SAP Sr Security and GRC Consultant
Accenture
Total des années d'expérience :12 years, 8 Mois
• As a SAP Security Consultant was involved in Functional/Technical analysis in the project for SAP GRC Implementation/Upgrade, Security role architecture design.
• Managing Consultant for the Implementation of SAP Security for EMEA/LATAM/ASIA/NORAM regions.
• Responsible for Managing Security/Technical access risks by working on User/System level.
• Carried out SAP Security Consultant duties to identify assess physical and technical security risks to data at User/System level.
• Managing the setting up of the connection b/w SUN IDM myAccess with the GRC 10.1 to support the user provisioning landscape in SAP.
• Helped the client/Business to define the SOD matrix rule set and making the business understand the Segregation of duties access risk rules set and its importance in daily business.
• Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements and configuration/Support of SAP GRC components.
• Preparing and Managing the SAP Security Audit cycle
• Involved in Design and preparation of Client blue print for SAP Security Access Management.
• Assisted the project manager in preparing the project schedules, milestone tracking, and resource allocation using MS Project.
• Involved in SDLC including requirements gathering, designing, developing, testing, and release to the working environment.
• Worked in design of process controls for the business.
• Managed the project for automation of role assignment for Standard HR JOBS.
• Implemented Information System business solution of respective User profile to exclusive functional departments and assigning them to departmental user at client business process.
• Streamlining the SAP Security Procedure and Policies.
• Managed the account planning by providing an approach, estimates and implementation plan as part of a GRC Access Control proposal.
• Managing and leading the offshore SAP Security/GRC Access Control delivery model for the customer.
• Managing the configuration and designing of Segregation of duties risk rule set and the controls for the same.
• Requirement gathering with client and preparation of Risk framework and internal controls
• Working as Risk analyst to identify the transactions posing threat to the SAP system.
• Developed and managed the project management plan, established risk management process and metrics for the deliverables. Also supported the account planning on the account by providing an approach, estimates and implementation plan as part of a GRC proposal.
• Management reporting of the weekly status of the task handled by team and attending review meeting with the key stake holders.
• Acting as Subject Matter Expert for Accenture India SAP Security team and helping them in resolving the issues related to project.
• Worked with different functional architects/Business leads to mitigate the Segregation of Duties and Critical risks in the respective functional area.
• Involved in the Business Impact Analysis of Security and Portal Security change in SAP.
• Responsible for Risk Analysis, its remediation & application of mitigation controls in SAP Governance risk and Compliance tool.
• Updating and Managing ARIS Governance in case of any changes in business blue print for security.
• Attending the weekly CAB (Change Advisory Board) meeting and approving the change requests in security area.
• Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements and configuration/Support of GRC Access Control components.
• Managed project access risk management and business process analysis reviews over the implementation of security access in different stages of the applications.
• Responsible for maintaining QRG (Quick reference Guide) for Governance risk and compliance tool to help the business to understand the access risk and mitigation controls.
• Responsible for the SAP User Access management through Central User administration and troubleshooting SAP Security issues in SAP R/3 across different instances. (Production, Development and Quality).
• Working on SAP security change requests and also responsible for adding missing authorization or transaction code in a base role using PFCG.
• Responsible for Segregation of Duties check in SAP Landscape and access risks simulation.
• Responsible for taking out the reports of users with critical authorizations, users count, SAP User License Management and reporting to higher management.
• Carried out system Security Analyst duties to identify technical security risks in ERP Application.
• Responsible for creation/modifying users on the Active Directory/LDAP and assignment of groups to users.
• Creating Secure ID on RSA Server and testing the same to verify the accuracy of the access.
• Working with external and internal auditors to generate the report across all the systems.
• Designing the IT and Security Control elements in SAP R/3 and mapping it with ITGC.
• Testing the SAP R/3 IT controls.
• Analyzing the IT controls and testing specifications in SAP R/3 and sending the report to the US engagement team.
• Took the task to reviews and investigate documents.
• Develop an understanding of IT Audit approaches, methodologies & tools.
• Evaluate the design and operating effectiveness of technology controls based on the testing results.
• Mapping the SAP R/3 controls to ITGC and evaluating the same.
• Testing the SAP R/3 IT Controls. Sending the review reports to the client.
• Helping the KPMG, US Team evaluate controls & designs in order to prepare the TOD & TOE.
• Assist in the support and execution of IT Audit and Attestation engagements delivering quality service.
• Prepare summary of findings reports to support technology control assessment.
• Review of deliverables to help ensure that agreed upon quality standards are met
• Trouble shooting in the Area of Label Management Activities &SAP security Issues.
• Administration of SAP USER’S production, development & quality requests.
• Have a basic understanding of SAP security approach, SOX and authorization concept (transaction codes, base roles, derived roles, composite roles and functional user groups)
• Helping the users to get the needed role according to their daily job functions.
• Helping the user in tracking the missing authorizations for their access and adding them by following security procedures.
• Used extensively in-house developed tools, VRAT & SAP tools for analyzing SOD conflict, mitigating controls and roles assignments to users.
• Checking the analysis and management reports in VRAT and forwarding it to client for analysis.
• Client provided tool is SAP, where the security, Label printing and Role modification are performed on a daily basis
• Responsible for transports through HP UNIX server in Toronto.
• Analyzing ABAP dumps, sys log and subsequent follow up with module/development staff to rectify errors.
• Responsible for monitoring critical Interface for the IDOCs through Cross world server.
• Responsible for kicking off the user.
• Letting a helping hand in security audit for the client.
• Resolution of tickets logged through Global Delphi Helpdesk.
• Handling calls and resolving the queries of customers relating credit cards.
• Keeping the track of high risk transactions.
• Processing loans on credit cards