SAP Security Consultant Resume

Title
SAP Security Consultant

Primary Skills
SAP Security, Solution Manager, Netweaver, R/3 / ECC 6.0, GRC CC,AE,FF,RE Unix Oracle

Location
US-TX-Dallas (will consider relocating)

Posted
Mar-09-09

Outstanding experience in SAP R/3/ ECC 6 Security / Authorizations for Manufacturing & Utilities Companies as SAP Security Consultant covering 4 major and complex SAP Security projects. Performed multiple troubleshooting and strategy type engagements around SAP Security Administration / GRC Configuration. More than Six years SAP ERP and 16 years information technology experience.
Good understating of legislations / external regulations such as SOX, HIPAA, ITIL, ISO 270001 and corporate policy that affect financial and supply processes and audits.

Security Tools: SAP GRC / Virsa (Compliance Calibrator, Access enforcer, Risk
Terminator and Firefighter ), SAP User Management Engine / CUA) ,
SAP Solution Manager 4.0 (SolMan), AIS
Operating Systems: HP / Sun UNIX, Windows NT/XP, Active Directory
Databases & Tools: Oracle 8/9i,DB2, SQL Server, TOAD and test director
Programming Languages: C++, CORBA, PL/SQL
ERP Apps: SAP R/3 4.6 / ECC 6.0 SD/ MM, FI/CO, HR, CRM and BW

PROFESSIONAL EXPERIENCE

ITA Consultants, Inc. May 2005 -- Current
SAP Security Consultant

Responsibilities:

• User Access Provisioning Management, using CUA
• Updating transactions via SU24 (managing authorization objects)
• Maintain transactions selection and authorization objects in activity groups
• Designing and building roles using PFCG including complex design restrictions and use of RSECADMIN
• Assist in security gap analysis and defect Management
• Troubleshooting (SU53, SM19/20 and ST01)
• User Administration and Role maintenance
• Creation of monthly audit reporter (SUIM)
• Providing technical support to functional areas, configurations and developers
• Configure GRC Access Control Tool to avoid SOD Conflicts to comply with Sarbanes-Oxley (SOX) regulation
• Use SAP's Transport Management System for pushing Security changes into production

Project Details:

PETSMART, Phoenix, AZ:

Helped Client for SAP GRC Access Control upgrade from 5.1 to 5.3. Created new Connectors and assigned mitigating Controls. Coordinated the implementation and acted as Subject Matter expert for GRC for BA's and BPO's. Performed SAP Security Administration functions -- Creating new Roles, Modifying existing Roles, User Administration using SolMan. Solved Production Authorization Problems by analyzing user buffers. Supported Security around SAP HR / SCM,CRM modules. Assisted in conducting gap analysis between business requirements and software related SAP Security

California Portland Cement Corp., Glendora, CA

Performed User Management for SAP ECC 6.0 using Solution Manager 4.0 (SolMan) / CUA. Developed / maintained the Roles and their assignment to users. Create new Roles / users for Companies new acquisitions in SAP HR,PY, SD,MM. Perform Role Management /Transaction security by restricting access to authorization objects. Debugging the user authorization problems using su53 / trace. Helped client in integrating SAP ERP / ECC with Active Directory Configuration.

Center point Energy, Houston, TX

Evaluated Logical Security around SAP BASIS environment. Evaluated current user roles to improve system performance. Recommended solutions to remediate Segregation of Duties (SOD) conflict issues related to Logical Access for HR, FI / CO, SD/MM modules using SAP GRC (Virsa Compliance Calibrator & firefighter 4.0). Helped the client carrying out fit-gap analysis.

World Bank Group, Washington, DC

World Bank disburses the Loans to Developing Countries around the world to the amount of US $30 Billion. Evaluated GCC Control related to Bank's Treasury Application and ISG (Information System Support Group) . Performed users / role Administration using Profile Generator. Performed SOD conflict resolutions using Virsa Compliance Calibrator for SAP GRC in conjunction with HR FI / CO. Analyzed usage of Emergency Super users in SAP using Virsa Firefighter. Helped the client in analyzing current Solution Manager Configuration and suggesting improvements to utilize it to increase productivity of SAP installation. Lead the team of three Security personnel for the project

PSE&G, Newark, NJ

Guide IT Department in Configuring Central User Administration for SAP ERP System. Used SAP GRC ( Formerly Virsa Compliance Calibrator) in order to assure Separation of Duties for roles and users as part of Sarbanes-Oxley 404 Compliance for SAP FI & MM Applications.

TRW Automotive, Shirley, UK

Helped Companies IT / Internal Audit Department to achieve Sarbanes-Oxley Compliance to overcome SOD issued in SAP ERP System.
Worked on improving SAP user / Role Management to avoid SOD issues for SCM / FI. / HR Modules in consultation with B.A's. Helped to modify existing SAP GRC (Formerly Virsa Compliance Calibrator) Rules. Lead the team of 3 Security Consultants.

Aeroflex, NY

Coordinated and performed testing of ERP Security for Companies facilities throughout US for Four location in US. Managed three other individuals who were part of team. Worked on Configuration Controls for Access Control (GRC) in collaboration with business process owners and Business Analysts.

Kraftware, Inc. Jan. 2003- April 2005
IT Consultant

Responsibilities:

• Analyze SAP ERP Security and Access Control
• SOX Controls Review
• Implement and troubleshoot Telecom Billing Software

Project Details:

Intel, Inc, CA

Analyzed the Security controls of SAP ERP SCM application and Oracle Platform. Analyzed the standard and Customized settings for SAP R/3 System Parameters, CTS , Authorization profiles (Profile Generator) & User Access. Used VIRSA Compliance Calibrator in order to assess Sarbanes-Oxley Separation of Duties compliance for users .

Verizon Wireless, NJ

Implemented Revenue Assurance module of Amdocs Billing Software written in Unix / C. The Implementation and support was challenging as system stopped functioning before I came on-board.

US Cellular, IL

Implemented Wireless Number portability Software (as part of FCC compliance) written in C++ / Corba for US Cellular Corporation based in Chicago. Also helped in release management of newer version of STAR billing system.

AMDOCS, Inc., St. Louis, MO Sep. 2000 -- Dec. 2002
System Analyst

Implemented and Supported Revenue Assurance module of Amdocs Billing Software written in Unix / C & COBOL. Major client include Roger's AT&T, SBC & Sprint.


Syntel Inc., Troy, MI March 1998 - Oct 1999
System Analyst

Documented existing IT process and prepared gap Analysis for Y2K problem Maintained and implemented client-server applications related to Freight bill Audit payment system for Logistic Company in C, PRO* C and ORACLE RDB on VAX. Helped client in configuring and setting up of Source Control Management system.

Indian Oil Corporation, Bombay, India Jan. 1988 - March 1998
Assistant Manager (Systems Audit)

Participated in design, development testing and implementation of Billing system for Petroleum (Oil & Gas) products at POS locations for this Fortune 500 Company. Audited IT infrastructures (Operating Systems, Network, LANs,) and application systems at Companies HQ and various POS all over country.

EDUCATION / MEMBERSHIPS
Academy, Chicago, IL Aug. 2007

Successfully completed SAP America trainings:
• ADM940 SAP Authorization Concept
• ADM950 SAP System Management 4.7
• SAP GRC (Virsa Compliance Calibrator 5.1)

CISA (Certified Information System Auditor), June 2006
Network / Wireless Penetration testing, Dallascon, May 2005
B.S. (Computer Science) Aug. 1986

Member, Information Systems Audit & Control Association
Member, Information System Security Association

WORK Authorization:
US - Permanent Resident (Green Card holder)
India -- Citizen
Brazil - 5 year business visa

Certifications
CISA
Virsa Complaince Calibrator



You must be logged in and have a current resume access subscription. Login or Register »

Resumes in Dallas, TX | Resumes in Texas

View other SAP Security Consultant resumes