Harinadh A SAP Security Consultant Cell: 832-558-2010 *142

______

Overview

Energetic, goal driven SAP security specialist with 10+ years of solid expertise in all facets of SAP security design and implementation. Technically sound individual with exposure to a wide range of SAP platforms. Proven analytic and problem-solving skills with the ability to assess needs, define requirements, develop & execute value-added solutions that improve operating efficiency. Well versed in completing projects on time and as promised, by coordinating team efforts while working with the project team. Well versed in documenting and bridging the gap between business requirements and technical processes to meet the needs of dynamic and continuously changing environments. Experienced in production support activities like application support, process improvement, enhancements, resource optimization, SLA monitoring, service delivery, service transition etc. Hardworking and dedicated professional with strong interpersonal, communication, negotiation, and leadership skills.

Areas of Expertise

Security requirements gathering / Security role design & develop
Security testing support / Troubleshooting & fixing security issues
Cutover & Go-live Support / Project Implementation
Post go-live Production Support
Identify SOD conflicts and Remediation / Implementing Best Practices
Audit & Compliance

Key SAP Skills

ECC 6.0 & 4.6C, BI 7.0, BW 3.5, SAP BusinessObjects 4.1, SAP HANA Studio 2.0, SAP HCM, SCM 7.02, SRM 5.0, SAP Nota Fiscal Electronica, SAP Test Data Migration Server 4.0, SAP Landscape Transformation,GRC Access Controls 10.1, SAP Solution Manager 7.1,CHARM, SAP Process Integration, SAP Composite Environment, SAP Process Orchestration, SAP NetWeaver Planning,SAP Biller Direct and Novell Identity Management tool.

PROFESSIONAL EXPERIENCE:

  • Involved in design/redesign, implementation, cutover, production support activities for wide variety of SAP platformsin multiple SAP global implementations
  • Worked closely with the business / functional teams to gather security requirements.
  • Designed and developed security roles for ECC 6.0, BI 7.0, HCM, Nota FiscalElectronica, SCM, Solution Manager, TDMS, PI Systems
  • Designed and developed analysis authorizations (SAP BI 7.0) at Characteristics, Key Figure, and Hierarchy node level for reporting users i.e. endusers/power users/report writers
  • Well-versed with troubleshooting authorization issues in BI 7.0 and updating analysis authorizations/roles
  • Developed front end folder level security in SAP Business objects by creating user groups/access levels in BOBJ CMC.
  • Migrated user groups/access levels/folder level security in BOBJ to QA/Production systems thru promotion management.
  • Developed HR security/structural authorizations in PA, PD, ESS and MSS Modules.
  • Worked extensively in GRC 10.1 in the areas of ARA(RAR),EAM (SPM), BRM(ERM), ARM (CUP).
  • Developed security for ODATA services in portal and backend,updated communication channels, web services in Process Orchestration portal
  • Extensively worked in Composite Environment portal - activities include creation of portal roles, setting up permissions for systems, updating user mapping for systems, updating web services, managing portal users etc.
  • Developed security roles in NetWeaver Planning, NWDI, SLD, Biller Direct portals.
  • Handled security defects as part of Unit and Integration test cycles
  • Involved in security upgrade from 4.6C to ECC 6.0 and BW 3.5 to BI 7.0
  • Developed roles and privileges (including System, Object, Analytic and Package Privileges) in HANA Studio.
  • Worked on security setup for managed system configuration and BPCA in Solution Manager
  • Worked on security setup for Central User Administration.
  • Extensively worked on SAP GRC AC 5.3 SP10 (CUP, RAR, SPM and ERM) and VIRSA Compliance Calibrator (VRAT), VIRSA Role Expert (VRMT), Fire Fighter (VFAT) tools
  • Very good understanding on segregation of duties and Sarbanes Oxley regulations on application security and business processes.
  • Worked closely with auditors and modified roles to achieve SOX compliance for users and roles.
  • Experience in user administration in ABAP and Portal systems, role Maintenance, analyzing and troubleshooting issues
  • Created security design documents for reference and conducted knowledge transfer sessions to handover projects to Production support team

Education :

Bachelor of Engineering from University of Mysore, Karnataka, India.

SAP Project Experience

Nike, Inc. Beaverton, OR SAP Security Consultant

May’ 14 to Oct’17

Environment : ECC 6.0, BI 7.0/ SAP Business Objects 4.1/ SAP Hana Studio 2.0/SAP GRC 10.1/SAP Process Orchestration/SAP Composite environment, Solution Manager Charm.

  • Worked on security setup for SAP ODATA services in ECC 6.0and SAP Process Orchestration systems
  • Created UME roles in PO system with appropriate portal actions and mapped roles to groups.
  • Setup security for technical users in PO system for webservice calls from external applications
  • Created portal roles for custom apps and mapped roles to groups in Composite Environment
  • Setup permissions/user mapping for systems in Composite Environment and updated webservices
  • Developed and assigned analysis authorizations in BI 7.0
  • Analyzed and resolved users access issues in BI 7.0.
  • Configured SAP Business objects for LDAP/SAP authentication and imported appropriate backend roles to SAP BO
  • Created access levels/user groups in SAP Business Objects 4.1
  • Setup security for folders/connections/applications etc. in SAP BO
  • Worked on migration of security to QA/production systems in SAP BO
  • Experience in design and implemention of HANA-BI Security
  • Created custom roles in HANA DB for Developers, and Data Base Administrators
  • Created System, Object, Analytic, Package and Application Privileges
  • Worked on both Catalog (Run Time) and Repository Roles (Design Time)
  • Worked on HANA Application Life cycle Management
  • Created and enabled Audit policy in HANA DB
  • Worked on SAP GRC Access Controls 10.1 components Access Risk Analysis (ARA), Emergency Access Management (EAM) & Access Request Management (ARM) components
  • Configured MSMP workflows for maintaining Rules, Agents, Paths, Route mapping etc. for access provisioning thru GRC Access Controls 10.1
  • Created custom initiator rules through Business Rule Framework Plus (BRF+) for ARM.
  • Configured password self-service, GRC notifications
  • Setup Access Control Owners, Owners,Controlers,Firefighter Ids
  • Worked on setting up GRC jobs for Authorization data/Repository Object/Action usage/Role usage/Master data/EAM workflow/EAM log synchronization/GRC notifications
  • Enabled new Security roles in GRC for auto provisioning

Nike, Inc. Beaverton, OR SAP Security Consultant

May’ 11 to April’ 14

Environment : BI 7.0/SAP GRC 5.3/SAP PI/SAP SCM7.0/SAP HR/HCM

  • Worked on HCM Security to develop position based security and structural authorizations
  • Assigned structural authorization profiles to user ID’s using Report RHPROFL0 to automatically assign appropriate structural authorization profile to each user id.
  • Worked with BI functional team and developed the BI analysis authorizations.
  • Created analysis authorizations to restrict users at Info Object level
  • Developed BW roles and authorizations restricting access to infocube for specific characteristic,hierarchy node of the hierarchy etc.
  • Developed new roles containing authorizations for BW reporting end users and Power users.
  • Worked closely with the internal Audit team and made all the necessary corrections in security roles to meet SOX compliance.
  • Created roles in SCM Event manager for new parameters like Purchase orgs/Sales Orgs/Plants event handlers.
  • Designed security setup for webservices in Process Integration System
  • Updated User credentials in Communication channels in Process Integration System

Nike, Inc. Beaverton, OR SAP Security Consultant

Sept’ 09 to April’ 11

Environment : SAP ECC 6.0/BI 7.0/SAP GRC 5.3/EP 7.0

  • Worked on SAP Securtiy redesign which includes tasks to

Redesign existing Job/Position based roles to Task based roles

Eliminate embedded Segregation of Duty Conflicts within Roles

Remove unused Transaction codes in roles

Develop/Configure Display /IT /Basis /Production support roles

  • Created Task based roles(Tcode roles )
  • Created Enabler Roles for Auth/Org fields like Company code/Sales Org/Purchase Org/AccountType/Plant/Movement Type/Sales Doc Type/Data restriction reporting/Condition type/Vendor type etc
  • Created Test Ids for Unit/Integration/UAT Testing
  • Resolved Auth Issues Using Trace i.e. ST01
  • Created/updated analysis authorizations in BI 7.0 for new company codes
  • Worked on SAP GRC 5.3 (Governance, Risk, and Compliance) which includes

Running Risk Analysis and Remediation (RAR) reports (previously Compliance Calibrator).

Extensively worked on Compliant User provisioning (CUP) previously known as Access Enforcer.

 Imported roles to CUP/Setting Role Owner/Importing Custom approver Determinators/Intitiators etc

 Setting up Connectors for Super User Privileged Management (SPM) previously known as FireFighter.

 Creating Firefighter Ids and /Configuring Firefighter Owners/Controllers/IDs etc.

  • Supported issues of phased roleout(Geography wise)
  • Designed and createdusers for RFC (ABAP/HTTP) connections for Basis team
  • Opened OSS connections to SAP Systems,Created Users for OSS connections and updated passwords in Secure Area
  • Set up background jobs for security maintenance/Firefighter usage logs etc
  • Created portal roles and and assigned to groups
  • Handled Change Management control and validated the work done by team members at onsite and Offshore
  • Involved in performing cutover tasks for Go-live and handled issues during Project Stabilization

AstraZeneca, Wilmington, DE SAP Security Consultant

Nov’ 08 to Aug’ 09

Environment : SAP R/3 ECC 5.0/BI 7.0
  • Performed assessment of the current SAP Security design in place of Production System.
  • Analyzed the As-Is SAP Security setup and documented the gaps and provided recommendations on AZ SAP security design and implementation.
  • Analyzed the Segregation of Duty Conflicts at both role level and user level
  • Did gap analysis and recommended the SAP security best practices.
  • Worked extensively on authorization groups (SE54/SUCU) and customized transaction codes (SE93).
  • Analyzed the impact on roles to convert autorization field to org level field
  • Modified authorization of roles after converting autorization field to org level field
  • Created derived roles to restrict access based on planner group/plant level
  • Created Test Ids and troubleshooted authorization issues in merging of Canada system into NA system
  • Cleaned up users who have not logged in SAP systems since last 1 year
  • User administration in all SAP systems in landscape i.e. ECC6.0 , BI7.0
  • Modified roles to controll access to key authorization objects such as S_BTCH_ADM, S_ADMI_FCD, S_TABU_DIS, and S_DEVELOP etc for batch Jobs, basis transactions, tables, and debug access.

MedImmune Inc, Gaithersburg, MD SAP Security Consultant

Nov ’07 to Oct ’08

Environment : SAP R/3 ECC 5.0, BIW3.1/BI 7.0, EP 7.0, SRM5.0, SM4.0, MSSQL 9.0 and SAP NetWeaver 2004s (BI 7.0 and XI)

R/3 SECURITY

  • User Administration of all SAP systems in Landscape i.e. ECC5.0, BI7.0 as well as SRM5.0 through CUA/Solution Manager 4.0
  • Created new roles and modified existing roles to meet SOX requirements to maintain SOD
  • Secured and controlled access to all SAP systems to meet SOX requirements
  • Weekly monitoring of SAP R/3 system which includes

Monitoring the transports to Production system using Transaction STMS

Monitoring all change activity with respect to user accounts without logon for 90 days and critical user accounts using Program RSUSR200

Monitoring all change activity with respect to user accounts including changes pertaining to profiles using Transaction S_BCE_68001439 (RSUSR100)

Monitoring all change activity with respect to roles using Transaction RSSCD100_PFCG (Display Change Documents for Role Administration)

Monitoring Changes to table T000 by using program RSVTPROT (Evaluation of change logs)

  • Troubleshooting Authorization Issues using transactions SU53, ST01.
  • Modified Roles to extend existing roles to new Organization units i.e. Company code/Purchasing org etc.
  • Analyzed existing roles and created new roles with respect to Job responsibilities
  • User administration in Portal as well as in Solution Manager.
  • Testing User access automation project.
  • Documenting Security policies for SOX Audit.
  • Involved in SOX Compliance process to clean up user accounts which involves confirmation from Manager/Supervisors on access of users have.
  • Updating SU24 for T-code authorization changes
  • Documented Security Roles testing.
  • Performed transports using Transaction STMS i.e. Transport Management System (STMS)
  • Customized SOD matrix to meet Client’s audit requirements

BW/BI Security

  • Involved in upgrading BW 3.1 to BI 7.0.
  • Designed and created roles to restrict user's access by InfoAreas, InfoCubes, Queries and Workbooks.
  • Worked on hierarchy authorizations and assigned to nodes using RSECADMIN.
  • Created development / reporting roles using analysis authorizations concept.
  • Used SAP Migration tool RSEC_MIGRATION to migrate users, authorization objects.
  • Developed reporting roles for FICO, MM, SD and PP modules.
  • Created roles for BW developers using the authorizations objects S_RS_ADMWB, S_RS_DS, S_RS_ISNEW, S_RS_DTP, S_RS_TR, S_RS_RST, S_RS_PC, S_RS_BTMP, S_RS_BEXTX.
  • Developed roles for reporting users using SAP standard authorization objects S_RS_COMP, S_RS_COMP1, S_RS_FOLD.
  • Developed and assigned Analysis authorizations to users using RSECADMIN.
  • Analyzed and resolved users access issues using RSECADMIN.

Portal Security

  • Interacted with Portal developers in implementing Portal Security.
  • Involved in role design for Portal Security.
  • Worked on Content administration to create roles and work sets.
  • Created Users and assign appropriate Roles or groups in Portals using User Administration.
  • Created groups in Enterprise Portal and assigned all roles to that relevant group.
  • Configured Enterprise Portal 7.0 to integrate LDAP.
  • Configured Single Sign-on in Enterprise Portal.
Sixth Avenue Electronics, Springfield, NJ SAP Security Consultant

Feb ’07 to Oct ‘07

Environment : SAP R/3 4.6C/ECC 6.0, BW3.5/BI 7.0, SAP HCM, EP 7.0, SM4.0, Oracle 9i/10i,

GRC CC5.1/AE5.1/FF5.1

  • Worked with Functional consultants and Super Users to come up with design plan for R3 security implementation.
  • Created and modified custom roles with reference to business profiles for SD, MM, FI, CO and HR modules on ERP system.
  • Worked extensively and regularly with functional teams to gather user access requirements for defining new roles.
  • Implemented CUA in Solution Manager 4.0 using transactions SCUA, SCUG, SCUL and SCUM.
  • Worked on Migrating users from child systems to central system using the SCUG.
  • Prepared job function matrix for grouping users.
  • Fixed authorization issues encountered during Unit and Integration testing using transactions SU53 and ST01.
  • Used SU10 for mass changes in User master records.
  • Maintained authorization groups for all the critical tables in table TDDAT.
  • Used transaction SUIM for various security relevant reports.
  • Performed transports and mass transports of security roles.
  • Provided security training and prepared the security processes & documents.

• Helped process experts in creation of Segregation of Duties (SOD) matrix.

  • Analyzing the System Investigation Reports(SIRs) raised by the IT process and business process owners on SOD conflicts in Roles/Jobs/Users by running them in VIRSA VRAT (VIRSA Risk Assessment Tool) tool to analyze transaction code/authorization object level conflicts and addressing them with suitable remediation and mitigation controls.
  • Handled SOD conflicts in Users and worked on Roles for Sarbanes Oxley Compliance.
  • Used VRMT Tool to Create New Roles without conflicts.
  • Created and Maintained Firefighter ID’s using VIRSA FF 3.0(VIRSA Firefighter Administration Tool).
  • Worked with Internal Auditors in creation of User and Role Mitigations.
  • Assisted Internal Auditors in framing new Rules for combination of new TCodes in ECC 6.0.
  • Worked with Business experts in placing Mitigations for Conflicting and Critical TCodes.
  • Created Role matrices for information and requirement gathering for R/3 Security.
  • Created Portal Users & Roles in Enterprise portal system and assigned the Portal roles to users in DEV, QA, and PROD Systems.
  • Worked on Locking & Unlocking the users in Portal Systems.
  • Created SAP User Groups and assigned the Users to User Groups.
  • Securing BW queries over InfoAreas, InfoCubes, ODS objects.
  • Controlled access to BEx Analyzer using authorization objects (S_RS_COMP, S_RS_COMP1, and S_RS_ICUBE).
  • Created custom reporting Authorization Objects in BWto secure reporting users.
  • Secured query access with in the BEx Analyzer, BEx Browser.
  • Set up security by InfoArea, InfoCube, ODS, PSA, InfoObject, Query and Workbooks.
  • Implemented InfoObject Security (field-level security) for Reporting Users.
  • Securing the data presented in queries by hierarchy node.
  • Traced SAP provided objects and custom reporting authorization objects to debug an authorization error.
  • Authorization checks by assigning reports to authorization classes (RSCSAUTH).

HR SECURITY

  • Implemented Structural Authorizations using OOPS, OOAC, PPOC, PA40, SU01, PA30, OOSP, PO10, PO13, SE38 Transactions.
  • Deployed Security using Structural authorizations in tandem with R/3 Standard Roles.
  • Created Personal Master Record (PA40), User ID (SU01, SU10), Infotype 105 (PA30)
  • Created Structural Authorization Profiles (OOSP)
  • Created Infotype 1017 (PO10) for all nodes in Organizational Plan
  • Assigned Authorizations to positions using PO13
  • Assigned structural authorization profiles to user ID’s using Report RHPROFL0.

Page 1 of 8