Sap Grc Access Control security, IT aAudit
Resume:
G Ramya Sindhu
*********.*@*****.***
Professional Summary:
• I am a seasoned ITGC SOX Audit and SAP GRC professional with over 9 years of expertise in internal and external auditing, SAP security, and governance, risk, and compliance (GRC) solutions. I have successfully supported large-scale global projects and implemented SAP GRC Access Control solutions across diverse industries.
• ITGC & SOX Audit: Extensive experience with SOX compliance, internal and external audits, and implementing ITGC controls.
• SAP GRC Security: End-to-end implementation and management of SAP GRC Access Control, covering roles, authorizations, and risk mitigation strategies.
• SAP S/4 HANA : Involved in ECC to S/4 HANA migrations and database refresh activities, ensuring smooth transitions with minimal disruption.
• SAP Fiori: Hands-on experience in developing Fiori applications, including the creation of catalogs, tiles, spaces, and pages. Activated OData services and maintained SICF services.
• SAP BTP: Knowledge in SAP Business Technology Platform (BTP) for integrated cloud-based solutions.
• Client & Team Management: Led teams of 3-5 members, maintaining excellent communication with clients and stakeholders to ensure successful project execution and delivery.
• Project Management: Managed end-to-end SAP security projects, ensuring timely delivery, proper documentation, and compliance with security best practices.
• Audit & Compliance: Experienced in conducting walkthroughs and collaborating closely with process and control owners to ensure effective audit strategies.
• Security Consulting: Skilled in defining security controls, designing blueprints, developing strategies, and implementing policies and procedures for enhanced security and compliance.
• Managed large-scale SAP GRC security implementations and rollouts for global clients.
• Successfully supported and led teams through complex audit and compliance activities, ensuring adherence to SOX controls and exhibited great Teamwork.
• Contributed to ERP security designs and migration strategies, ensuring effective risk management and control in SAP environments.
• Experience in securing SAC content, defining user roles, and implementing access controls to ensure secure data visualization and reporting.
Work Experience:
Deloitte & Touché Assurance June 2023-Nov 2024
RFA Lead Software Engineer 1
ITGC Audit SAP Security
Responsibilities:
• Performed IT Security Assessments, SOX Controls for SAP ERP and GRC Controls and IT Security Policies & Procedures.
• Served as IT specialist on SAP audits, testing configurable, automated, and manual controls.
• Experienced in testing and reviewing General IT controls (GITC) over access, program development, change management, and impact testing for various applications like SAP, Unix/Linux, Windows, and cloud applications.
• Led risk assessment, testing and review of GITC for various systems, including SAP and supported infrastructure (OS/Database) for IT audit engagements.
• Conducted risk assessment for the various business processes, identifying potential risks and controls requirements adhering to SOX requirements for SAP and other applications.
• Managed project activities including tracking delivered hours, ensuring quality, and meeting engagement deadlines. Deloitte & Touché Assurance Nov 2021-May 2023
RFA Software Engineer2
ITGC Controls IT Auditor SOX
Responsibilities:
• Performed ITGC Testing for SOX 404 mainly on Access management and change management.
• Tested the design and operating effectiveness of IT General controls and identified control gaps.
• Participated in walkthroughs to know about workflow of the control and prepared document about the information gathered during the auditing period.
• Inspected the password policies and tested the implementation of policies. Responsible for control evaluation over Information Security domains including Logical Access control, Change management, Job Scheduling error & detection.
• Worked extensively on identifying SOD conflicts and suggesting remediation procedures.
• Worked with executive management to appropriately address audit findings and ensured the risks were mitigated appropriately.
• Worked on Deloitte Internal Audit tool – ACTT (Automated Controls Testing Tool).
• Performed year on year enhancements to the controls as per the framework design changes.
• Added new controls as recommended by the COE Leadership Team.
• Worked on Service Now ticketing tool.
• Understanding the scope of Audit Testing and sharing the relevant Extract Scripts with the clients for data extraction process.
• Assisting the Deloitte practitioners with processing issues and report related queries.
• Worked on updating the ABAP based Extract Scripts by adding new tables and reports to the Script.
• Creating new Rules to display the respective output in the different reports generated by ACTT. ACS Global Tech Solutions (Deployed to Deloitte) May 2021-Nov 2021 Senior Engineer (SAP GRC Security Consultant)
Responsibilities:
• Assisted in the execution of IT audit engagements, performing GITC testing and reviews, IT application controls reviews, assessed design & implementation, and operating effectiveness of controls across various business processes.
• Documented and evaluated IT processes, identifying control weaknesses and suggesting improvements.
• Managed large engagements, including stakeholder expectations, scheduling, delivery, resourcing, and budgeting.
• Developed technical skills in various audit software and IT systems.
• Scheduling of Synchronization jobs for ARA and EAM.
• Creating Functions and Risk IDs and Executing the SOD Background job.
• Mitigation and remediation of users and roles for SOX using User/Role Analysis in ARA.
• Determine and report if any risks will be introduced by simulating the addition of transactions, Roles, or Profiles to a User ID.
• Extensively worked on trouble shooting the user authorization issues, using report (SU53) and system tracing using ST01, STAUTHTRACE t-codes.
• Critical authorization objects such as S_TABU_DIS, S_DATASET, S_PROGRAM, S_DEVELOP were restricted and monitored.
• Analyzing authorization checks & troubleshooting Security problems using STAUTHTRACE, ST01 and SU53.
• Worked with security related tables such as AGR_TCODES, AGR_USERS, AGR_1251, 1252, 1016.
• Responsible for day to day technical support and resolution of security issues, troubleshooting R/3 security problems.
• Involved in Decommissioning the GRC system.
DSQUARE Tech Labs Feb 2019 – April 2021
Senior SAP GRC Security Consultant
Responsibilities:
• Lead, facilitate, coordinate, and track day-to- day activities required to ensure the project is completed on time, successfully, and in a manner consistent with organizational goals, departmental policies, established processes, and/or the standard terms and conditions.
• Oversees and directs the Security Administrators in the creation and maintenance of required master and derived security roles and the administration of users.
• Testing with test coordinator while being responsible for managing both Integration testing and UAT test cycles
• Providing solutions to Break Fix authorization issues in all SAP environments..
• Worked extensively with the area of Authorization checks using transaction SU24 and maintained check indicators for Transaction codes.
• Managing assignment of mitigating controls for specific Segregation of Duties (SOD)violations
• Security Requirements Collection, Re-design of Roles, Administration of Roles, Testing of Roles
• Acting as a liaison between internal and external auditor for smooth auditing.
• Review and analyze SOX/GRC and SOD reports and act accordingly.
• System opening & maintain the user update at service marketplace,
• Creating user & License Key at service marketplace.
• Moving Transport request.
• Security Role Changes, New or Existing
• Worked extensively with the area of Authorization checks using transaction SU24.
• Check indicators for Transaction codes.
• Performed SU25 activities after SAP Upgrade for ECC and BW Systems.
• Performed post installation tasks such as Client copy validation, Activated the GRC AC applications in clients.
• Checked and activated ICF services, activated BC sets and generated standard SAP profiles.
• Setting up Approvers and alternate approvers in GRC for roles
• Involved in Monthly User Access Review activity with the internal auditors.
• Worked extensively in area of Firefighter implementations (EAM)
• Mapped the FFIDs to Owners and Controllers
DSQUARE Tech Labs February 2016 – Jan 2019
SAP Security Consultant
Responsibilities:
• SAP Security administration and maintenance
• Design, Configuration & Testing of SAP Security Roles
• Mass Assignment and Re-assignment of Roles/ Users
• Mapping of Missed Authorization Object in T-codes.
• Mapping of T-code with Reports and Programs.
• Maintaining (Create, Delete, Change, Copy) SINGLE, COMPOSITE and DERIVE Role in Customer Namespace.
• Performed Spool Administration, Client Administration, SAP background job scheduling and monitoring, Transport Organizer and other Basis day to day activities.
• Locking critical transactions using SM01.
• Analyzing SU53 screen shots to debug authorization problems.
• Analyzing ST01 trace log to fix the authorization bugs.
• Monitoring list of users who are having access to powerful profiles like SAP_ALL and SAP_NEW etc and alerting the client on the same.
Education:
• Post Graduation Diploma in Business and Economics from Hyderabad School of Business.
• Bachelor of Technology (B.Tech) from Jawaharlal Nehru Technological University(Anantapur) in Information Technology. Certifications:
• ISACA - Certified Information Systems Auditor (CISA) Technical Skills
• IT Audit and Assurance
• Risk Assessment and Management
• Compliance and Regulatory Standards (SOX)
• IT General Controls (ITGC) & Application Controls
• SAP Security, ECC, GRC (EAM, ARA), S/4, BW and SAC (SAP Analytics Cloud)
• ServiceNow Ticketing tool
Contact this candidate