Ajit Prasad

ajitsprasad@gmail.com

425 647 6684

 

Professional Summary

 

·               An accomplished IT executive with extensive experience in SAP security, Data Security, Authorization and SOX Compliance concepts with strong techno functional background in various industries like Bio-solutions, Defense & Aero-space, Higher Education, Investment Banking, Life sciences, Oil & Energy, Nutrition, Paper & Packaging, Pharmaceuticals & Distribution, Forestry and Telecommunications.

·               Distinguished career supporting SAP deployments, system design / Role re-engineering; providing custom design/configuration, technical process development, and resource management for critical projects.

·               Involved in all aspects of Security and Basis; technical infrastructure assessment, upgrades, change management, user management, and role administration.

·               Good knowledge of Business process re-engineering concepts with excellent communication & interpersonal skills.

SAP Skills Summary

 

SAP Security & GRC experience: 10+ Years

 

ü                      Specialized in designing and implementing Role-based security in SAP R/3, ECC, BW/BI, CRM, BObj/BOE and HANA.

ü                      Solid hands-on experience in SAP development cycle, starting from business process definition, mapping to configuration, unit testing, co-ordination of transports to Production, training, go-live and post go-live support.

ü                      Special skills in compliance based authorizations, identity and access management, User maintenance, internal controls and developing security measures and concepts for Sarbanes-Oxley (SOX) compliance.

ü                      Expert Knowledge of the SAP Security System Architecture. Extensive experience developing, redefining and standardizing security process on user authentication and authorization.

ü                      Proficient in use of Profile Generator (PFCG) Hands on knowledge of Role creation, role changes, authorizations, reviewing and assigning sensitive transactions, Performing UNIT testing on created roles. Transportation of changes across the system landscape.

ü                      Expertise in controlling access to T-codes, tables and programs. Created custom t-codes, custom objects, custom object classes, program security, and table security meeting client's requirements.

ü                      Generated, Maintained, Modified / Copied authorizations, authorization profiles based on existing roles and from SAP-Provided User Role Templates to create set of custom roles including Master and derived roles. Also created Composite role to meet clients’ needs

ü                      Created Authorization Groups, Customized Transaction Codes and maintained Check Indicators for Authorization objects in SU24

ü                      Extensively used CUA. Experience in implementation and administration of CUA for user management.

ü                      Experience in analysis authorization in BI 7+, Experienced with Authorization Variables, Authorization Objects, Security on query/InfoCube /InfoObjects, Creation of Roles and Users.

ü                      Experience in implementing security around HANA & BObj/BOE solution for streamlining user access.

ü                      Experience in setup of BPC security for administrative and business users

ü                      Experienced in implementing security for Solution Manager 7.x WorkCenters

ü                      Experience working with internal / external audit teams to prevent and mitigate any compliance/regulatory issue to ensure that appropriate level of protection and adherence to the goals of the overall SAP security strategy is maintained

ü                      Specialized in segregation of duties (SOD) and security analysis. Extensive experience with SAP GRC/Virsa (SAP GRC Access Control 10.0 [ARA, BRM, ARM, EAM], GRC 5.x (RAR, ERM, CUP, SPM) Virsa (Compliance Calibrator, Fire-Fighter, Role Enforcer, Access Enforcer) & Approva BizRight tools.

ü                      Security configuration experience for Regulatory, Royalty and Tax Reports, Master Data Management in SAP PRA. Good understanding of implementation of SAP PRA Regulatory /Tax / Royalty reporting.

ü                      Developed Security Policies, Procedures, Controls and documentation for Sarbanes-Oxley Requirements.

ü                      Completed multiple cycles of implementation in SAP. Providing support to Cutover activities including GO-LIVE and post Go-live Support. Experience in large-scale re-engineering activities, supporting phased rollouts.

ü                      Responsible for leading the sap security team in all aspects of security administration. Experience in managing off-shore teams. Worked on uPerform for user training and knowledge sharing.

 

ERP:SAP R/3 (ECC 7.2, 6.0, 5.0, 4.7, 4.6c), APO/SCM, BOE (BObj), CRM, PRA, BCS, EPM (BPC), GTS, SRM (EBP), HANA & Sol-Man 7.x

SOX Tools:SAP GRC 10.0 AC, GRC 5.x AC, Virsa 4.x, Approva, SAFE (PWC), IBIS RBE, Panaya

Data Warehouse:SAP BI 7.0 ~ 3.5, APO, BCS, BPC

Case Tools:BMC SDE (Service Desk Express), Remedy, CA UniCenter, UDDB, HPQC, uPerform, Rev-Track, WinShuttle

 

Professional Experience

 

Airlines, Dallas Tx       Sep 14 to Present

Role: SAP Security Consultant

Responsibilities

·   Responsible of implementation and documentation of all officially approved, auditor recommended mandates requested by IT and corporate management

·   Reviewed security design and roles and provide recommendations for role redesign based on audit concerns.

·   Revamped the Firefighter security set up. Designed new firefighter ids, roles. Analyzed fire fighter logs and provided guidelines for usage and assigning Firefighter ids

·   Developing documentation for the client team for SAP Emergency access process and procedure.

·   Provided hands on support for Role creation, role changes, authorizations, reviewing and assigning sensitive transactions, Performing UNIT testing on created roles. Transportation of changes across the system landscape

·   Helped in consolidating over 3000 Derived Roles in SCM to based by Organizational levels such as Airports (cost center, profit center)

·   Assisted production support issues of HPQC in ECC and SCM.

·   Responsible for all User Administration tasks, creating and deleting users, assigning roles. Setting up procedures and policies for locking and unlocking users. Wrote e Catt (SECATT) script for mass user maintenance.

·   Helped client with Best Industry practice of tying Custom T-Code to Custom A-Obj.to with these A-Obj being called in the ABAP Program.

·   Act as the escalation point for problem resolution, for IT staff/ team members, from a technical standpoint.

 

Merit Energy, Dallas Tx       June 14 to Aug 14

Role: SAP Security Consultant

Responsibilities

·   Assessed current Security Setup for BW/BI 7.4, Business Objects 4.1 & HANA 1.07 and recommended solutions for improving security in the production environment.

·   Designed HANA security matrix for providing access to HANA database users.

·   Created Repository Roles in HANA for Developers/Modelers, Administrators including security administrators and reporting users.

·   Creating Analytic privileges for Reporting Users in SAP HANA modeler for attribute, analytic and calculative views.

·   Designed reports for business users using virtual data models in SAP HANA Live

·   Developed security framework for BOE. Created Custom Rights Access level, user groups to streamline authorization for Universes/Folders/Components in BOE.

·   Developed Queries to access data from BOE repository related to User / Universe / Webi.

·   Redesigned BI roles to restrict access to Z* Queries and folders using Analysis Authorization to specific Info Objects.

·   Prepared the Project plan for CUA implementation from Blueprinting to Realization for client for future implementation.

 

Boeing, Dallas Tx         Feb 14 to May 14

Role: SAP GRC Security Compliance Analyst / Analytics Consultant

Responsibilities

·   Lead Role  Redesign project  for reviewing and redesigning roles in SAP ECC for FICO SD, MM, MDG

·   Reduce the number of Composite roles assigned to users to one composite and redesigned single roles in composites to eliminate redundant authorizations assignments

·   Created new Authorization Groups for table security, Customized Transaction Codes and maintained Check Indicators for Authorization objects in SU24

·   Maintained / enforced SOD rules during role redesign project using SAP GRC tools.

·   Created naming Conventions and Standards for Roles and Custom Authorization Objects

·   Assisted in production support tasks as needed.

·   Provided support for realigning IT procedures with clients Information security standards and SOX regulatory compliance.

·   Worked with the audit team for assessment of the SAP control environment to identify internal control deficiencies and recommend improvements.

·   Created customized security and functional reports in the Procurement, Inventory management, Sales and finance area.

·   Analyzed and configured BW/BI 7.0 data security environment to facilitate custom reporting and data analytics solutions.

·   Created Analysis Authorization Objects to secure reporting users. Reports secured for Company Codes, Plants, Controlling Areas, Sales Organizations and Purchasing Organizations.

·   Helped Client Analyze Data using MS Excel with Pivot Tables.

·              Developed queries for reports and created fields, built Info-sets through SQ01/2/3 SQVI

 

Emergent BioSolutions, Lancing MI,           Apr 12 to Dec 13

Role: SAP Security Lead

Responsibilities

·   Lead for security Upgrade & Support solutions for client moving from SAP 4.7 to ECC 6.0 for modules FI-CO, QM, MM, PP, BObj/BOE & Sol-Man.

·   Compiled a project time line / plan on how to approach the task and designed a structure on which to build the Security and Authorization required by the client and to satisfy the Auditor's concerns.

·   Guided, reviewed and changed/updated all Roles in updated SAP ECC 6.0 Box for new T-Codes/Authorization Objects that came with this Upgrade as per SU25.

·   Provided support for Cutover activities during Go-live; developing Cutover activities plan, coordinating  with different teams, technical support for locking and unlocking users, providing firefighter access, maintaining audit logs, providing Post go-live support.

·   Analyzed SAP user Incidents and provided solutions. Provided ‘Hands on’ trouble shooting support for any user authorization failures in all SAP applications. Effectively analyzed trace files and tracked missing authorizations for user access problems

·   Extensively use standard SAP Security transactions such as SU01/D/10 (Maintain User/Display only/Mass Maintenance), SUIM (User Information Systems), ST01 (System Trace), SU53/56 (Authorization fail/User Buffer), PFCG/UD (Automatic Role-Profile Generator/Comparing User Master) and SU20/21/24 (Maintain Auth fields/Auth-Object n Auth Class/Check Indicators).

·   Maintained the Firefighter IDs, privileged access and user mapping in EAM (Emergency Access Management) Tool.

·   Created WorkCentre roles and freestyle roles in UME in  SAP Enterprise Portal 7.3.

·   Recorded & published SAP Process documents using RWD uPerform.

·   Educated client with use of GRC 10 AC (Access control) tool to manage violations/mitigation in RAR to ensure SOX compliance, usage for Audit T-Codes SM18, SM19 & SM20.

·   Managed the BODs (Business Objects) Security to model more conducive with changes to Upgrade for User Groups and Folders.

·   Used Panaya a SAP UpGrade tool for making changes in ECC 6.0.

·   Managed Users on CMC (Central Management Console) BOE/ BObj and set in place controls for mitigating Security Risk.

Key Achievements:

·   Spearheaded large-scale, upgrade project with minimal downtime process.

·   Knowledge transfer to team on security authorization concept and security design/implementation. Contributed to documentation management.

 

Bell Copter (a Textron Co), Dallas TX        July 11 to Mar 12

Role: SAP GTS Security & ECC Security SME

Responsibilities

·   Provided NEW security solution for GTS. Lead the Role design process with complete Analysis of GTS roles to comply with SOX and prevent violation of SOD (Segregation of Duties) using PFCG, SU21 & SU24 (USOBT_C & USOBX_C) tables.

·   Conducted workshops for gathering role requirement from business for GTS. Acted as a liaison between the business, functional and technical team.

·   Developed Composite & Master/Derive roles in compliance with ITAR regulations.

·   Transported the generated roles and profiles using SAP Transport/Change Request Management System using Rev-Track tool.

·   Supported Go-live.

·   Set up Roles & authorization in MDG-M and MDG-F (Master Data Governance) to control access to Material and Finance master data

·   Restricted access to SAP tables using SE54 to build New Auth groups to prevent any Company policy or SOD violation.

·   Set up authorization & reports around MRS (Multiple Resource Scheduler) and MRP (Materials Requirement Planning) to optimize with validation for servicing of equipment.

·   Also assisted team with SD, MM and CRM Roles redesign and implemented methodology for controlling end user access to plants, cost centers.

·   Design and implement security for Workenters in Sol-Man 7.1.

·   Managed sales codes and business partners (BP) in CRM org structure PPOMA_CRM.

·   Changed CRM Business Roles for Vendors Web-UI framework (Business Role dependent view configuration / CRMC_UI_PROFILE, Org Model / Unit positioning, enhanced object assignment, Authorization Report Programs (CRMD_UI_ROLE_PREPARE, CRMD_UI_ROLE_ASSIGN).

·   Extensively used CUA (Central User Administration) to execute tasks to support User administration including handling Users (provisioning, de-provisioning) for Production and Non-Production Systems and Used IDM for provisioning User with functions to 3^rd party tools.

·   Created SeCATT scripts for changes in Role groups and User Administration activities.

Key Achievements

·   Created GTS roles ensuring complete adherence to SOD compliance issues and controlling unauthorized access.

·   Resolved High Priority trouble tickets for Production System.

 

ULA (A Lockheed & Boeing Co), Denver, CO         Jun 10 to Mar 11

Role: SAP Security SME

Responsibilities:

·   Provided support for Business Process Redesign for SOX compliance. Worked with the audit team for assessment of the SAP control environment to identify internal control deficiencies and recommend improvements.

·   Point of Contact for External and Internal Auditors to provide all SAP Security related information, communicates current company policy and procedures, and provides data from SAP Systems for audit analysis.

·   Redesigned security architecture and revamped existing roles, enabling segregation of duties for all SAP users in SAP ECC 6 system as per audit mandate.

·   Developed, documented, Business Process Owner driven Role change management, testing, and assignment approval process.

·   Wrote eCatt (SeCATT) Scripts for mass role creation, changes, mass user creation, change tasks.

·   Provided production support, to end users, functional and technical users FI-CO, SCM, HCM & BI.

·   Provided Security solutions in HANA with restrictions to Roles & Privileges

·   Restricted BI Reports based on Info cube level, Info Object level and Hierarchy node level using Analysis Authorization via RSECADMIN.

·   Created & published SAP Process documents using RWD uPerform.

·   Helped the team for EPH-4 Upgrade running SU25 & adjusting Org Levels. Provided support for Cut-over activities.

Key Achievements

·   Provided a documented, audit compliant, security role change management procedure resulting in elimination of risks in production with dramatic reduction of time and resources.

 

Verizon Tele-Com, Dallas, TX          July 09 to Jun 10

Role: SAP CRM Security Lead

Responsibilities:

·   Collected, mapped security Role requirements with Functional team and Business owners for NEW implementation of CRM Lease module.

·   Managed Users in Sol-Man for accessing CRM UIU Framework.

·   Created new CRM Business Roles for Vendors Web-UI framework. Prepared Test Plans and Test Scripts for testing the new roles and transactions.

·   Supported GO-LIVE in April 2010.

·   Built & managed Roles with Custom Auth-Objects for metrics reporting on usage

·   Maintained group Data on Excel Workbook using Pivot Tables to clean Governmental restriction for metrics reporting on usage.

·   Advised clients and developed complex technical architecture and design for GARM (Global Access Rights Management of Sensitive Government Data) initiatives.

·   Built & assisted in SAP GTS Roles as per business team requirements. Created custom t-codes, custom objects, custom object classes, program security, and table security meeting client's requirements.

Key Achievements

·   Delivered audit compliant roles for CRM work process for roll out to US & UK sites.

·   Contributed to enhance development security roles as per Information Risk Management standards, delivering excellence in technical and business synergies.

·   Paved ‘building block’ for next phase and future enterprise implementation.

 

Allianz Global Investments, Los Angeles, CA           Aug 08 to Jun 09

Role: SAP Security Architect

Responsibilities:

·   Provided SAP Security planning, design, implementation, testing, and support for new implementation of NW/ECC and BI landscape using SAP best practices.

·   Created workshops for Business / Functional Users for Role Mapping.

·   Created over 250 Roles using PFCG for US and Europe End Users. Addressed solutions to accommodate multiple locations across the globe utilizing Master and Derived Roles.

·   Created Custom Auth-Object (SU21), updated SU24 tables (USOBT_C & USOBX_C) and transported the workbench request.

·   Extensive use standard SAP Security transactions such as SU01/D/10 (Maintain User/Display only/Mass Maintenance), SUIM (User Information Systems), ST01 (System Trace), SU53/56 (Authorization fail/User Buffer) and PFCG/UD (Automatic Role-Profile Generator/Comparing User Master).

·   Isolated Bond groups using Pivot tables and built BW/BCS Authorization Roles.

·   Provided support for Cutover activities during Go-live; locking and unlocking users, providing firefighter access, maintaining audit logs, providing Post go-live support.

·   Created Transactions Help & Training documents for SAP Transactions with uPerform.

·   Managed Users & Security for BObj Instance with Folder, Access levels & Groups.

·   Set up Access Rights to Users and access levels to Info Objects in BI.

·   Build and tested BPC roles and provide Security appropriate authorization.

Key Achievements:

·   Designed and developed Security roles for various location site based on org level.

 

BearingPoint, Seattle, WA            Jan 08 to Jul 08

Role: SAP SOX and Compliance Manager

As a Bearing Point Manager, helped in SAP project implementation with a number of end clients in the Oil & gas industries, education and pharmaceutical industry. Collaborated with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments, and other planning documents. Managed offshore team and ensured that deadlines are met. Implemented SAP Best Practices Procedures resulting in dramatic decrease in time and resources.

Responsibilities:

·   Managed SAP GRC 5.3 implementation and upgrades for various clients.

·   Supported design solution for SAP MDM implementation for Master data and reporting for Oil and Gas Industry through collaboration with IBM.

·   Configured Royalty Reporting for SAP PRA, migrated Royalty master data from legacy system, set up agency code, generated reports through the Report driver.

·   Used Pivot tables to categorize Organization/Royalty/Tax payment to Clients.

·   Provided solutions for ERP Package modules for clients. Assisted in client needs assessments, delivery, integration and management of ERP solutions. Built a complete SAP Security infrastructure using Job based Security Roles for Procure-To-Pay, Project Creation-To-Complete, Acquire-To-Retire, Record-To-Report, Order-To-Cash and Time-&-Expense.

·   Mitigated the SOD issues using Compliance Calibrator and worked with the SOX committee in order to ensure clean roles on client sites.

·   Provided assistance in implementation of SAP NW IDM Identity management. Provided architectural guidance for user provisioning, workflows leveraging existing structure.

·   Developed security solutions in BI for Reports & Query Roles from ECC & BCS Standpoint.

·   Restricted user access and created task and data access profiles for users in BPC.

Key Achievements:

·   Used current technology and tools to enhance the effectiveness of deliverables and services.

 

T-Mobile, Bellevue WA            Sep 05 to Jan 08

Role: SAP CRM Security & SOX Configuration Manager

Responsibilities:

·   Provided technical and management support for SAP CRM.

·   Designed, developed and managed CRM CIC (Customer Interaction Center), DCM (Direct Channel Management) Internet Users (T-Star, Flex payment, PCI, Idoo & Biller-Direct) through BP Business Partner, PPOMA_CRM Change Organizational Model.

·   Provided production support across FI-CO, CRM, EBP (SRM), BI.

·   Addressed User issues in EBP/SRM Org-Structure through PPOMA_EBP & PPO1 to fix broken Users feed through HCM/HR or directly changing their Position PP01.

·   Worked with BI Team to address Power User and Report User needs as per Query / Cube data needs via RSSM.

·   Extensively used Pivot Tables to address SLA on Remedy Requests.

·   Worked as lead for managing off-shore Security Team.

·   Assisted team with Upgrade to ECC 6.0

·   Road mapped three year Identity and Access Management architecture and work streams for presentation to higher management.

·   Assisted in designing CUA solution for implementation. Created CUA system users and RFC connections, Defined logical systems (BD54) and assigned logical systems to corresponding clients (SCC44) synchronized users, reviewed settings and parameters.

·   Integrated 3^rd Party tools and built New Auth-Objects to get T-Mobile PCI Compliant (Payment Card Industry) for data from CRM Org-Structure & ECC System.

·   Utilized Virsa 4.0/5.0 (GRC toolset acquired by SAP) in the creation and management of roles and users. Provided and administered Virsa (VFAT) Firefighter roles to the business following standard operation procedures.

·   Utilized “what-if” scenario using Approva BizRight tools.

Key Achievements:

·   Spearheaded large-scale, critical process improvements that have been successfully integrated into technical operations; realizing tremendous bottom-line efficiencies.

 

International Paper, Memphis TN         Dec ’04 to Jul ’05

Role: Sr SAP SoX Security Consultant

Responsibilities:

·   Developed security measures and procedures concepts to get the company Sarbanes Oxley compliance (SoX) in SAP R/3 and New Dimension Tools across 155-system landscape with 95,000 users across 5 continents in SAP 4.7, & PWC SAFE (GRC Tool acquired by VIRSA)

·   Devised and reviewed auditing test protocols, procedures, templates and guidelines, to ensure compliance with SOX standards.

·   Designed Role layouts. Provided hands on knowledge for creating new roles and profiles with profile generator (PFCG).

·   Analyzed Business scope, user roles and developed user / role matrix for better understanding of the Security authorization plan and worked with Teams to roll out for 120 sites.

·   Worked on Central User Administration (CUA) for handling Users (provisioning/ de-provisioning) for Production and Non-Production Systems and checking for errors & warning with SCUL.

 

PG&E, Houston TX          Jan ’01 to Jul ’03

Role: SAP Basis/Security and Oil & Gas Consultant

Responsibilities:

·   Created and maintained user authorizations, roles and profiles. Analyzed trace files and tracked missed authorizations for users access problems and inserted missing authorizations manually.

·   Configured Master Data on TD (Transport & Distribution) & TDP (Tariffs, Duties, Permits).

·   Set up Parameter defaults, Tax liabilities, for downstream components of Oil & Gas.

·   Translated business requirements into technical requirements and ensured that the timelines established are realistic given the actual work required.

·   Managed SAP Basis pertaining to System-Profiles RZ10 for Instance refreshes, CCMS, Client Copies, monitoring of Alert monitors and Performance analysis in SAP.

 

Professional Training and Certification

SAP NWBC/FIORI Training

SAP HANA Training for Security Management

SAP Education in GRC 10.0

SAP BODs BOE / BObj Training for Security Management

SAP Academy training in EP Administration

SAP Academy training in BI Business Intelligence

SAP Academy training in R/3 Application Security Concept

Certification in Anti-Bribery

Course work on A123

Protiviti SoX Compliance 404/302 Course

FCPA Oracle Database Course