Senior SAP Hana Security And Grc Admin

Location:

Posted:

May 23, 2017

Contact this candidate

Resume:

Ashok Bhagavatula

706-***-****

*****.***********@*****.***

Objective:

Senior SAP HANA Security/GRC Administrator position

Areas of Expertise

Overall 13 years and Above 11 years of experience as a Security Administrator in SAP R/3(ECC 6.0, 5.0), BW (BI 7.0, BW 7.4), HANA, BOBJ, CRM 7.0, 5.2, SRM, GTS, Solution manager 7.0, PI/XI, VIRSA/GRC, Solution Manager, CUA, Portal.

Upgrade experience from 4.6C to ECC 5.0, ECC 5.0 to ECC 6.0, BW 3.5 to BI 7.0 and BW 7.02 to BW 7.4 and CRM 5.2 to CRM 7.0, GRC 5.3 to 10.1

Security Experience with various modules like PP/MM/QM/IM/WM/PM//FI-CO/AP/GL/SD/VC/CS/MDM/CRM etc

BW Security- Secured BI Info Areas, Info cubes, Queries, Info objects, Hierarchy and Info objects. Successfully upgraded BW3.5 authorizations to BI7.0 Analysis authorizations. Restricted Analysis Authorizations (Using RSECADMIN Tool) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level. Extensively used new BI tools like Authorization Monitoring and Legal Audit. Defined Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1).

HANA Security – Configured Standard, Technical and Restricted Users. Worked on System, Object, Analytic and Package Privileges. Knowledge in SAP Studio

HR Security - Designed and Developed HR Security in Personnel administration and Payroll accounting, Benefits, Compensation, Time Management, Travel, Payroll, E-Recruitment, Personnel Development and Org Management modules. Implemented Structural Authorizations to Restrict PD Objects.

GRC -Designed, configured and maintained GRC 10 Access Control. Worked with SOX team to make updates to GRC rule set. Developed workflows in GRC. Integrated GRC with Active Directory. Deployed password self-service. Planned, designed and developed roles for major ECC and CRM implementation. Developed detailed project plans, standard operating procedures, processes and training documents. Worked closely with an offshore team of security analysts to support a major SAP implementation

Able to immediately provide support for any current SAP Implementation project

Experienced in providing many proven SAP best practices solutions for common SAP security support issues, GRC, SOX, Role Redesign, or other challenges.

Provided Support for both Internal and External Audits (Deloitte)

Collaborate with other team members and business representatives to ensure that security settings meet the requirements of the business and align with the defined controls and standards

Able to immediately provide support for any current SAP Implementation project

Professional Experience:

PG&E April 2015 – Present

San Francisco, California

Sr. SAP Security Administrator

Environment: ECC 6.0, SRM, HCM, EWM, BI 7.4, BO 4.0, Solution Manager, GRC 10.1

Responsibilities:

Projects:

BPC Upgrade 7.5 to 10.1 on HANA Database

BW Upgrade 7.02 to 7.4 on HANA Database

JE Automation Project - Finance

Integrated Supply Chain Management Project – SCM

GRC Upgrade 5.3 to 10.1

ECC Upgrade Enhancement pack EHP6

HANA

Design and Implement HANA-BI Security

Integrate BOBJ Security

Created custom roles in HANA DB for Developers, Modelers, Data Base Administrators and Business End user Roles

Worked on System, Object, Analytic, Package and Application Privileges

Worked on both Catalog (Run Time) and Repository Roles (Design Time)

Worked on License Check Properties and Activating Audit Policy.

Strong Experience in working on HANA Studio and Development perspective

Experience in HANA Life cycle Manager and Transport Mechanism

Ability to Drive Security support process and ensure compliance of project standards and deliverables

Worked on end to end implementation on HANA Security (HANA Database and Analytics)

Strong understanding of all administrative tasks related to HANA Security

Strong knowledge of designing of roles & authorizations and implementation of complex security framework and role matrix for SAP HANA Enterprise platform

Able to create schema level access control on HANA DB

Worked with team for development of security design document, creation of new roles, modification of existing roles, resolution of security-related issues, coordination with analyst and Basis team members.

Created Analysis Authorizations (RSECADMIN/RSECAUTH) to restrict BI reporting users.

Optimized the authorization relevant checks on Info Objects in BI.

Integrated BI with BOBJ.

Define Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1)

Restricted Analysis Authorizations (Using RSECADMIN Tcode) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level.

Designed and developed a BW workgroups concept for the reporting power users to share queries within their business groups including development, Operations and Production support, Change Management, Security design and methodology, project planning and project management.

Worked with BW Technical Team to design security, identify Info Areas, Info Cubes, and created custom objects.

Upgraded BW from BW 7.02 to BW7.4. Migrated BW 7.02 Authorizations to BW 7.4 Authorizations using SAP’s Migration Tool (program RSEC_MIGRATION). Restricted Authorizations at various levels such as Query, Query View, Web Template, Web Item and Workbook.

BPC

Worked with FI team to procure BPC requirements

Created Task profiles in BPC, merged the backend standard BPC roles into one composite role.

Created Member access profiles and teams, provided profiles for leads to administer their respective teams

Created users in BPC Web Client and integrated with Backend BW.

GRC

Upgrade from 5.3 to 10.1

Master Data Setup in GRC10.1for new roles

Setup UAR – User Access Review Requests for periodic review

Review, approve and mitigate risks for access change requests

Designed, configured and maintained GRC 10.1 Access Control.

Worked with SOX team to make updates to GRC rule set.

Developed workflows in GRC. Integrated GRC with Active Directory.

Developed detailed project plans, standard operating procedures, and training documents.

Worked closely with offshore team of security analysts to support a major SAP implementation

Configured BRF + in GRC 10.1 Access Control

Configured MSMP Configuration in GRC 10.1 Access Control

Configured Business Role Management in GRC 10.1 Access Control

Worked Work Flows for EAM – Super User Access in GRC 10.1 Access Control

Pre & Post Implementation steps for GRC 10.1 for ARA,ARM,EAM& BRM Modules

Ran Risk Analysis on Single/Business Role level and worked with Business/Track leads to remediate/mitigation Risks

HGST September 2014 – March 2015

San Jose, California

Sr.SAP Security Administrator

Environment: ECC 6.0, SRM, BI 7.3, GRC

Responsibilities:

Design and Implement S/4 HANA

Gathering FIORI Requirements from Business

Set up Users in SAP Net weaver Gateway and ABAP front end server

Create New users/modify existing users in HANA and S/4 HANA

ECC Security

Analyzed the SAP Systems and provided recommendation to clean up and maintain the SAP positions and user profile. Maintained and Transported Roles using SAP CUA.

Worked on various Roles and eliminated the Transaction Codes which are causing conflicts from those Roles, Role Redesign, Mitigation and Role Remediation work

Responsible for the developing single/composite/derived roles using the Profile Generator (PFCG)

Troubleshooting authorization issues in SAP modules MM,PM,PP,PI,SD,FI,IM and WM

Utilizing system trace (ST01), authority check (SU53), debug mode to analyze and fix Problems related to Security

Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

Provided SAP Security design, configuration, and support for SAP NetWeaver systems running BI/BW 7.0 and HCM (Personnel administration and Payroll accounting, Benefits, Compensation, Time Management, Travel, Payroll, personnel Development and Org Management modules)

Developed the global security plan defining security strategy in design, development implementation and support

Created template for the global rollout for the creation and maintenance of security accesses, permissions and controls by job role requirements

Extracted Structural authorizations from HCM system to BI using standard SAP extractors

Created Analysis Authorizations using the new RSECADMIN tool to restrict BI reporting users.

Restricted Roles based on Personnel Subarea, Cost Center, Employee Subgroup

HANA

Created Standard, Technical and Restricted Users

Created Roles for Developers, End User and Database Users

Worked on Schema/Object level Privilege access

PG&E March 2014 – August 2014

San Francisco, California

Sr. SAP Security Administrator

Environment: ECC 6.0, SRM, HCM, EWM, BI 7.3, BO 4.0, Solution Manager, GRC 10.0

Responsibilities:

Role Re-Design project

Worked on various Roles and eliminated the Transaction Codes which are causing conflicts from those Roles, Role Redesign, Mitigation and Role Remediation work.

Scope of the Re-Design project includes Order-To-Cash, Logistics Execution, HCM, Financial Supply Chain Management (Biller Direct, Payer Direct, Dispute Mgmt, and Collections Mgmt), IT and Work Management.

Re-Design ECC, BI, CRM, SRM, SCM, EWM and HCM security.

ECC Security

Analyzed the SAP Systems and provided recommendation to clean up and maintain the SAP positions and user profile

Responsible for the developing single/composite/derived roles using the Profile Generator (PFCG).

Reviewed the role design process and developed the pre cutover and post cutover schedules and strategy.

Utilizing system trace (ST01), authority check (SU53), debug mode to analyze and fix Problems related to Security

Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

BW 7.0 Security

Designed Security strategy and also responsible for Functional and technical designs and provided documents.

Migrating old BW 3.0B roles (profiles) to new BW 7.0 using the program RSEC_MIGRATION and responsible for design and creation of new roles upon business and IT requirements passing the SOX AUDIT.

Expert in using RSECADMIN and building Analysis authorizations that are new to BI 7.0 security, Implemented new BW 7.0 security authorization objects.

Business Objects

Implement Business Objects (BOBJ)Security

Defined the security approach for Webi, Xcelsius Dashboards and Crystal Reports.

Administration using Central Management Console to configure Users, User groups

REI October 2012 – February 2014

Seattle, WA

Sr. SAP Security Administrator

Environment: ECC 6.0, BI 7.0, HCM, CRM 7.0, SRM, CUA, GRC 5.3

Responsibilities:

Successfully designed and implemented security which contained Finance (AP, AR, GL, Fixed Assets, Costing), Parts (Logistics, Planning, Pricing, Order management) & Service (Service delivery, Contract Warranty, Install-base, Workforce management) functional areas across ECC, BI, EP, SCM, SRM, CRM systems

Designed Security for various modules like PP/MM/QM/IM/WM/PM/FI-CO/AP/GL/SD/VC/CS/MDM/CRM etc.

Configured and managed Central User Administration (CUA) environment. Administer Users using SCUA, SCUL, SCUG and SCUM

Involved in all aspects of SAP security from setting up naming conventions for roles, profiles, Unit/Integration Test ids, custom objects and user groups to interact and work closely with various functional teams to collect role requirements, configuration of single and composite roles, transportation of roles, deployment activities and post implementation support

CRM:

Developed the Security design for CRM 7.0

Worked with the CRM functional team to outline security requirements around several CRM services

Created OSS Ids, maintained OSS Connections and OSS accounts.

Set up CRM 7.0 security for Marketing and Campaign Management, Business Partner Security, E-commerce (Internet Sales) and Product Security

Worked with functional analysts in developing CRM security in accordance to CRM Business Role requirements and assigning PFCG roles to business roles.

Extensively used CRMD_UI_ROLE_PREPARE report to generate the necessary UIU_COMP settings corresponding to the CRM business role.

BW 3.5/BI 7.0 Security

Created Analysis Authorizations (RSECADMIN / RSECAUTH) to restrict BI reporting users.

Optimized the authorization relevant checks on Info Objects in BI.

Integrated BI with BOBJ.

Define Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1)

Restricted Analysis Authorizations (Using RSECADMIN Tcode) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level.

Worked with BW Technical Team to design security, identify Info Areas, Info Cubes, and created custom objects.

Upgraded BW from BW 3.5 to BI7.0. Migrated BW 3.5 Authorizations to BI 7.0 Authorizations using SAP’s Migration Tool (program RSEC_MIGRATION). Restricted Authorizations at various levels such as Query, Query View, Web Template, Web Item and Workbook.

GRC

Implemented and configured the entire GRC tool set – Compliance Calibrator (Risk Analysis and Remediation), Fire Fighter (Superuser Privilege Management), Role Expert (Enterprise Role Management), Access Enforcer (Compliant User Provisioning)

Worked with Audit and Business Teams to create the RAR Rule Set, Mitigation controls and Firefighter access procedures.

Configured Compliant User Provisioning for User Access request process.

Created Mitigation Controls, Mitigation Owners and Alerts in Compliance Calibrator to monitor critical transaction usage

The Home Depot October 2007 – September 2012

Atlanta, Georgia

Sr. SAP Security Administrator

Environment: ECC 6.0, SRM, HCM, BI 7.3, Business Objects 4.0, Solution Manager

Responsibilities:

Upgrade ECC security from ERP 6.0 EHP 2 to EHP 5

Upgrade BI security from BI 7.0 to BW 7.3

Upgrade Business Objects security from BOE 3.1 to BO 4.0

Upgraded Security for various modules like PP/MM/QM/IM/WM/PM//FI-CO/AP/GL/SD/VC/CS/MDM/CRM etc.

Defined CUA model and configured on Solution manager

Worked on SAP Check Indicator Defaults and Field values, reduced the scope of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.

Troubleshoot security/authorization related problems using SU53, ST01 and SUIM

Perform reconciliation of user master record and roles using PFUD and SUPC

BI 7.3 Security

Created Analysis Authorizations (RSECADMIN / RSECAUTH) to restrict BI reporting users.

Optimized the authorization relevant checks on Info Objects in BI.

Define Authorization-Relevant Characteristics and Attributes using Info Object Maintenance (RSD1)

Restricted Analysis Authorizations (Using RSECADMIN Transaction code) at Characteristic Values, Attribute Values, Hierarchies and Key Figure level.

Worked with BW Technical Team to design security, identify Info Areas, Info Cubes, and created custom objects.

HR Security

Design and Development of HR Security for various modules including Personnel administration and Payroll accounting, Benefits, Compensation, Time Management, Travel, Payroll, E-Recruitment, Personnel Development and Org Management modules.

Implemented Security using Structural and General authorization

Generated authorizations for users in organizational plan using RHPROFL0 report

Extensively used RHBAUS reports to improve the performance while using Structural authorizations.

Expertise in handling security related issues on all diverse applications including R/3, CRM and SRM

Enforced Best Business Practices during all phases of Project life cycle.

Worked closely with Internal and External auditors to ensure SAP security design is compliant.

BHP Billiton Jan 2007 – Aug 2007

Miami, Arizona

SAP Security Consultant

Responsibilities:

Worked as a SAP R/3 Security analyst for SAP Applications support group

Created roles and User Ids for programmers, end users by extensively using SU01 and PFCG.

Used Derived activity groups to create new activity groups and to transfer transaction codes from old ones to new ones.

Supported users at different levels for the security issues in various functional modules.

Analyzed all custom programs and transaction codes for authority check and configured authorization objects for transactions in SU24 in order to automate Profile generator for custom transaction.

Handled Security development for various modules such as FI, MM, AM, SD, PP, QM, PM and HR.

Continuously improved security configuration to reflect best practices and to prepare for system audits.

Kohler Company, WI Jan 2006 – Dec 2006

Madison, WI

SAP Security Consultant

Responsibilities:

Defined new Roles, redesigned the existing definitions and built smaller meaningful roles based on the concentration of job duties.

Worked with SAP Check indicator defaults and customized them based on the client’s security model.

Analyze, assign, delimit and create roles in a position based security model.

Analyzed all business roles and mapped business roles to transaction codes according to Business processes.

Designed and configured security roles to support corporate business processes, defined positions and developed structural authorizations for the security model.

Transported the generated roles and profiles using SAP Transport Management System (STMS).

Identified critical transactions and auth objects and monitored their assignments.

Used SM19 and SM20 to audit user activity during a firefighter role assignment.

Worked with derived roles and various org level objects

Performed Unit Testing on the roles.

Worked with the PM’s to assess the validity of the project timeline, help define timelines for deliverables, and work with the rest of the security team members to delegate deliverables.

Engaged in role redesign in the R/3 environment to handle SODs in existing roles for compliance purposes.

Worked with Internal Audit team to define mitigation controls and translated these controls to table entries in Compliance Calibrator for continuous monitoring.

Provided End user Technical support and change control

Contact this candidate