Gennadiy Krivdyuk
Toronto, Ontario, Canada
2006-101 Subway
Cr.
gkrivdyuk@gmail.com
Home: 647-951-0855
Cell: 416-526-5045
OBJECTIVE: SAP Security
Architect - Development
of division goals and objectives
SUMMARY
l Over 28 years of experience and
hundreds of successful projects in SAP Security Architecture
l Led and participated in Global
designs and Implementations
l Established strategies and policies
for global multi-billion international corporations
l Created proposals on client site
with analysis on real systems and real data
l Developed tailored security and
control techniques in conjunction with multiple systems integration
l Highly motivated with the ability
to work independently with minimum supervision and under pressure
l Managed staff through direct and
subordinate managers and supervisors, developing policies and procedures
related to projects’ activities (up to 50 - directly)
l Developed and administered budgets,
conducting short and long range planning, and performing related work as
required
RELEVANT
SKILLS & EXPERIENCE
Companies worked for as Managing Consultant – SAP Security Architect
Tim Hortons, Uni
Select, Sunoco, Saudi Electricity Company, Tampa Electric Company, SaskPower,
Applied Materials, NBC Universal, Municipality of Anchorage, Saudi Aramco,
General Motors, ConAgra Foods, Becton, Dickinson and Company (BD), Graphic
Packaging, ConocoPhillips, Colgate, Deloitte US, Allegheny Energy, Inc.,
NASA, Whirlpool, Eastman, Adobe, CMC, BNSF, Chevron-Phillips, Department of
Personal State of Washington, FEMSA (Coca Cola Mexico and Latin Americas),
JoAnne, CMC, Convergys Corp, State of Florida, Fifth Third Bank, AT&T,
Whirlpool, DuPont, Johnson & Johnson, Pfizer, Solectron Corporation,
Guidant, Lucent, Medtronic, Bridgestone Tires, PWC, CAMECO, KGH, British
Columbia Government, IBM, SAP America and author for SAP AG internal projects
course P_ADM_SEC_70
Methodologies
ASAP, User -
Centered Design (UCD), Centralized and DE-Centralize Business Model, 3 Tier
Approach Model, Position Based Model, Tasks Oriented Model, RBAC Model, Job
Related Model, Agile, Waterfall, Drop Down
Concepts, Strategies and Policies
●
Develops and directs
the implementation of goals, objectives, policies, procedures and work
standards for assigned division; interprets and complies with all applicable
federal and state regulations
●
Monitors and directs
daily operations to ensure that policies and procedures are being followed,
that goals and objectives are met, and that services are being provided
efficiently and effectively; takes corrective action as necessary; personally
handles the most difficult, sensitive or controversial projects for the
division
●
Develops and monitors
the division’s budget; oversees financial well-being of the division by
analyzing cost effectiveness and directing cost control activities; prepares,
submits and justifies budget enhancement requests
●
Plans, organizes,
administers, reviews and evaluates the work of subordinate professional,
technical, office support and operational staff through subordinate levels of
supervision.
●
Provides for the
selection, training, professional development and work evaluation of
subordinate staff; makes recommendations on hiring, termination, promotion
and discipline as required.
●
Confers with and
represents the Security division and the department in meetings with other
departments and divisions; serves as the representative with a variety of
public, business and community organizations; fosters collaborative
relationships to the benefit of the division, department and the organization
●
Prioritizes and allocates
available division resources; reviews and evaluates program and service
delivery, makes recommendations for improvement and ensures maximum effective
service provision
●
Develops systems and
maintains records that provide for the proper evaluation, control and
documentation of assigned activities; prepares and directs the preparation of
a variety of written correspondence, reports, procedures, directives and
other materials
●
Provides a formal and
structured way of viewing and defining an enterprise in a two dimensional
classification schema that reflects the intersection between two historical
classifications (Zachman Framework)
●
Uses a reliable,
practical method - the TOGAF Architecture Development Method (ADM)
- for defining business needs and developing an architecture that meets
those needs, utilizing the elements of TOGAF and other architectural assets
available to the organization
Identity
Management and Skills
●
Created and designed a
high-end identity management security security
●
Handled a large amount
of repositories containing an unlimited amount of information within
different systems platforms
●
Designed event-driven
HCM (HR) integration software with IDM
●
Created flexible and
scalable high-availability security for work flow, provisioning, data
synchronization and joining for a large number of data repositories
●
Developing division
activities, goals and objectives, creating program evaluation tools and
evaluating the effectiveness of the division
●
Applying theories,
principles and procedures in the area of assignment
●
Supervising and
evaluating staff, directly and through multiple levels of supervision
●
Managing multiple
tasks, often with competing deadlines
●
Providing leadership
and motivating staff
●
Making effective
presentations to individuals and groups
●
Developing,
implementing, interpreting and explaining applicable policy and regulations
●
Preparing clear,
concise and informative reports, correspondence and other written materials;
●
Handling difficult and
sensitive situations using sound, independent judgment within general policy
and legal guidelines
●
Communicating
effectively with co-workers, supervisors, the general public, representatives
of public and private organizations and others sufficient to exchange or
convey information
Governance
Risk and Compliance – Access Control
●
Prevented segregation
of duties violations with Access Control
●
Built real-time
compliance to stop security and control violations before they occur
●
Identified and
selected risks to manage, build, maintain rules and detect
authorization risks
●
Developed excellent
knowledge in control tools such as Guardian-manual controls environment,
ACE-Automatic Controls Environment, Approva Biz Rights, Virsa, GRC Access
control, Process control and Risk control, RAR, ERM, SPM, CUP, Access Risk Analysis
(ARA), Emergency Access Management (EAM), Business Role Management (BRM),
Access Request Management (ARM), Business Rules Management Systems (BRM)
●
Designed extended
integration with GRC solution (Business Objects Access Control)
●
Participated in
Segregation of Duties and Audit Compliance Standards
Process
Control and Risk Management
●
Created key concepts
for Process Control such as security, time, workflow, record locking
●
Developed solutions
for internal controls management
●
Created control
documentation, evaluation, certification, reporting and analysis
● Developed a single framework to
monitor and enforce rules, procedures instead of keeping data in separate
"silos"
● Helped organizations to manage
risk, reduce costs incurred by multiple installations and minimize complexity
for managers
Knowledge of
●
Principles and
practices of management and supervision;
●
Public sector
budgeting principles and practices;
●
Principles of
effective leadership;
●
Applicable laws,
rules, ordinances and regulations;
●
Theories, principles
and operational practices applicable to the area of assignment
●
Manage and maintain
Project Plans, develop action plans for issues, track risk mitigation plans,
make recommendations as necessary to advance project.
Manage
complex information technology centered projects
l
Manage and provide
consultative services and specialized expertise in information-technology
areas
l
Maintain logs to track
issues, action items, risks, queries and change management for each project.
l
Manage and report on
project metrics including progress, earned value metrics, baseline, forecast
and actual dates, costs and scope
l
Prepare project status
reports
l
Create & maintain
a project library and coordinate the collection and filing of project
documentation & artifacts
l
Review project and
project status files for integrity, accuracy and timeliness
l
Design, develop or
coordinate the use of project facilities, ensuring that technical and
physical resources are available to meet project requirements
l
Negotiate contracts
and contract changes, project change orders, work schedules and requirements
changes as required to meet project objectives
l
Review and approve
Invoices and charges
l
Cooperate with other
areas in the application of standards, methodologies, architectures
l
Transmission &
Distribution Business in the Utility Industry
l
Deployed SAP products
to the current enterprise cloud infrastructure
l
Integrate SAP and
non-SAP technology seamlessly
l
Manage SAP releases
and deployments technology-wise
l
Establish and
implement target technology architecture through the consumption of
infrastructure as a Service, Platform as a Service, Software as a Service and
on premise offerings
l
Research and recommend
best of breed technology solutions
l
Assess technology and
product RFPs
l
Implement technical
security architecture from authorization, authentication, network and
application perspectives
l
Work to deliver
solutions that meet the business strategy and requirements
l
Establish technology
standards
TECHNICAL SUMMARY
l
SAP
Security and global design and implementations, security strategies and
policy
l
Methodology:
ASAP, SAP User - Centered Design (UCD), Centralized and DE-Centralize
Business Model, 3 Tier Approach Model, Position Based Model, Task Oriented
Model, RBAC Model - IDM (SAP and none SAP Systems integration), BW/HR
Structural Authorizations Architectural Model, The Methodology (Creation of
Building Blocks),
l
Identity Managements
and RBAC: SAP IDM, Integration with SAP -IBM Tivoli, Sun Micro-systems,
Oracle Identity Management, Rapid Deployment Solution (RDS), CUA, RBAC -
(Oracle Database, Unix, Windows, Policy-Based Authorization, Business
Processes, Business Policies, RBAC pattern as an extension of the
Authorization pattern)
l
Identity Center
Database, Work-flow User Interface, Monitoring User interface, Management
Console, Run time Engine and Dispatcher, Event Agent, Virtual Directory
Server, VMware
l
Guardian, ACE, Approva
Biz-Rights, Virsa, GRC 5.0-10x, and SOD, SOX
l
More
than 8 years in Segregation of Duties and Audit Compliance Standards, Audit
Compliance Standards
l
Guardian-
Manual Controls Environment for SOD, SOX ACE-Automatic Controls Environment
for SOD , SOX, Approva Biz-Rights, Virsa, GRC5.0-10.x, Access control,
Process control and Risk control, RAR, ERM, SPM, CUP, Access Risk Analysis
(ARA), Emergency Access Management (EAM), Business Role Management (BRM),
Access Request Management (ARM), Business Rules Management Systems, MSPM,
GRC_MSMP_CONFIGURATION, Design and Manage Roles, Emergency Access
Management, Provision and Manage Users, Analyze and Manage Risk, Managing
Compliance with Access Control
l
HCM
- Human Capital management: Personnel Management. Organizational Management,
Personnel Development, Personnel Administration, Recruitment, Benefits,
Compensation Management,Time Management, Payroll, E-Recruitment, Training and
Event Management, ESS/MSS more than 11 projects
l
HCM Authorization and
Methods of implementation: Direct role assignment (User based): Roles
and profiles directly assigned to User Master Records via SU01/PFCG,
l
Indirect role
assignment (Position based)- assigned to position via OM IT1001
l
Structural
Authorizations-assigned to position via OM IT1017, Master Data with Context
authorization object (P_ORGINCON)
l
Event-driven SAP ERP
HCM integration with SAP IDM and GRC5.0-10.1; HPQC Load Runner
l
Worked with all HCM
sub-Modules as SAP Security Architect
l
Organizational
Management – OM, Personnel Administration – PA, Recruitment – RCT
l
E-recruitment – E-REC,
Time Management – TM, Payroll – PY (International, KSA, UAE)
l
Travel & Expenses
Management – TRV, Personnel Development – PD, Learning Solution – LSO
l
Succession Planning –
SPL, Career Planning – CPL, Appraisal Management – APM
l
Employee Self Services
– ESS, Manager Self Services – MSS
l
Role-Based
Permission (RBP) framework in Success Factors that controls data access
for different users
l
Extended
integration with SAP GRC5.0-10.x solution (SAP Business Objects Access
Control)
l
Solution Manager,
CRM2007, Access Control Engine (ACE), Business Roles (Web UI), Technical
Roles (ABAP), Utilities: B2C Call Center and B2B Work Center, Public Sector
l
Proposal preparation
on client site with Security analysis on real systems and real data
l
Expert in use BI, BW
Analysis Authorization, BeX Analyzer, BOBJ and BPC
l
Log
changes to analysis authorizations -and other authorization-related
activities: RSUDOLOG, RSECVAL_CL, RSECHIE_CL, RSECUSERAUTH_CL, RSECTXT_CL,
RSECTXT_CL
l
SAP ECC 6.0, ERP 6.0,
Financial Accounting (FI), Financial Supply Chain Management (FSCM),
Controlling (CO), Materials Management (MM), Sales and Distribution (SD),
Logistics Execution (LE), Production Planning (PP), Quality Management (QM),
Plant Maintenance (PM), Project System (PS),Human Resources (HR), ERP, Enterprise
Portal (EP) UME, XI/PI, MDM, SRM,CRM 2007, BI, BOBJ, BPC, SAP R3, Global
Trade Services (GTS) ,ESS/MSS, PSCD, TREX, SCM, PS, APO, PLM, SCM, SAP Human
Resource Management Systems (HRMS), MII, MES, LSO, E -Sourcing, Portal (SRM,
CRM, BI, MDM, MDG, SAP Fiori, Fiori Application (incl. cloud edition), HANA
-SAP's in-memory computing platform designed for performing real-time
analytic and developing and deploying real-time applications. )
l
Development of
tailored Security and controls techniques in conjunction with system upgrade
(i.e. ERP,
l
GRC, IDM, ECC, CRM)
and the design or re-engineering of business processes (i.e. shared services)
l
Support
security design and architecture for SAP Cloud implementations, end-user
interface to manage tokens issued to client applications, request access
token
l
Setting an
Authorization Grant Type and their associated Flows, Enable Tag Clouds,
Enable Community Sharing, Enable Dynamic Navigation Support, Define Tag
Result Lists, OAuth Protocol
l
SAP hybris integration
with SAP Business Suite rapid-deployment solution
l
HANA Security, HDMSQL,
Standard and Restricted Users, SYSTEM user, HANA Live
l
Asynchronous
B2C/simple B2B scenario
l
Experience designing
and implementing security for SAP HANA
l
Experience Creating
customized roles in HANA DB for Developers, Modelers, Technical Admins, End
Users, Power Users
l
Design, Restrict and
Control authorizations for HANA DB objects and Packages/Contents based on
System Privileges, Objects Privileges and Analytic Privileges for various
Schema Users
l
Define controls to
restrict Create, Drop, Alter other DB Admin rights on HANA DB Schema and its
objects
l
Design transportation
of Security Objects/Roles within HANA Landscape
l
Define user creation
and Role assignment processes
l
Set up password
policies
l
Create Groups in BOBJ
Server for different type of Users (Admins, Managers, Developers, End Users
etc..)
l
Define and Control
access to various Folders
l
Setup SSO with AD or
LDAP for SAP, Enterprise and other types of Authentication
l
Define & Control
access at Object level for different types of BOBJ Reports (Full control,
View, Schedule, View on Demand)
l
Transportation of
Security objects within BOBJ Landscape
l
Integration of BOBJ
Security with HANA DB Security Roles
l
ERP sends master data
to hybris, and hybris runs the whole commerce scenario without any real time
interaction (= synchronous calls) into ERP. Orders are created in hybris and
replicated via iDoc to ERP for fulfillment
l
"Hybrid" B2B
scenario - mostly asynchronous with synchronous calls to ERP where
required ERP sends master data to hybris, and hybris runs the whole commerce
scenario
l
Synchronous B2B scenario
ERP sends master data to hybris, and hybris provides the shopping UI, product
catalog, search and navigation
EMPLOYMENT
HISTORY
Canada Corp.,
Toronto, ON
April 2015-December
2015
Principal SAP
Security Architect
Proposal for
Hatch
SAP NW Identity Management 8.0
l SAP Identity Management Core
l SAP Identity Management Run-Time Components
l SAP Identity Management Virtual Directory Server
l SAP Identity Management User Interface
l Deploying the REST Interface
l SAP Identity Management User Interface for HTML5
l Logon Help
Proposal:
Business
Case: Implement SAP GRC Process, Access Control and Risk Management
Executive
Summary:
● Anticipated Outcomes
● Recommendation
●
Justification
Business Case
Analysis Team
Problem
Definition
● Problem Statement
● Organizational Impact
● Technology Migration
Project
Overview
● Project Description
● Goals and Objectives
● Project Performance
● Project Assumptions
● Project Constraints
● Major Project Milestones
Cost Benefit
Analysis
Alternatives
Analysis
Approvals
IBM PNS SEDT
Project / Province of Nova Scotia
Sub-contractor
from Canada Corp.
SAP SECURITY
ARCHITECTHCM, ECC,
BI, PORTAL, MI, Solution Manager
Review current
project, recommendation and prototype built
Canada Corp.,
Toronto, ON
July 2014 –
December 2015
Principal SAP
Security Architect
Provided training
preparation for next courses:
ADM-326, ADM-940,
ADM950, ADM-960, BW365, C41BB, HR940,
BI Position Based
model, CRM 2007, GRC300, RBAC, P_ADM_SEC_70 and so on
1. Sub contract-
Softtek / Saptech
SAP Security and
GRC Consultant
Description:
Integration Burger King and Tim Hortons proposal preparation
SAP Systems
overview, resolution and final review document
ECC, CRM, Hypris,
Portal, BI, BOBJ, BPC
Uni-Select,
Montreal, QC
April 2014 – July
2014
SAP Security
Architect
Canada Corp.
HANA -SAP's
in-memory computing platform designed for performing real-time analytic and
developing and deploying real-time applications.
EWM, CLM, ECC, BI,
BW, SCM, BOBJ, BPC, EPM, HANA
BOBJ, BW, BPC, EP,
CLM, HANA – new implementation
EWM, ECC, BI-
Support
SAP Fiori
landscapes with SAP HANA XS
Configure an SSO
mechanism for initial authentication on the ABAP front-end server
Enable single
sign-on for SAP Fiori-based applications using Kerberos/SPNEGO
IBM / Sunoco,
Philadelphia, PA
November 2013 -
March 2014
Subcontract from
eCommQuest
SAP Security
Architect
BW- OLAP (Online
Analytic Processing BW) system and an OLTP (Online Transaction Processing
ERP) system
Analysis
authorizations which include any authorization-relevant characteristics, and
treat single values, intervals and hierarchy authorizations
Navigation
attributes also flagged as authorization-relevant in the attribute
maintenance for characteristics
BOBJ- Central
Management Console, Security Plug-ins, Enterprise Security Model
including objects:
folders, reports, documents and principals: users, groups
BPC- proxy user to
generate SAP Net Weaver BPC roles and BPC objects in the SAP Net Weaver
environment in the ZBPC_* and /CPMB/* name-spaces, respectively
User authorization
in BPC Administration console, Task and Member Access Profiles, Teams and
assign the Profiles to the Teams, Users and assign the Users to Teams
HANA -SAP's
in-memory computing platform designed for performing real-time analytics and
developing and deploying real-time applications.
GRC 10-Access Risk
Analysis (ARA), Emergency Access Management (EAM),
Business Role
Management (BRM), Access Request Management (ARM)
Operation
system: VMware,
Unix, Ubuntu, Windows, Hana
Saudi
Electricity Company, Dammam, KSA
March 2013 – August
2013
Provider: Al Bilad
Arabia
Lead SAP
Security Application Architect -Team Manager
Sap Security
overview: Conclusion and Recommendations,
Redesigned and
rebuilt Security Policy, Business and Technical roles, Procedures
ECC, ERP 6.0, HCM,
SRM, CRM, SRM, BPC, BI, BOBJ, BPC, HANA, GRC 10.x (Process and Access
Control,
Risk Management and
Content Life Cycle Management),
Fiori
User Authentication and Single Sign-On (SSO)
The ABAP front-end
server authenticates the user by using one of the supported authentication
and single sign-on (SSO) mechanisms
Authentication for Requests in the Back-End Systems
Implementing SAP Single Sign-On, users can
access their SAP Fiori apps one initial authentication
Developed
Business Cases, executed and initialized next projects:
●
GRC 10 Process and
Access Control
●
SAP Technical Upgrade
project for all landscape
●
HCM Sensitive Context
of Authorization - New project
●
Security Manager
Business role development and role optimization project
●
Nebras Security Policy
and Strategy
●
SAP SRM Security
Optimization
●
SAP BI Security
Optimization
●
SAP ECC Security
Optimization and new strategy execution
●
SAP XI/PI Security
Optimization
●
Nebras Billing Project
●
Nebras Mobility
Project
●
Nebras Restructuring
Project (R2E)
Achievements:
Completed
end-to-end implementation of Access Risk Analysis component
Identified the
critical authorizations and combinations
Identified risks
and designed SOD Matrix
Built and
customized rule sets to match the business needs and processes
Verified rules
against known cases or build test cases
Gwinnett County
Government, State of Georgia, Lawrenceville,
GA
Nov. 2012- March,
2013
Sub-contractor (Ask
Stuffing)
SAP Security
Specialist - SAP Security Application Architect
SAP Security
overview: Conclusion and Recommendations,
Redesigned and
rebuilt all CRM Business and Technical roles,
ERP, CRM, BI, BOBJ,
BPC, ECC, “Cut Over”, “Go
Life”
Tampa Electrical
Company (TECO), Tampa, FL
June 2012 - July
2012
SAP Security
Consultant
Sub-contractor
(Deloitte / AJACE)
HCM, BOBJ, BPC, BW,
BW-BPS, SRM, ECC, PORTAL, ERP 6.0
“Go Live” and after
“Go Live” Support, BOBJ re-design,
Front End and Back
End BOBJ integration with HANA
SAP's in-memory computing
platform designed for performing real-time analytic and developing and
deploying real-time applications.
GRC, Access Risk
Analysis (ARA), Emergency Access Management (EAM),
Business Role
Management (BRM), Access Request Management
(ARM)
Black &
Veatch, Anchorage, AK
February 2012 -
April 2012
Principal
Consultant – SAP Security
Municipality of
Anchorage
HCM PROJECT
Structural
Authorization, Indirect Assignment, Strategy, Policy
SRM, PORTAL, BI,
ECC, HCM, ESS/MSS. ERP 6.0
IBM Global
Business Service - Jacksonville, FL
September 2010 to
February 2012
Multiple
Projects, USA
Managing
Consultant - Application Architect SAP Security
Examples of some
projects:
NBC Universal - Global HCM Project
Lead of HCM
Security (36 Countries)
ESS/MSS, Portal,
Eureka, ECC, HCM, XI/PI, ERP 6.0, BOBJ, BPC
Global HCM Project
for 36 countries
General
Motors, Detroit,
Michigan
Global
Projects
Back
Point 1, Back Point 2 (170 Countries)
●
ECC, ERP 6.0, CRM2007,
BI – Cognos, Portal
●
SAP Security Strategy
and Architecture
●
BI Cognos
Reconciliation
●
GRC reports and BI
Cognos reconciliation
●
Internet Portal and BI
Cognos integration
●
LDAP Bi Cognos Groups
and Roles
●
Integration with ECC6,
CRM2007
Bombardier
Aerospace Group, Montreal,
QC
Application
Development & Sustainment, IT
May 2010 –
September 2010
Sub-Contract with
Canada Corp and CSI in SAP Security Field (Clearance)
SAP Security
Consultant
Description/Scope:
Extended Warehouse Management (EWM)
Responsibilities/Deliverable/
Achievements:
Solution Manager,
Remediation SOD (segregation of duties), Re-design roles, ERP, 6.0 Approva
BizRights
SaskPower,
Regina,
SK
October 2009 -
April
2010
Lead SAP
Security
Consultant
Subcontractor from
IBM ISM/MODIS
Projects
Description/Scope:
● ECC 6, BI, CRM 7, Sol Man 6, SRM 6,
PORTAL 7, Tivoli IDM 4.1, ERP 6.0
● HCM Remediation Project
● Roles and Infrastructure re-design
● Migration from ECC 5 to ECC 6
● BW 3.5 migration to BI 7.0
● XI/PI, Virsa
Responsibilities/Deliverable/Achievements
●
Integration TIVOLI
Identity Manager, UME and corporate LDAP
●
RBAC - Role Based
Access Control Model development
●
Overview and consideration
of Role Based Access Control, The Role modeling challenge, Role Based Access
Models, Overview, Statement of the Problem
●
Access Control
Principles, The Implementation and Conversion Program, Migration Plan
●
Implementing the Pilot
Program, Role Based Access Control, AIX management overview,
●
RBAC in Oracle (RDMS),
Role Based Access Model for SAP, Policy-Based Authorization
●
Business Processes,
Business Policies, The RBAC pattern as an extension of the Authorization
pattern,
●
Role-Based Access
Control (RBAC) Pattern, Implementing and Modeling Roles in ITIM
●
Separation of Duty in
Role Based Access Control System Pattern
SAP America
Inc., Jacksonville, FL (Permanent
)
April 2007 - April
2009
SAP Security
Consultant
Industry:
Multiple
Role: SAP
Consultant (Security-related)
Projects
Description/Scope:
Multiple
Competency
Areas:
l
SSO-Concepts
(Certificates, SAP Logon Tickets)
l
Kerberos and
Public-Key Cryptography
l
Business Continuity
Planning
l
Solution Management
Practice
l
Solution
Infrastructure Architecture
l
Compliance
l
Enterprise SOA
Security in SAP Systems
l
Authorization groups
functional tables, custom development authorization solutions
l
Implementing and
reviewing SAP Authorization Concept
l
Integrating ABAP
User-Management with Organizational Management
l
Central User Storage
Techniques
l
Build Framework:
Security Audit tools & Change Documents (SCDO)
l
Maxware, IDM and LDAP
in a company environment
l
GRC, VIRSA, Compliance
Calibrator, Access Enforcer, Firefighter, Role Expert, SOX, SOD
SAP UME administration
and J2EE roles
l
Handling PFCG (check
indicators, SU24, transport & upload roles)
l
Configure and
implement cryptography technologies in SAP System
l
Responsibilities/Deliverable/Achievements:
l
Upgrade ECC 5.0 to ECC
6.0, ERP 6.0
l
Security Policy and
Strategy
l
BI/BW Strategy and
Tactics, Analysis Authorization, BI, BOBJ, BPC
l
HLD for HR - BI
Dynamic Authorization Model
l
Conversion from
Structural Authorization to BI analysis authorization
l
New GL (Security),
ESS, MSS
l
CUA Landscape and
Presentation
l
CUA creation, review,
and recommendation
l
P_ADM_SEC _70 Security
Course Development (Author)
l
GRC configuration and
review
l
Authorization Concept
Lead Consultant (SAP Resource Management @ Field Services) New SAP
development (Global HCM)
l
Security GTS design
and implementation (Global Trade Services)
l
Analysis Authorizations
(BI) creation and implementation
l
PD profiles and BI
structure Security and authorization design
l
Structural
authorization BI analysis and BI structure conversion
l
Upgrade to SAP R/3
Enterprise Release 4.70
l
Integration Analysis:
IBM Tivoli Identity Manager, LDAP, SAML, SAP UME, Internet Portal, Biller
Direct
l
IBM Tivoli Access
Management Integration
l
CRM2007 Security and
Design
l
Dynamic CRM
Authorization Model, ACE and business roles set up and IMG (SPRO)
configuration
l
ACE, Web UI and ABAP
roles integration from complete UCD (User Centered design SAP Methodology)
l
An Architectural View
of SAP's Analytical CRM Capability
l
CRM integration with
ERP, BI
l
SAP CRM module, SAP
Biller Direct, SAP Exchange Interface ("PI/XI")
l
Flexible Security
framework that can be adapted to specific customer (business partners) needs
Convergys
Corporation, Jacksonville, FL (permanent)
April 2006 - April
2007
Sr. SAP HR
Security Consultant
Industry: Software Consulting Co.,
Government, Banking, Chemical, Retail, Pharmaceutical, Telecommunications,
Manufacturing
Project
Description/Scope: SAP
Global Security and authorization support, development and design for
Shared Service
(Multiple projects).
Application and
Software:
ECC, ERP 6.0SAP R3
4.7 Enterprise, Visio, Microsoft Project, SAP CRM, SRM, BW, BI 7.0, Portal,
XI, ESS/MSS, HCM
Operation
System: Windows XP
Responsibilities/Deliverable:
●
Security based on
industry standards
●
SAP framework for SAP
HR Global Security and authorization support and implementations.
●
Development of
tailored Security and controls techniques in conjunction with system
implementations (i.e. ERP) and the design or re-engineering of business
processes (i.e. shared services environment)
Achievements
●
Completed SAP Global
Security and authorization (HR) support for 11 Global companies
●
Completed SAP Global
implementation for leading global provider of electronics • manufacturing
services (EMS) and integrated supply chain Security
●
Virsa and Upgrade to
GRC 5.0
Bearing Point,
Victoria, BC
July 2005 - January
2006
Senior Security
Consultant
Industry: Software Consulting Co., Public
Sector, Government
Project
Description/Scope:
SAP framework for Security and authorization design for Public Sector.
Application and
Software: SAP ERP
6.0, SAP R3 4.7 Enterprise, Visio, Microsoft Project, SAP CRM, SAP Biller
Direct,
BW, Portal, XI, SAP
FI, CO, MM, PP, SM, PSCD and others
Operation
System: Windows XP
Project
Development: ASAP/Value
SAP, Security and Authorization
Responsibilities/Deliverable:
●
ASAP methodology/User
Centered Designed
●
Role definition
depends on HR positions
●
Conversion from
"as is" to "to be" business processes
●
Assignment of
Authorization Groups to Tables (TDDATA, VD_DATA)
●
Authorization groups
and tables trace from applications
●
Access Control-
Authorization Groups (SM30, TBRG table)
●
Role design "ABAP
and JAVA" sites for XI
●
Security Strategy for
web Methods Integration Platform
●
Role design,
development and assignment (PFCG, SU01)
●
Authorization
Groups-Report-types programs (SA38, SE38, AUTHORITY_CHECK)
●
Document Types in
design and configuration processes (T003)
●
Check indicators
(SU24, SU25, SE93, and SE97)
●
Authorization checks
by assigning reports to authorization classes (RSCSAUTH)
●
Tables for
relationship for Tcode, Roles and users (Agr_Users, Agr_Texts, Agr_Tcodes,
and TSCT)
●
Developed CUA for all
systems from XI
●
Sensitive Transactions
Analysis (objects level matrix)
●
Segregation of Duty
matrix (objects level matrix)
●
Role design and
Security policy strategy
Achievements: Completed Security and
authorization design for Public Sector project.
Canada Customs
and Revenue Agency, Ottawa,
ON
April 2005 to July
2005
Senior SAP
Security Consultant
Industry: Government (Security Clearance)
Project
Description/Scope:
Re-Design SAP Security and Authorizations
Responsibilities/Deliverable:
●
Re-Design SAP Security
and authorization
●
Analyze current
situation
●
Role selection
multidimensional matrix
●
Role definition
depends on HR position
●
Re-designed and
re-built Security roles (PFCG)
PricewaterhouseCoopers
(PwC), Calgary, AB
January 2005 – March 2005
SAP Security
Advisor
Industry: Financial, Chemical
Project
Description/Scope:
●
SAP Audit (Automatic
Control Environment)
●
Application and
Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, ACE-Automatic
Controls
●
Environment, Guardian-
Manual Controls Environment
Operation
System: Windows
2000, Unix, and Oracle
Project
Development:
ASAP/Value
SAP, Security and Authorization, SOX, SOD- Segregation of Duties
Test, STA-Sensitive
Transaction Analysis
Responsibilities/Deliverable:
●
SOX, SOD Analysis and
Advice
●
Assessment of the SAP
control environment to identify internal control deficiencies and recommend
●
improvements
●
SAP Audit (ACE)
●
Business Processes -
"As is"-Transactions -objects-authorizations field's Analysis, best
practice and
●
recommendations
●
Sensitive Transaction
Analysis (objects level matrix)
●
Segregation of Duty
matrix (objects level matrix)
●
Operational Control
and Computer Operations Analysis
●
Physical Security and
Security Polices
●
Completed assessment
of the SAP control environment to identify internal control deficiencies and
●
recommended
improvements.
●
Completed SOD and SOX
analysis and recommended improvements
Saudi Aramco,
Dammam, KSA
April 2004 -
December 2004
Project
Technical Lead of Medical Designated Facilities
Industry: Oil, Health Care, Hospitals
(50+
International Consultants' Global Team)
SAP's in-memory
computing platform designed for performing real-time analytic and developing
and deploying real-time applications (team
of up to 50 consultants, 367 workshops with 350 Subject Matter Experts
(SMEs) from 105 Hospitals and MDFS )
Project
Description/Scope:
●
Medical Designated
Facilities System involved 105 hospitals, clinics, and
●
remote area designated
facilities across the country and monitoring quality of health care
Responsibilities/Deliverable:
●
SAP User - Centered
Design
●
Gave guidance and
control to the project and project organization
●
Flexible framework,
which can be adapted to specific customer needs
●
Increased productivity
by provision of templates, tools, and examples
●
Completed Business
Blueprinting
●
Industry-Specific
Components for Hospitals (IS-H, IS-H*MED)
Roles and
Security strategy design for:
●
SAP ECC
●
Customer Relationship
Management (CRM) includes the methodologies, strategies, software, and
web-based capabilities that help an enterprise organize and manage customer
relationships.
●
Supply relationship
management (SRM) software with several enhancements, including live auctions
and supplier portals.
●
Advanced Planner &
Optimizer (APO) provides up-to-date information about a company's current
●
inventory and triggers
orders for more supplies when a certain quantity of customer orders have been
placed and processed. Authorization of APO users has to specify in the BW
system
●
Different scenarios
for Single Sign-On to SAP Systems
●
Defined on high-level
design which method of Single Sign-On (SSO) you use with a SAP System
●
Application and
Software: SAP R3 4.7, Visio, Microsoft Project Manager, BW 3.5, and Internet
Portal 6.0, SRM, APO, SRM
●
Operation System:
Windows XP
●
Project Development:
ASAP/Value SAP, IS-H and IS-H* Med, Security and Authorization, Documentum
●
Defined quality
assurance checkpoints and formats of deliverables
●
Guided customer staff
in implementation tasks with clearly defined rules and responsibilities
●
Supported consultants
in the various functional areas to work in a similar way within a project
team
●
Detailed design all
phases of the project
Captured the
detailed scope and requirements for:
●
Defined business processes,
master data, organization structures
●
Developed hospitals’
structures, development work
Produced a
business blueprint to describe how the business intends to run its business
using the SAP systems:
●
Established the
development system:
●
Provided Team
Training, Business Process Master List, Development of Master List (DML)
●
Business Blueprint
Document, Configuration Approach Document
●
Landscape Strategy,
Rollout Strategy, Change Management Document Strategy
●
Development of System
Environment, BB Management Summary
●
Patient Management,
Eligibility Check, Contract Management
●
Basic Data flow
modeling, Data selection matrix
Application and
Software: SAP ECC,
Visio, Microsoft Project Manager, BW 3.5, and Portal, SRM, APO,
SRM, HR
Operation
System: Windows XP
Project
Development: ASAP/Value
SAP, IS-H and IS-H* Med, Security and Authorization, Documentum
Kingston General
Hospital, Kingston,
ON
August 2001 -
January 2004
Senior SAP
Analyst / SAP Security Analyst
Industry: Health Care, Hospitals
Project
Description/Scope:
SAP-Security and Authorization. IS_H* prototype
Responsibilities/Deliverable:
●
ASAP/Value SAP
●
Evaluation of business
processes
●
Design high-level
strategy for SAP Security (Architecture)
●
SAP-Security and
Authorization
●
SAP profile Generator
(PFCG)
●
SAP module concept
●
SAP Hierarchy Concept
●
SAP Technical
Structure and promote to Production Strategy
●
Security Control Tools
●
Organizational
Management
●
Structural
Authorization
●
Business conception
(model) of structural authorization
●
Security upgrades
using SU25 and Profile Generator (PFCG)
●
Review and correction
of sensitive authorizations (s_tabu_dis, s_rfc, etc.), including creation and
●
assignment of custom
authorization groups for sensitive tables
●
Evaluation and
recommendation of SAP menu vs. user menus
●
Resolve issues arising
from testing using system traces and dumps
●
PD and PA Switches
(OOPS, OOAC)
●
Conversion of manual
profiles and implementation of role based security, including IM department
●
Evaluated and used SAP
standard roles as templates for custom roles
●
Review critical and
sensitive authorizations, implement improvements to meet audit requirements
●
Post Go Live support
to resolve all security-related issues
●
Evaluation of Central
User Administration (CUA)
●
Maintenance of HR
organizational structure to administer and control user access, including
time delimited access (e.g. temporary assignments to positions)
●
Basic HR configuration
(e.g. create Evaluation Paths for reporting purposes)
●
Comprehensive
knowledge exchange and documentation of security and HR functions, including
use of PPOMW, Expert functions (PO10, PO13, etc.)
●
Profile Generator
(PFCG) and related functions
●
IS_H* prototype
●
Established detailed security
upgrade plan, strategy and dual maintenance procedures
●
Created new 4.6C
authorization objects and values
●
Evaluated customized
matrix of Authorization groups - tables, users - groups
●
Used HR structural
transactions (e.g. PPSC) to maintain workflow position to position
assignments
●
Customized HR to allow
activity group assignment in PPOMW
●
Created of HR security
authorization objects for structural authorizations based on Info Type and
allowed functions / activities (e.g. Help Desk staff were only allowed to
display structural assignments, not change users assigned to positions, etc.)
●
Created Organizational
Plan (PPOM_OLD), Personal Master Record (PA40), User I.D (SU01, SU10),
●
Info type 105(PA30),
Structural Authorization Profiles (OOSP), Info type 1017 (PO10), Assigned
Info type 1017 (PO13), Assigned Structural Authorization Profiles to User I.D
(SE38), setup regular security (PFCG)
●
Cleaned up and
optimized Solution Roles
●
Established Solution
testing procedures and tools
●
Worked on procedures
and applications of dual-maintenance of Solution changes
●
Worked to build
strategy and implemented structural authorization
●
Built and evaluated up
to 5 different IS_ H* prototypes
Visa
International, Foster City,
CA
June 2000 - April
2001
Technical Lead -
Senior Systems Analyst
(project
involved 5 team members and 5 different teams; each member built prototypes
for one team
Project
Development:
●
Large system, locking
critical Visa applications
●
Conversion (migration)
from Assembler 370 (3, 5 million lines of code) to C/C++ (mainframe and PC)
environment was using Visual Age C++ for TPF. Responsibilities
involved directing the Process and Technology Deployment (PTD). PTD supports
the Shared Services Organization in the evaluation, acquisition, and roll out
of software tools and development methodologies.
●
Responsibilities also
involved object oriented (OO), mentoring the teams (over 500 people) engaged
in OO development using UML based tools for analysis and design. Advising
development teams on how to effectively utilize tools for OO structuring team
oriented development. Also participated in the development of guidelines and other
forms of support documentation such as guides in setting up their environment
and instruction manuals.
●
Designed a critical
Visa International application for TPF (CVV-Card Verification Value,
Functional Messages, and Address Verification Value). Carried out initial
system study and design and involved in full phase of development. The
project contains over 3 million lines of code. Worked as Software Architect
and Consultant for project VISA NEW GENERATION
Application and
software: Rational
Rose, Visual Age C/C++, Extra! For TPF, NFS Maestro Solo, MS
Exchange/MS
Outlook, MS Internet Mail, MS Office and MS Excel
Operation
System: Window
NT4.0, AIX UNIX 4.2, MVS, VM, TPF (VPARS)
Hardware: IBM mainframe, PC workstation
Member of Boeing
Oracle
Telecomputing, Carleton Place, ON
September 1999 -
June 2000
Senior Embedded
Programmer Analyst
Project
Development:
●
Air traffic control
systems, Air traffic control simulator, Backup systems, Firewire
● drivers, Linux drivers (PCI, ISA,
Firewire), Touch screen drivers
● Designed air traffic Control System
for Cuba (drivers for Firewire backup of air traffic system, radar
● simulator), Air traffic Control
Simulator (client and telecommunication server), TCP/IP, SMTP, Voice
● Communication Systems, DSP's
SIEMENS, MOTOROLA (MPC7450), i960, INTEL, EMULEX, (PEB
● 20560 20340), and drivers, these
entailing the development of different models to forecast the effects of
● alternative sector and route
geometry, the establishment of lab-to-house simulation models and the
● reams of data they employ and the
development of an internationally recognized process for airspace.
● Designed Small Computer Systems
Interface (SCSI), back-up systems for Air traffic Control SCSI-3 technologies
disk array applications, Hot-Swap support. Worked as Software Architect for
low-level software and hardware development
● Designed 3 functional areas:
Interfacing, Switching and Conferencing, Supervision and Control
● Designed the program for main
component of architecture a Peripheral Component Interconnect adapter card;
it performs the Switching/Conferencing, Supervision and Control and
communicates with the Interface Shelf for reception of Signaling and
Supervisory signal, voice, and data
Application and
Software: C/C++
compiler for Linux, Hardware and Software Configuration, Assembler, C/C++,
and, Java 2.0, Vi editor
Operation
System: Linux
(Caldera, Slack ware, Red Hat, Turbo Linux), VMware, UNIX, Windows NT,
Windows 98, Qunix
Hardware: PC server/workstation,
oscilloscopes
Alternative
Resources Corporation and Subsidiaries/National Grocery, Toronto,
ON
March 1999 - June
1999
Senior
Programmer Analyst
Project
Development: Real
time warehouse system
●
Designed, programmed,
tested, and documented set of batch applications to check information in the
database
●
Designed, programmed,
tested, and documented the interface application between two warehouse
systems
Environment: Application and software: Oracle 7,
C, Pro*C/C++, PL/SQL, OOP methods, MS Exchange/ MS Outlook, MS Internet Mail,
MS Office 98 and MS Excel. Operation System: AIX UNIX 4.2, Window NT4.0
server/workstation, Windows 95. Hardware: PC server/workstation
City of Kingston
Corporation, Kingston,
ON
October 1998 -
March 1999
Senior Research
Officer
Project
Development:
●
Marketing application,
multi-users, and real time.
●
With over 2000 local servers and several mainframe host machines
Collect,
research, inventory and provide feedback on Year 2000
●
Compliance information
on the following City's assets:
●
Hardware components
●
Packaged
software
●
Commercially available
customization software solutions
●
Process control
components
●
Visual Basic, Access
●
Application and
components support
Environment: Applications and Software: MS
Visual Basic V5 Enterprise SP3, Access 97 MS Exchange/Outlook, MS Internet
Mail, MS Office 98
Operating
System: Window
NT4.0 server/workstation, Windows 95
Brain's II, Kingston,
ON
January 1997 -
September 1997
Field Service
Engineer
Project
development:
●
Real time system
analysis and decisions for complex systems
●
Serving public
computers: Ministries of Transportation, Health, Management Board
●
Secretariat and
private organizations (Lipton's, The Bay, Sears, Alcan)
●
Heavy customer contact
●
Repair of complex
computer systems
●
Repair to Component
Level (assembler language, schematics and oscilloscope)
Environment: Application and software:
Assembler, Test programs, OLTEP
Operating
System: OS 390,
Windows 3.1, 95, Window NT4.0 server/workstation, Windows 95, UNIX, OS/400
Hardware: IBM mainframe, IBM LAN Server,
AS400
Krigen
Corporation, Vinnitsa,
Ukraine
September 1991 -
January 1996
Director of
Information Technology
●
Provided consulting
services to various organizations
●
Managed information
systems and associated hardware (up to 33 mainframes in service in more than
20 different organizations)
●
Specified, designed,
and implemented customized information system solutions.
●
Design, implementation
and maintenance of the Inventory Management System Application for storing,
searching, retrieving information about buildings belonging to municipal
property.
●
Participated in
analysis, design evaluation, development, testing and implementation of
Application systems
●
Designed at high-level
all steps of Application systems (Architecture)
●
Supervised a team of
up to 20 Computer Engineers
Application and
Software: Borland
C/C++, Assembler, Embedded Systems, PL/1
Operating System
and Platform: OS
7.0, OS Real Time, UNIX, MVS, and DOS
Hardware:
Mainframes, PC, and Hybrids
Experience prior
to 1991
WestComputerComplex, Technical Lead, Vinnitsa,
Ukraine, USSR
●
Carried out component
level troubleshooting, program and micro-program using Assembler testing
●
Designed and
implemented several packages for different aspects of the maintenance and
usage of telecommunication equipment (Systems architecture for all levels
software and hardware).
●
Evaluated projects to
develop time, cost, and completion estimates
●
Conducted Analysis of
systems specifications and estimation, developed block diagrams and
flow-charts, conversion and systems implementation plans, prepared system and
programming documentation.
●
Created decision logic
tables in which all new software was tested for system compliance and
accuracy; recommended system enhancements.
●
Participated in
development of information systems, databases and hardware drivers
●
Supervised up to 10
people of Computer Engineers
Environment:
Application and
Software: Borland C/C++, Assembler, Embedded Systems, PL/1, OS 7.0, OS Real
Time, UNIX, MVS, and DOS, M/F, PC, hybrids, Data Transmission Multiplexers,
SNA Network, a hard disk interface for a hard drive, a tape drive interface
for a tape drive
Chkalov Aircraft
Production Association (220,000 employees), Technical Team Lead,
Tashkent, USSR
●
Installed and tested
data transmission multiplexor.
●
Troubleshot and
resolved system problems.
●
Designed software
tools for DOS
●
Created installation
documents
●
Channels I/O
simulation and programming
●
Designed channels
simulators
●
Designed for all level
systems access to •
●
Data transmission
multiplexor (Systems Architecture which combines software and hardware from
low level to high)
Environment:
Assembler, Embedded
Systems, PL/1, OS 7.0, MVS, DOS, M/F, Data Transmission Multiplexers, SNA
Network, a hard disk interface for a hard drive, a tape drive interface for a
tape drive
EDUCATION /
PROFESSIONAL DEVELOPMENT
Master of
Science Degree in Computer Science and Electronic Engineering,
Vinnitsa State
Technical University, Vinnitsa, Ukraine, USSR
Program
emphasis:
Information System,
Embedded Systems, Database, Business Application and Communications, Computer
Engineering, Management, Software Architectures
Final Project:
“Adaptation for
generation of functions on segnetopyezo electrical elements of analog memory
by
a
method of piece-linear approximation”
Central
Processor Internal Operations Certificate,
Union Computer
Complex, Kazan, USSR
Principle of
Operation (Processors), Programming in Assembler, Micro Programmed Control
Unit,
Operations unit,
Local Memory of Processor, Control Unit, Diagnostic Unit, Operational Memory
Bank,
Unit of giving
command, System of Virtual Machine, Selection Unit, Accelerator
Programmer
Analyst Diploma,
CDI College, Kingston, ON
SAP-
Security and Authorization Concepts Certificate, SAP, Montreal, QC
REFERENCES
AVAILABLE UPON REQUEST