Download PDF

Summary

  • Senior GRC & IT Control professional with experience of more than 11 Years  
  • Certified Information Security Manager® (CISM) from ISACA and ITIL Certified
  • Possess deep domain knowledge in Governance, Risk and Compliance ( GRC) and relevant tools and technique
  • Extensive knowledge of Technology Risk Management and Control 
  • Well versed in security Policies & standards, IT Security Audit practices and IT Risk Assessment .
  • Well versed in implementation of necessary information security policies, standards, procedures and guidelines across the enterprise. 
  • Experience in conducting periodic security risk assessments and determines appropriate actions to address identified risks.
  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment / remediation strategies.
  • Experience  with Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) processes
  • Experience in ensuring  compliance against Sarbanes-Oxley (SOX), ISO Standards, SOC1 and SOC2 (SSAE16 / ISAE3402) 
  • Possess knowledge on  information security management frameworks such as  International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) , Control Objectives for Information and Related Technology (COBIT) , PCI -DSS, NIST, OCTAVE frameworks.
  • Experience in setting up and configuration of SAP GRC 10.0 and 10.1 for Access Control module.
  • Experience in implementation, administration and support of SAP GRC Access Risk Analysis (ARA),          Emergency Access Management (EAM),  Business Role Management (BRM) , Access Request Management (ARM) and SoD risk remediation. 
  • Knowledge on SAP GRC Process Control, Risk Management and Audit Management
  • Strong knowledge of key business processes, segregation of duties (SOD), the inherit risks, as well as potential controls.
  • Proficient with SAP security design, build, deployment, support and audits for standard role-based and position-based (structural) security.
  • Have executed multiple large, multi-year SAP Security implementation for different industrial domains. 
  • Rich experience in running SAP Security Upgrade project for ECC and BW
  • Experience in role designing and implementation of security for SAP Solution Manager ChaRM , Business Process monitoring and RSLF.
  • Rich experience in Role Redesigning, CRM Business role based authorization, Structural position based security (HCM) , BI Analysis authorization, Portal security and CUA.
  • Ability to conduct significant data analysis using various SAP tables to support security, transaction, and controls projects while following SOX guidelines and industry standards
  • Experience in assessing an SAP installations in the context of Security, Business Controls, Internal Audit.
  • Experience in integration of  SAP with other Identity Management tool like IBM Identity Manager (ITIM)
  • Having strong technical knowledge of SAP security architecture and role based authorization models for SAP ECC, APO, SCM, CRM, BW/BI, Portals, XI/PI,MII ,ME, Solution Manager and GRC modules. 

Work experience

Oct 2016Present

Senior Consultant - GRC and SAP Security

  • Analyze the requirement from prospective client and prepare RFP response to show the proposed security and GRC architect.
  • Evaluate general IT controls for SAP Systems for various clients, including change control, security, and operations
  • Responsible for planning, creating, establishing, managing, monitoring and serving as a subject matter expert in leading the Enterprise-wide Information Security Risk framework for clients
  • Develops policies, standards and procedures necessary to ensure company compliance with all applicable law and regulations.
  • Leads the development of risk management strategies through the identification, quantification and mitigation of risk that can impact the organization.
  • Lead offshore support and project team while ensuring customer satisfaction
  • Build the security competency at offshore for account
  • Educate and train the team with new solution and technologies in SAP space
  • Communicate with client and suggest optimization for existing security process
  • Evaluate effort estimation for new enhancements and roll outs
  • Review the enhancements and security solutions for client
Dec 2013Oct 2016

Senior Consultant - GRC and SAP Security

  • Worked as onshore lead for major American motorcycle manufacturer.
  • Assist in the development and documentation of disaster recovery and contingency plans for security architecture
  • Assist in the creation and maintain detailed documentation of security policies, procedures, standards and documentation.
  • Conduct the Information Security Risk assessment
  • Lead team to provide support for SAP Security Architecture for ECC , APO, XI , BW/BI , Solman , ChaRM, Portal , MII and ME
  • Configuration and support for GRC AC 10.0 Emergency Access Management and Risk Analysis Remediation.
  • Part of team to upgrade GRC 5.3 VIRSA Firefighter to GRC 10.0 EAM
  • Designed roles and implemented security strategy for Solman ChaRM , Business Process Monitoring (BPM) and RSLF
  • Designed and provide support for CRM Business role based user provisioning
  • Lead Role Redesign project for client to address changing business requirement
  • Worked with other teams to sustain complex user provisioning mechanism where ABAP and Java systems are involved including MII and ME
  • Part of team to perform BI upgrade to switch to Analysis Authorization
  • Handled multiple project for client while leading the support team
  • Review and approve the security changes and role changes
  • Design security process and lead team for new roll outs
  • Review the feasibility of new projects and provide estimate with proposed security blueprint
  • Assist in the documenting, maintaining, and updating of security controls with a focus on User and Role administration-related controls and procedures.
  • Identify trends in reported security violations and recommend changes in policies, procedures, or user training/awareness to address unfavorable trends
  • Lead and provide technical support for customer Role implementation and /or Role redesign to define Roles and remediating potential Segregation of Duty (SoD) conflicts
  • Provide recommendations and guidance for the tuning and optimization of existing SAP security processes
Apr 2012Nov 2013

Consultant - GRC and SAP Security 

  • Worked as offshore team lead for client who is major American motorcycle manufacturers
  • Driven knowledge transfer from client to Infosys team
  • Define, design and Drive compliance and governance processes with in SAP/ Major Platform
  • Assist Internal Audit Team in  SoX compliance, Sod Remediation and Mitigation controls 
  • Conduct the Information Security Risk assessment 
  • Review existing policies, procedures and recommend changes  
  • Coordinate security audit reviews with external auditors 
  • Responsible for ensuring the defined strategy for design, deployment and maintenance of the SAP security architecture is adhered to and enforced. 
  • Responsible for working with Controls team to review and implement IT SOX controls and to support internal or external audits as required for any audit target associated with SAP. 
  • Lead a team to provide support for SAP Security architecture for system ECC , APO, XI , BW/BI , Solman , ChaRM, Portal , MII and ME.
  •  Handled security upgrade of system from R/3 4.7 to ECC 6.0
  • Design the security strategy for new rolled out  business process
  •  Periodically review the customer feedback and enhance the security process
  • Review the existing role design and create the new as per requirement
  • Mentor the team members on customer business process
Jan 2010Mar 2012

SAP Security Consultant / SAP Solution Manager Consultant

  • Blueprint preparation for SAP Authorization ,discussion with client regarding process responsibilities, level of securities and job functions
  • Documentation of transactions associated with job functions and preparation of SoD ( Segregation of Duties )
  • Create Authorization Management Procedures
  • Develop and continuously improve security controls, processes and procedures across enterprise
  • Support Internal Risk and Controls (IRC) design team during design, build and test activities.
  • Coordinate security audit reviews with external auditors 
  • Role creation and testing. Creation of User Master Models for Job Roles
  • Created maintained user master and established security policies and procedures.
  • Assisted in Sarbanes Oxley Compliance - SAP System Audit and documentation of significant processes and controls
  • Configuration of new dimension product Netweaver Business Client 3.0 (NWBC) on platform EHP4 ECC 6.0 with SAP Best Practices activated.
  • Installation of SAP ERP EHP4 ECC 6.0 ,Support Pack level upgrade of system, activation of Services and Business Functions.
  • Preparation of blueprint for SAP authorization while having discussion with Client to understand responsibilities for process and functions
  • Preparation of SoD, Role creation and testing
  • Configure Early Watch Alert (EWA) Reporting by using DSWP
  • Configure Service Desk to create message, identify problems, email to end-user and Maintenance Optimizer
Dec 2006Jan 2010

SAP Security / Basis Administrator

  • Implementation of SAP Security Process and User Master Creation for newly configured landscape.
  • Creating Roles for Functional HR, FI, PS Users, Maintaining Authorization Roles, and Trouble Shooting Authorization Problems in development & production environments.
  • Responsible to handle the external system audit and implementation of audit compliance
  • Maintaining Clients and client-settings
  • Day-to-day production support, monitoring and Issue Resolution, proactive system analysis, Go-Live and Production support as required
  • Develop Profiles/Roles which includes complex design restrictions
  • Co-ordinate comprehensive testing of all profiles and authorisations to ensure accuracy and segregation of duties
  • Designed a comprehensive security Matrix that documented the security design and controlled the user requests in the production environment.
  • Developed, maintained and controlled the access of the project team members in the all environments
  • Maintaining company approved audit standards for SAP Application
  • Support for Pre-upgrade and Post-upgrade activities

Education

RGTU , Bhopal ( India)

Aug 2001Apr 2005

Bachelor of Engineering (Computer Science)

Studied computer science engineering 

SVH School , Dewas ( India)

Jul 1999Apr 2000

Higher Secondary School (10+2)

Studied Mathematics, Physics and Chemistry 

S.A.C.H.School, Sonakatch (India)

Jul 1997Mar 1998

High School (10th)

Studied all subjects

Skills

GRC, SAP GRC

Information Security Risk Assessment

Risk remediation and mitigation 

Access Control 10 and 10.1 - Emergency Access Management and Risk Analysis Remediation

AC 5.3 - VIRSA Firefighter

SAP ERP Packages:

EHP7 for SAP ERP 6.0, EHP4ECC 6.0, ECC 6.0, ECC 5.0, R/3 4.7, 4.6C, 4.6B, 4.0

Human Capital Management ( HCM)

Other SAP Systems

SAP BW / BI

SAP CRM 

SAP XI

SAP Manufacturing Integration and Intelligence (SAP MII)

SAP Manufacturing Execution (SAP ME)

SAP Solution Manager

SAP Solution manager 7.0, 7.01,7.1, 7.2

Change Request Management (ChaRM)

Business Process Monitoring (BPM)

Run SAP Like a Factory (RSLF)

  ProgrammingLanguages:

C, C++, 

Certifications

Jan 2018Present

Certified Information Security Manager® (CISM)

ISACA  CISM certification number: 1839307

EXIN

Mar 2011Present

ITIL V3 Foundation

ITIL® Foundation Certificate in IT Service Management