Home

Narander - SAP Security GRC

[email protected]

Location: Houston, Texas, USA

Relocation:

Visa: H1B

Senior Technocrat having 14+ Years of IT experience out of which 10 years in SAP ECC R/3, SAP GRC, Control Panel GRC, Fiori Security, BI/BW, S/4 HANA EWM Architect, HANA On-premise, SAP ABAP ISU, ABAP Program, BTP Security and Authorizations and Compliance auditing & 4 years worked into ETL Informatica. Spanning across implementation, up-gradation and support projects I have gained substantial experience in business process mapping, configuration, enhancements, and post implementation support in SAP along with the SAP certifications. An astute strategist and a thought leader, having quality experience in delivering Enterprise Solutions by providing managerial and technical support, requirement analysis, solution design& development and implementing best practices in technology. Professional Summary Provided guidance and direction for IT Operation Risk and Compliance, including Sarbanes Oxley, SDLC, Projects off Shored. Extensively experienced as Scrum Master, Agile and Waterfall methodologies. Security provisioning using Sail Point and single sign-on using Okta and IAM. Participating in the team s on-call support rotation Assisting with internal and external audits, user reviews, and other compliance activities Good exposure on Emergency Access Management, Rulebook, Usage Analysis, Firecall log, etc in SAP GRC and Control Panel GRC (CPGRC). Working knowledge of SAP SECATT, GUI Scripting, RPA, Ignio or any other automation tool available. Configured and Implemented GRC Access Control Suite 10.0 and 12.0. Working on new roles and customizing the existing roles to minimize Segregation of Duties, Sensitive Authorization and Excessive Access Risks per our GRC rulebooks. Mapped Owners, Firefighters and Controllers using NWBC. Strong knowledge of section 302 and 404 of Sarbanes-Oxley Act(SOX),COSO framework and business process Prepared the roadmap for design of SOX IT controls, drafted the testing steps and quarterly assessments Responsible for preparing and implementing a risk-based audit plan to assess, report on, and make suggestions for improving the company's key operational and finance activities and internal controls. Role Administration including Role creation modification/ export / import Complete rework on Emergency Access Management(EAM), Access Risk Analysis (ARA), Access Request Management (ARM) & Business Role Management (BRM) User and Role Administration and having good troubleshooting skills. Skilled at learning new concepts quickly while working well under pressure Highly organized and dedicated with a positive attitude Technical & PMO, Consultant activities - Onboarding the project through due diligence and elicitation from business owner & customers delivery expectations. Business Analysis, Project Planning, Designing, Development & Testing strategies, Integration & Deployment. Handling the resources, technical procurement & processing teams synchronizing on project deliverables. Responsible for Customer & Organization on SOWs and clearing gaps, escalations during project execution & monitoring and closing. Extensive experience in Communications, Manufacturing, Insurance, banking, pharmaceutical and Inventory domains Hand full of experience in production support environment meeting SLAs in daily production flow, preparing , WSRs, handling requests, Incidents, and change management Experience in ISU work & Web Services Development Experience in Customer data, EIP, Customer Master Data Worked on different functional modules like MDM, SRM, APO, SCM, BW,GTS, CRM, BPM, SD, MM, QA, PM, APO and FICO and Involved in gathering business requirements and converting them into technical requirements as well as performing gap analysis between requirements and source data Resource planning, recruitment, Budget allocations, On boarding and career management of team Technical Skills: ERP Products : SAP R/3 (ECC 5.3/6.0), S/4 HANA, E-HANA Cockpit, and Fiori, CP GRC & SAP GRC AC Operating Systems : Windows XP/7 and UNIX Databases : SQL, Hana DB/On-Premise Domain Skills : Life Sciences, Banking, Manufacturing, Insurance & Telecom ETL Tools : Informatica and DHW concepts Tools : SAP GUI, Service Now, Citrix, Outlook, Skype, Toad Detailed Professional Experience Client: Walmart-USA Apr 23 Till Now Domain: Retail Market SAP Security Consultant USA Monitoring, GRC requests, IMS Mails, and IGA Mails and notices will come to SAP APP SECURITY mailbox, team needs to monitor on daily basis and execute the request with/without any further approval process. Creation of Global single roles, Enabler roles further divided into Global Master Roles and Local Master Roles. Global Master roles must be created for all the regions and should be exact copies of each other which is effective while creating derived roles. Hands on knowledge SECATT/eCATT (extended Computer Aided Test Tool) tool for software test automatio developed by SAP. Implemented custom security objects like ZSU01, ZSE16, ZDKEY, ZDEVACCESS, SNC FIX AND UPDATE, ALIAS UPDATE & USER LOCK. Security project team will need these whenever a new SAP box is implemented or added cutover activities. Working on new roles and customizing the existing roles to minimize Segregation of Duties, Sensitive Authorization and Excessive Access Risks per our GRC rulebooks Supporting cloud applications like Tririga, Ariba procurement systems, Success Factors, and Concur and provide the delegations in Ariba. Using SAP ChaRM tool delivered with SAP Solution manager that manages activities performed during role change from design to testing to final promotion to production system and prepare the approvals and documents like Role Owner approval, SOD simulation report, and Develop and Test/Quality results. Using GENGRC tool where external or internal auditors will post requests for security team to provide required evidence. Performing periodic activities like EAM Workflow (FF log workflow review), User termination activity for AMS support team, OSS and SNOTE Activity Notes, User retiring activity Tririga, Direct single role assignment, ARIBA Reconciliation, Success Factors User Termination, Tririga Reconciliation, SAP Standard User Review, UAR Activity - Compliance Team. Collaborate closely with technical and application security teams as well as functional solution architects on building a consistent application business role and IAM model. Good knowledge User Access Management (UAM) - automates provisioning, tests for segregation of duties (SOD) risks, and streamlines approvals to the appropriate business approvers. User Access Management (UAM) unburdens the IT staff from acting as reactive approvers of system access and provides a complete history of user access requests, approvals and provisioning Support and provide Access Risk Analysis (ARA) - offers real-time compliance to detect, remove, and prevent access and authorization risk by preventing security and control violations before they occur. Access Risk Analysis (ARA) software produces SOD Analytical Reports (both summary and detail) for selected users, user groups, roles, and profiles. ARA empowers the security team, business process owners and internal auditors to conduct their own risk investigation and resolution. Business Role Management (BRM) - standardizes and centralizes SAP user authorization role creation, approval and maintenance, providing an audit trail for changes, and enforcing an automated approval process. Using Business Role Management (BRM), business role owners can define functional role requirements, approve changes and via automated workflow notify the security team to generate and assign the approved roles. Emergency Access Management (EAM) - enables users to perform emergency (super user level) activities outside their standard roles; acting as a privileged user in a controlled and auditable environment. Through preconfigured access paths, key business users are authorized to check-out a Super user Privilege Management (SPM) user ID, also known as Firefighter ID (FF ID), in order to perform emergency break/fix and production outage situations. The process includes notifications and logging of all activities that take place while using the FF IDs. Supporting and User provisioning HANA DB on-premise and S/4 Hana,EWM Cloud and enterprise Hana security. Worked on MDM Security, SRM Security, SAP Sourcing, GFNR architecture, BI/BW security related authorization on both Queries and role level access. Enabled Centralized and Decentralized Firefighters, to execute tcode /GRCPI/GRIA_EAM in the satellite system and access the Firefighter id.Instrumental in setting up a global team collaboratively along with the Technology Leader and owner of the Consumer Services Technology Solutions group at US. Creation and maintenance of user accounts and role administration, troubleshooting user authorization issues by analyzing SU53, ST01, STAUTHTRACE logs. Processing User termination and Reactivation requests via GRC ARQs. Security provisioning using Identity, Sail Point and single sign-on. Creating and implementing for SAP, Success Factors, and other enterprise applications, non-SAP portal systems like Ariba Easy Buy, concur, SRM, Tririga security strategies, procedures, standards, and tools necessary to enable business functionality while securing sensitive data and otherwise supporting the Company s internal controls guidelines. Mass user Maintenance activities such as a Locking/ Unlocking / Password reset. Open / Create and maintain OSS user ID s as per business requirements in Secure area with display and debug access. Generate monthly User role report using SAP GRC for internal auditing like User Access Review (UAR) . Building Workflows using MSMP and BRF+, Importing of Roles into BRM. FIORI Catalog and Groups security administration Environment: SAP ECC 6.0, Zoom, SAP GRC AC, ZENGRC, Fiori Security, Identity, SAIL Point, SAP BI/BW, SAP Universe, BOBJ and Portal systems, Success factors, Teams, Outlook, Service Now, Charm, Citrix, Jira, S/4 HANA, HANA On-premise, BTP Client: ASML-USA Mar 22 Apr, 23 Domain: Communications SAP Security Consultant Wilton-USA ASML is an innovation leader in the semiconductor industry, provide chipmakers with everything they need hardware, software and services to mass produce patterns on silicon through lithography. AGILE way of working/methodology for creating & changing roles. Handling Emergency Access Management, Rulebook, Usage Analysis, Firefighter logs, Firecall log, etc in Control Panel GRC (CPGRC) and SAP GRC Access Control. Working on new roles and customizing the existing roles to minimize Segregation of Duties, Sensitive Authorization and Excessive Access Risks per our GRC rulebooks Supporting cloud applications like Ariba procurement systems, Success Factors, and Concur and provide the delegations in Ariba. Support the building and testing of roles, authorizations, and data restrictions in line with the application Identify and Access Management (IAM) strategy. Collaborate closely with technical and application security teams as well as functional solution architects on building a consistent application business role and IAM model. Support and provide input to MDG Team Members in the development of the processes for Data Cleansing, Data Migration and MDG integration of MDG Data Objects including Business Partner (Customer, Vendor etc) and MDG Financial Objects. Good knowledge with SAP MDG configurations for Data modeling, UI modeling, process modeling, rules and derivations, BRF, replication configurations Supporting and User provisioning HANA DB on-premise and S/4 Hana Cloud and enterprise Hana security. Worked on BI/BW security related authorization on both Queries and role level access. Created and configured the job roles, profiles, and authorizations for all SAP landscapes (including ECC,ERP, HR, Portal, BW, CRM, SCEM, APO, Solution Manager, CUA, Netweaver Gateway, GRC, ILM) and some non-SAP landscapes (including Tririga, Ariba, Concur, Success Factors). Instrumental in setting up a global team collaboratively along with the Technology Leader and owner of the Consumer Services Technology Solutions group at US. Creation and maintenance of user accounts and role administration, troubleshooting user authorization issues by analyzing SU53, ST01, STAUTHTRACE logs. Processing User termination and Reactivation requests. Managing SAP user populations through Central User Administration (CUA) to grant access to multiple non-production SAP clients from a central location. Security provisioning using GRC ARQ both in Prod and non-prod systems, Sail Point and single sign-on using Identity. Creating and implementing for SAP, Success Factors, and other enterprise applications, non-SAP portal systems like Ariba Easy Buy, concur, SRM, Tririga security strategies, procedures, standards, and tools necessary to enable business functionality while securing sensitive data and otherwise supporting the Company s internal controls guidelines. Mass user Maintenance activities such as a Locking/ Unlocking / Password reset. Open / Create and maintain OSS user ID s as per business requirements in Secure area. Generate monthly User role report using SAP GRC and CPGRC for internal auditing. Maintaining Rule Set, Function ID & Risk ID with Risk Owners and generating rules. Performing Risk Analysis at Role level and User level. Remediate and mitigate the risks by creating Mitigation controls. Identifying and implementing improvements to processes and procedures Creating Mitigation Approvers & Monitors. Building Workflows using MSMP and BRF+. Importing of Roles into BRM. FIORI Catalog and Groups security administration Environment: SAP ECC 6.0, S/4 HANA, HANA On-premise, BTP, Fiori, CP GRC & SAP GRC AC, IAM, IDM, SAP BI/BW,BOBJ and Portal systems, Success factors, Teams, Outlook, Service Now, Charm, Citrix, Jira. Client: Boston Scientific Jun 20 Feb 22 Domain: Life Sciences Role: SAP Security Consultant Location: Indiana-USA Boston designs, develops, manufactures and markets orthopedics products, including knee, hip, shoulder, elbow, foot and ankle artificial joints and dental prostheses. Good exposure on Emergency Access Management, Rulebook, Usage Analysis, Firecall log, etc in Control Panel GRC (CPGRC). Working on new roles and customizing the existing roles to minimize Segregation of Duties, Sensitive Authorization and Excessive Access Risks per our GRC rulebooks Maintained CRM roles and profiles and Business partner profiles for CRM Customer data and granted access and authorizations Created and Manager business role in CRM systems, assigned Partner BP record, BDoc processing issues Extensively used SU53 and SUIM to assign the missing authorizations to the users. Tracing missing authorizations objects using SU53 and recommended appropriate roles for the end users. User administration (creating, maintaining, deleting user accounts and assigning roles) Managing user login parameters and password parameters. Comprehensive use of Profile Generator to generate roles and assign roles to end users. GRC implementation; automation; upgrade experience with GRC ARA, ARM, EAM, BRM and SAP CUA (Central User Administration) integration with SAP GRC. Excellent knowledge of SOX, Audit issues and Segregation of Duties (SoD) issues. Under Risk Analysis and Remediation, performed User & Role analysis to identify existing SoD violations and Risks. Using ARA produced Analytical Reports on User, User Groups, Roles and Profiles. Performed remediation and mitigation against various risks associated with roles and users. ARA has Simulation features to allow you to assess the impact of potential remediation activities on the reported conflicts prior to making the actual change. Experience in creating and assigning FF ID's and extracting Fire Fighter logs. A firefighter ID is a temporary user ID that grants the user exception-based, yet regulated, access. The firefighter ID is created by a system administrator and assigned to users who need to perform tasks in emergency or extraordinary situations. Configured Workflow, actions and rulesets. Configured HR trigger provisioning and scheduled background jobs. Configured User Data source and defined authentication system for requestors using ARM. Strong capability in using ARM to use the work flow functionality to ensure a comprehensive and compliant change management process for risk control and maintenance. Experience in using ARM to configure workflow for User Access Review and User SoD Review. Worked on Analyses authorization creation and transport the changes within system landscape Securing Reports / Query s through roles based on Business requirement Environment: SAP ECC 6.0, S/4 HANA, Fiori, GRC AC, IAM, BI/BW,BOBJ and Portal systems, Teams, Outlook, Service Now, Charm, Universe Client: Akzonobel Oct 17 May 20 Domain: Manufacturing Role: SAP Security Consultant Location: TX-USA Akzonobel is a leading coatings company whose key products include automotive coatings, specialized equipment for the car repair and transportation market and marine coatings. The coatings groups consist of the following business units: Marine Coatings, Protective Coatings, Vehicle Refinishes, Specialty Coatings, Metal Coatings, Wood Coatings and Powder Coatings Good exposure on Emergency Access Management, Rulebook, Usage Analysis, Firecall log, etc in SAP GRC Access Control 12.0. Working on new roles and customizing the existing roles to minimize Segregation of Duties, Sensitive Authorization and Excessive Access Risks per our GRC rulebooks Creating and modifying the roles based on the business requirement. Worked on ticketing tool to resolve the issues & problems in different kinds of SAP Security modules. Collaborate with other team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the Client requirements. Analyzing the authorization issues using SU53 and ST01 and providing the solution, missing authorizations as per the user profile. Determining and report if any risks will be introduced by simulating the addition of transactions, roles, or profiles to a user id. Expertise in (User admin & Role admin User maintenance) like Creation of users, groups, assigning roles to users, modifying the user records, user roles and solving the authorization failures by using SU53). Performing the WSR, Monthly, and Quarterly audit & compliance reports via CSI tool. Good experience on the GRC-ARA SoD Violations like user, User Level and Role Level Simulation and execution. Environment: SAP ECC 6.0, GRC AC 10.0, APO, SAP SRM, and Portal systems, Zoom, Remedy, SAM, Solman &Charm, Optiva and Archiva, CSI tool. Client: Lloyds Bank Group Aug 16 Sep 17 Domain: Banking Role: SAP Security Consultant Location: London, UK In line with this archival of static and live data, the SAP ILM project is one such initiative sponsored by Sales and Marketing that focuses on providing an in-depth understanding of the customer. Data archiving with the retention periods for the banks static and live data. Working on Role administration and User administration by using t-code PFCG and SU01. Used PA30/PA20 to check Info types and user other information Used Users_Gen transaction to copy the new users for existing OgrId in SRM system Analyzing the authorization issues using SU53 and ST01 and providing the solution as per the user profile. Added roles in portal system user Administration tab User validity Extension for SRM users Adding new transactions as user requests. Prepared the Audit reports as user requested format. Working Firefighter administration like assigning FFID s to FF users and sending logs to FF Controller. Extracting Audit reports from SAP systems and sending them to client for verification. Working on Weekly, Monthly and Quarterly Audit reports. Extensively worked on Authorization objects, fields, authorizations, authorization profiles. Environment: SAP ECC 6.0, GRC AC 10.0, SCM, SRM, and Portal systems, Zoom, Remedy, ANBI and ATLAS, Archiva, Treasury, Hana spotfire, Solman &Charm Clients: BWM Aug 15 Jul 16 Domain: Manufacturing Role: SAP Security Consultant Location: Hyderabad, India BMW is a German multinational manufacturer of luxury vehicles and motorcycles headquartered in Munich, Bavaria, Germany. The corporation was founded in 1916 as a manufacturer of aircraft engines. Used (PFCG) Profile Generator for creation, modifying roles, composite roles, derived roles Conducted meetings with business and functional team (SD, MM, QA, PM, APO and FICO) to gather requirements for derived and composite roles to implement the role- based security Analyzed the report in SU53 to find out the missing authorizations and resolve the User issues Production Support for all SAP user s authorization and access issues Utilizing system trace (ST01), authority check (SU53), to analyze and fix Problems related to Security Facilitated coordination between Help desk and Technical teams. Performed user administration activities, such as setting up user login IDs, resetting passwords, locking users, and unlocking users. Created and modified Single Roles using Profile Generator to meet business requirements by making sure users get proper authorizations Extensively worked on Authorization objects, fields, authorizations, authorization profiles. Environment: SAP ECC 6.0, GRC AC 5.3, CUA, Remedy, ANBI and ATLAS, Archiva, Treasury, Hana spotfire, Solman &Charm Client: Honeywell Oct 12 May 15 Domain: Manufacturing Role: SAP Consultant Location: Hyderabad, India Handling Administration Changes, requests that are entered making sure that they are knowledgeable and make sense logically so than the request can be approved. Tracing missing authorizations objects using SU53 and recommended appropriate roles for the end users. User administration (creating, maintaining, deleting user accounts and assigning roles). Managing user login parameters and password parameters. Analyzing authorization problems/errors and implementing appropriate solutions. Daily audits of the CSI tool. Monitor the group Inbox. Update Policies and Procedures for CSI Admin & START process. Worked on Role administration and User administration by using t-code PFCG and SU01. Conducted meetings with business and functional team (SD, MM, FICO) to gather requirements for derived and composite roles to implement the role- based security Used PA30/PA20 to check Info types and user other information Used Users_Gen transaction to copy the new users for existing OgrId in SRM system Added roles in portal system user Administration tab User validity Extension for SRM users Adding new transactions as user requests. Prepared the Audit reports as user requested format. Extracting Audit reports from SAP systems and sending them to client for verification. Working on Weekly, Monthly and Quarterly Audit reports. Extensively worked on Authorization objects, fields, authorizations, authorization profiles. User administration involving creation/deletion/locking/modifying users. Assigning missing authorizations as per the user s requirement. Worked with User Information System, creating and changing users and assigning users to roles. Generated and maintained authorizations and authorization profiles based on existing roles. Copying and Modifying SAP-provided user role templates and also created a set of custom user role templates. Used CUA to maintain users (creation, deletion, locking etc). Worked on ticketing tool to resolve the issues & problems in different kinds of SAP Security modules. Collaborate with other team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the Client requirements. Analyzing the authorization issues using SU53 and ST01 and providing the solution, missing authorizations as per the user profile. Environment: SAP ECC 6.0, GRC AC 5.3, CUA, Remedy, FSCM, Archiva, Treasury, Hana spotfire, Solman &Charm Jan 11 Sep 12 Zurich/Farmers (Client) ETL Developer (Role) Hyderabad, India Involved in ETL development using different transformations like Router, Aggregator, Joiner, Lookup, Update Strategy, Source qualifier, Filter, Expression and Sequence generator etc., to store the data into the target table. Created the Mapplets & reusable Transformations. Involved in development of change requests and Implementations Performed Production support during the warranty period after code deployment. Created sessions, workflows and implemented error handling mechanism for ETL mappings. Creation of Unit Test Plans (UTP), Unit Test Cases (UTC's), Unit Test scripts with captured unit test results. Performed Code reviews of Informatica Mapplets, Mappings, and workflows and other documents required by onshore. Environment INFORMATICA 8x, ORACLE, Teradata, UNIX, HP Service Desk CISCO (Client) Jan 08 Dec 10 Developer and Production Support analyst (Role) Hyderabad, India Managing the offshore team and involving in production support activities Establish and ensure adherence to a set of guiding principles for data warehousing Communication of key milestone status to IT management Ensuring the remainder of the team accede to their responsibilities as enumerated below Liaise with strategic vendors Establishing partnerships with key IT partners in support of data warehousing initiatives Involved in code and application development & enhancements. Automated various manual Processes through ETL logic. Developed and Scheduled Various Mappings and Sessions. Identifying the load on server and performing load balancing to avoid SLA miss outs during regular job monitoring. Identified performance bottlenecks and implemented Performance tuning methods. Involved in critical and high priority time bound issues providing detailed root cause and resolution to business users. Responsible for maintenance of proper quality standards in deliverables, version control, defect tracker, error log etc. and Major Business and Operations Support. And major business and operations support. I was also involved in solving priority 1 business cases and maintaining and supporting the production in a full cycle basis. I ensured that the whole team is in sync with the Customer Advocacy Finance Business policy. Involving in migration and testing of applications during software/hardware environment upgrades. Monitoring daily runs of jobs on $Universe (scheduling tool) and UNIX environment. Batch job support (24x7) including month end, quarter end and Year-end support. Providing production and non-production support and coordinating with DBAs. Environment INFORMATICA 8x, ORACLE, Teradata, UNIX, HP Service Desk, BO, $Universe Education Master s Degree (MCA) from Osmania University, India Bachelor s Degree (BCA) from Osmania University, India Keywords: quality analyst user interface materials management business intelligence database sfour rlang information technology business works hewlett packard Idaho South Dakota Texas