Pavankumar

Sr.SAP Security & GRC

Consultant

PROFESSIONAL SUMMARY
With overall 8 years of domain experience in SAP Security, GRC, Access & Process Controls project upgrade & implementation,
requirements gathering, role redesign, testing processes. Implemented GRC 10.1 (EAM, ARA, ARM, and BRM), ECC, BI, BPC 10,
CRM 7. Well-organized and meticulous style of functioning enables deliverance of quality output for the client.
Expertise:
SAP Application Security
ECC 6.0, HR, BI, BO, SRM, CRM and Net Weaver role design and authorization support
Created and Documented SAP Security blueprint designs
Created Security Role testing strategies and test scripts
Developed HR roles and authorizations
Configured BI Analysis Authorizations
Deployed Structural Security and Position Based Security
Created Authorizations and Roles based on the job profiles.
Contributed to the documentation for the various tasks that were performed for daily monitoring and support activities.
Prepare reports for daily and weekly service review calls
Authorization and Profile Maintenance (PFCG), Security and User Management, Troubleshoot
Used scripting tools like CATT and ECATT for mass user administration.
Configured and maintained Central User Administration
Extensively used SUIM (User Information System) to generate various reports for audit monitoring
Implemented BI Security with management of Analysis Authorizations ,Hierarchy Node using Transaction RSECADMIN
GRC Access Controls 5.3 and 10.1
Implemented GRC Access Control 10.1 implementation (upgrade GRC 5.3 to GRC 10.1)
Hands on experience implementing EAM, ARA, ARM, and BRM
LDAP Integration to GRC 10.1 for User Authentication
GRC, CUA, BPC Integration
Segregation of Duties and Audit (SOD)

Developing policies, procedures, and Internal Controls for Sarbanes-Oxley(SOX)

Document Security policy and procedures, operational documents
Work with internal & external auditors to provide population & evidences
Remediate deficiencies preventing material weaknesses
Lead Rule Set workshops with Internal Audit
Redesigned SAP Security roles to remediate SODs at the role level

Technical Qualifications

SAP R/3 (4.5 B, 4.6B, 4.6C, 4.7 Enterprise, ECC 5.0, 6.0)
SAP BW/v3.0 and 3.5, BI 7.1, CUA & GRC Integration
GRC 10.1, SAFE (PWC Tool),
MS-Excel, PowerPoint, MS-Visio, MS-Project
ORACLE 8i, 9i, Microsoft SQL Serve

PROFESSIONAL EXPERIENCE
GE Aviation, TX
Duration: March 2014 to till Date
Role SAP Security Lead
Page 1 of 5

Pavankumar
Sr.SAP Security & GRC
Consultant

Implemented GRC Access Control 10.1, upgrading the existing GRC 5.3
Responsible for Blueprint documentation of as is and to be process, Master Data accuracy, test scripts, training
documentation.
Developed Role Provisioning strategy automatically assign Common/Generic Roles to users
Configured MSMP Workflow Settings, completed post installation steps using SPRO and NWBC
Document the cutover plan, and coordinate with Release management team for successful implementation.
BRF+ decision table and MSMP workflow configuration including User Access Review (UAR) process
Work with SAP Service Support Team to resolve GRC 10.1 product defects on CUA Integration.
Design and Integrate BPC, GRC Access provisioning, CUA to meet the Security Audit requirements.
Good understanding of BPC Security design and BPC Security tables
Setting up users, teams, task profiles, data access profiles in BPC
Developed the User Provisioning Strategy to include HR Triggers for provisioning and termination
Integrated SAP Portal with ABAP systems
Deployed Password Self Service
Used scripting tools like CATT and ECATT for mass user administration.
Developed an SOD team to resolve User SOD conflicts by developing controls and updating policies / procedures
Troubleshoot Analysis Authorization
Analyzed Approval SOD reports and resolved SOD conflicts
Created Fire Fighter Roles and Fire Fighter Ids for Super User Privilege Access
Authorization checks using transaction SU24 and maintained check indicators for Transaction codes
Develop functionality, Testing Scenarios, and UAT scripts as per requirements and ensure that all test cases are passed
Defect management in HP QC.
Work with SAP Service Development team, to solve complex integration issues.
Collaborate with offshore teams for effective project delivery

GE Power Grid, TX
Duration: March 2013 to March 2014
Role SAP Security Lead

Worked with Compliance team in minimizing SOD conflicts.

Worked with Internal Audit team to design Mitigating Controls for remediating known risks.
Provided support and guidance to consultants configuring Risk Analysis and Remediation
Provided support and guidance to consultants configuring Superuser Privilege Management
Recommended Risk Analysis, Mitigation, and support strategies
Recommended role and user remediation strategies
Developed an Audit Response Team to review audit findings and develop controls
Document Basis, Development, and Security policy and procedures
Reduced Security remediation by focusing on Sarbanes-Oxley (SOX) issues during ECC 5.0 Implementation (design, testing,
and implementation)
Designed, developed, tested, and implemented R/3, XI,HR, and BW security
Remediate PWC audit results, including SOD conflicts, and developed a strategy preventing audit findings from resurfacing

Fixed authorization issues with the help of authorization analysis (SU53) and system trace (ST01)

Manage the scheduling of batch jobs and Monitoring through SM37

Utilized SU53, System traces and debug utilities to optimize authorization checks.
Developed an SOD process to resolve User SOD conflicts by developing controls and updating policies / procedures
Troubleshoot Analysis Authorization in BI along with User Exits
Analyzed Approval SOD reports and resolved SOD conflicts
Created Fire Fighter Roles and Fire Fighter Ids for Super User Privilege Access
Authorization checks using transaction SU24 and maintained check indicators for Transaction codes
Implemented BI Security with management of Analysis Authorizations ,Hierarchy Node using Transaction RSECADMIN

Page 2 of 5

Pavankumar
Sr.SAP Security & GRC
Consultant

Prepare reports for daily and weekly service review calls

Authorization and Profile Maintenance (PFCG), Security and User Management, Troubleshoot

Optima - (Tech Mahindra),OH

Duration: April 2012 to February 2013
Role SAP GRC consultant

Application security Support for GRC AC 5.3, ECC 6.0, BI 7.0, CRM 7.0
Implemented CRM Sales & Services and configured business roles and PFCG roles.
Expert in UI Component security, and developed task based roles for CRM business roles.
Worked with Internal Audit team to design Mitigating Controls for remediating known risks.
PFCG Role administration and User Administration via SU01 transaction code.
Fixed authorization issues with the help of authorization analysis (SU53) and system trace (ST01)
SOX clean up Redesigned the Roles as per business requirements.
Performed User master maintenance such as creating new users, assigning roles, deleting users, renaming users, resetting password,
Lock/unlock User ID using transaction code SU01
Secured tables and programs by creating authorization groups
Well versed with creation of roles viz. Composite, Single and Derived roles using PFCG.
Created Authorization groups using SE54 and assigned them in a Role using S_TABU_DIS also update the authorization group in SU24
for the transaction code.
Worked on critical authorization Objects like S_TABU_DIS, S_TABU_CLI, S_TABU_LIN.
Worked on SU24 to maintain Check Indicators for the Transaction Codes.
Extensively used SUIM (User Information System) to generate various reports for audit monitoring
Developed security role/activity group/activity groups for BW Queries and reports

Shine - (Tech Mahindra),OH

Duration: February 2011 to April 2012
Role Security Lead

CUA (Central User Administration) implementation in multi-tier landscape

User & Role Administration for production landscape
Created mass users maintenance in the system
Used SUIM to perform security analysis for various purposes.
Mentoring new team members on user and role management per company policy
Generated weekly report to see the users who have not used the system for 90 days
SAP Role Administration Implementation (Single, Composite roles)
Generated useful reports for like Roles to transaction, Role to User and Roles to Composite roles etc.
Understand the role of organizational values for restricting roles
Familiar with the Yellow, Green and red statuses in the roles
Inserted objects manually when required
Used ST01 to advice the client and Functional team on object required to restrict the transaction
Adherence of the ITIL process such as Incident / Problem / Change / Release Management
Work with the business process control team for SOX internal and external audits
Maintained CUA in Production and non-Production landscapes
Configured RFC connections between Central and Child systems
Communicated with Business Process owners to obtain approvals for Security authorization changes.

Coke - (Mahindra Satyam),Dayton

Duration: October 2010 to December 2011
Page 3 of 5

Pavankumar
Sr.SAP Security & GRC
Consultant

Role Security Lead

Provide ECC, BW, and HR security support

Maintain direct and indirect role assignment
Clean up PD Profiles
Deployed Structural Security and Position Based Security
Maintain and troubleshoot structural security
Troubleshoot Analysis Authorization
Analyzed Approval SoD reports and resolved SoD conflicts
Currently reviewing IT landscape to develop Single Sign On requirements
User Administration (SU01) Creation/Maintenance/Deletion/Termination as per the business requirements
Recommended and implemented values for profile parameters for controlling Password rules, logon rules, established monitoring process
Defining, Scheduling and Maintaining Background Jobs using SM36 & SM37
Creating and Maintaining RFC connection between Development and Production servers using SM59
Cleaning up of roles and profiles not being used
Review critical and sensitive authorizations, implement improvements to meet audit requirements.

Glasxo Smithkine - Philadelphia

Duration: August 2009 October 2010
Project Description: Implement ECC, Portal, PI, Solution Manager, Security and Single Sign On
Role: Security Lead
Responsibilities/Deliverables:

Developed SAP Security strategy, processes, policy, and procedures

Manage Security tasks and resources according to the implementation Project Plan
Designed, developed, tested, and implemented ECC 6.0 Security
Deployed Single Sign On (Kerberos) integrated with AD and SAP(ABAP and Java)
Implemented CUA and administered users
Created security process and procedures which will be integrated with a future installation of SAP Net Weaver Identity
Management

Microsoft - Seattle
Duration: Feb 2008 July 2009
Project Description: Implementation
Role: SAP Security Analyst
Responsibilities/Deliverables:

Worked with Compliance team in minimizing SOD conflicts.

Worked with Internal Audit team to design Mitigating Controls for remediating known risks.

Fixed authorization issues with the help of authorization analysis (SU53) and system trace (ST01)

Manage the scheduling of batch jobs and Monitoring through SM37

Utilized SU53, System traces and debug utilities to optimize authorization checks.
Developed an SOD process to resolve User SOD conflicts by developing controls and updating policies / procedures
Troubleshoot Analysis Authorization in BI along with User Exits
Analyzed Approval SOD reports and resolved SOD conflicts
Created Fire Fighter Roles and Fire Fighter Ids for Super User Privilege Access
Authorization checks using transaction SU24 and maintained check indicators for Transaction codes

Bridge Stone
Duration: June 2007-feb2008
Project Description: Administration
Role: Basis consultant
Page 4 of 5

Pavankumar
Sr.SAP Security & GRC
Consultant

Responsibilities/Deliverables:

Daily Back up checks(Online, Offline)

Production support and maintenance.
Creating, modifying & deleting users as applicable.
Checking users roles and assigning authorizations to users roles.
Transporting the requests from Development to Production Servers and verifying through
Configured Operation modes.
Utilized SU53, System traces and debug utilities to optimize authorization checks.
Profile maintenance (.rz10)
Performed monitoring of SAP R/3 Database, Error Logs, and Performance Criteria
Applying support packages through SPAM.
Applying Add-ons thru SAINT.

Page 5 of 5