David Clement J D

SAP Security &GRC Consultant

E-Mail: davidthecoolg@gmail.com
Mobile: +91 8792431483

CAREER SUMMARY

 Over 8 Years of total experience in R/3 Security, Portal Security, GRC Access Control (GRC 5.3 and GRC 10), SOX
Audit Controls

 Experience working in different systems like ECC 6.0, APO, BI/BW, GRC 5.3, GRC 10, SOLMAN 7.0 CHARM and
Enterprise Portal

 Experience in leading individuals and mentoring team members

 Knowledge and working experience of SOX (Sarbanes-Oxley Act) Compliance and SOD (Segregation of Duties)
standards

 Experience working in internal audit team for SAP Security Controls

 Worked on GRC components (CUP (Compliant User Provisioning), RAR (Risk Analysis & Remediation), SPM (Fire
Fighter)

 Done some configurations in GRC connectors to connector groups and creation of new business process

 Proficient in trouble-shooting authorization issues by using SU53 and ST01.

 Experience in addressing security issues and providing suitable solution and resolving issues on timely manner as
per SLA

 User Management like User Creation, deletion of user, user’s locks.

 Analysing of missing authorizations and assigning Roles to users

 Profile maintenance through PFCG.

 Audit logs configuration and monitoring

 Worked on Transport Management System.

 Maintaining Profile parameters

 Experience in leading individuals and mentoring team members.

 Well versed in implementing central data, business process and change management strategies in complex
business environments.

 Good understanding of SOX and SOD issues as well as mitigation processes working with internal and external
auditors

 Direct interaction with client based on their requirements.

 Have worked in CHARM and Solution Manger with ticket & change management

 Experience working in HPALM testing for system & user acceptance testing cases
SAP Security and GRC Consultant

SAP WORK EXPERIENCE:

Project #1 Dec 2012 – Aug 2014

Company Wipro technologies

Project PHILIPS
Environment SOX Audit, ECC 6.0, PI, EP, BW,CRM and GRC 5.3

 Worked with the various Business stakeholders and Audit teams in identifying risks, mitigation controls and approval
workflows in consideration with current processes.
 Created mitigation controls for SOD issues and scheduled batch jobs to provide reports to the Management team on a
quarterly basis for review.
 Provided reports to the internal and external auditors and created custom audit roles based on audit needs.
 Created documentation and trained the audit team and off-shore support security team in all aspects of the GRC Suite
to provide for a seamless transition.
 Configured Access Enforcer and defined the user access request process.
 Configured main, forked and parallel workflows and identified escape routes for approval process.
 Provided training and documentation to the audit and Global access provisioning team in Access Enforcer
 Created Firefighter IDs and roles based on business areas and requirements.
 Configured Owners, Controllers and security setup along with various configuration parameters in Firefighter.
 Configured Firefighter background jobs for running in hourly to ensure the controllers get the Login Notification and Log
Reports.
 Trained potential Firefighters and Business owners on using the Firefighter cockpit and various reports
 Assigned roles in CUA for users in child systems
 Checking user mitigation with mitigation control id in GRC RAR and ARA

Project #2 Sep 2014 – May 2020

Company Wipro technologies

Project JOHNSON & JOHNSON INFORMATION TECHNOLOGY
Environment ECC 6.0, BW, APO, SAP Enterprise portal, HP ALM, GRC 5.3/10.1

Roles and Responsibilities:

 Identified pain & improvement areas needing immediate attention in the SAP Security CoE and implemented process
improvements for the same.
 Re-designed all SAP roles and implemented a common security policy for all SAP landscapes
 Re-designed table security, program security & custom tcode security.
 Providing access to new users in SAP systems via GRC CUP.
 Providing Firefighter access to users via GRC CUP for performing critical activities in Production

Page 2 of 3
SAP Security and GRC Consultant

 User administration activities like creating user Ids based on standard naming convention, resetting passwords, locking
and unlocking users.
 Involved the rule set change management process in GRC
 Role Analysis & Object level security to build Production security roles
 Helped training by creating roles according to the training catalog
 Verifying all approvals for the Change request, SOD Simulation reports
 Created Business Partner for each employee (BP)
 Was responsible for analyzing and setup of different roles, profiles and authorizations
 Role maintenance activities
 Have experience working in HP ALM Testing tool with test run scenarios of modified SAP roles from development, when
moving Change management requests from Quality to Production through Solman Charm tool
 Developed Security SoP & Guidelines document to act as a single source & point of information for SAP Security SLAs,
escalation procedures.
 Done role creation in GRC and mas role import as well as updating “Role Owner”
 Maintaining FF Owners/Controllers, Role Owners in “Access Control Owner” table
 Approving ARM requests and correcting approver incorrect path issue requests
 Updated decision tables in BRF+ and mapping custom code to function id, risk id and rule set
 Worked extensively during the hyper-care period and have resolved tickets on priority basis.
 Managed a team of four resources from off shore and provided direction on resolving the tickets.

ACADEMICS:

M.S. Software Engineering

Page 3 of 3