, ARQ, EAM)

    • Involved in master data preparation for EAM and ARQ

    • Configuration of AC 10 SPRO settings

    • Configuration of Connector settings

    • Maintain configuration parameters for Access control

    • Designing the workflows through MSMP by creating different stages and paths

    • Creating and managing Agent and Initiator Rules in BRFplus

    • Maintaining configuration in Access Request, Access Risk Analysis, Emergency Access

Project 6: Estee lauder - IT Industry (28 months)

    GRC Integration with HANA DB :

    • Integrated GRC with HANA DB

    • Enabled IDE cockpit for EAM.

    • Worked on Audit Policies

    • Periodic Log reviews on Privilege usage



    • Automated ICUs using RPA BOTS

    • Developed SOX procedures.

    • Worked on LO and FI Controls

    • Sampling for Internal & External Audits


    Role Re engineering:

    • Re engineered LO and Finance Roles based on Action Usage

    • Enabled Front gate Governance review for Z* objects

    • Automated Governance review for Auth Sign offs

    • Developed IT sensitive Ruleset

    • Performed Log reviews and control reviews

    Cloud Applications Security :

    • User Admin on BTP,CPI & CPI DS

    • Maintain Connections

    • IBP security ( User Admin, Role Admin, Trouble shooting)

    • IAS Security

    • MFA implementations for cloud Applications

    • HANA cloud Security

  • Certified in SAP GRC Access control  
  • CISA Certified

Similar Talent

Key Skills - Self Rating


Key Skills - Self Rating
  • SuccessFactor


Key Skills - Self Rating
  • FICO
  • Controlling


Key Skills - Self Rating


Key Skills - Self Rating