Professional Documents
Culture Documents
PROESSIONAL SUMMARY:- I am 5 years experienced SAP Security GRC consultant with Fiori Security. Looking
forward for better opportunities and challenges ahead in my career so that I can learn and improve my skills in more
SAP areas.
TECHNOLOGY EXPERTIES:
SAPReleases SAP R/3 ECC 6.0, FIORI SECURITY
TechnicalSkills SAP GRC AC 10.1: Access Risk Analysis (ARA), Emergency Access Management (EAM),
Access Request Management (ARM),Business Role Management (BRM).
SKILL SET:
Had an opportunity to take part in Implementation & support project of SAP GRC ACCESS CONTROL 10.1.
Configured common settings like GRC AC post-installation tasks through specific IMG Activity nodes.
Performed risk analysis using ARA for users and roles in execution and simulation modes.
Performed mitigation against various risks for users & roles.
Activating application in client (SPRO), Check sap ICF service (SICF), Activating BC sets.
Adding the connector to auth scenario, enabling the right rule set.
Assign connector to the logical groups, Generating rule set, job synchronizing authorization, Run the first
analysis.
Creating the Fire-fighter-Id with Emergency access.
Assigning the Fire fighter-id to fire fighters with proper approvals.
Performed User & Role analysis to find the existing SOD violation for users and roles.
User administration user creation, deletion, locking, unlocking, password reset.
Maintaining derived roles, single roles and composite roles using Profile Generator in SAP R/3 systems.
Mass user comparison by running “pfcg_time_dependency” job in back ground
Report generation by using SUIM based on business requirement.
Analysing Missing Authorizations and Troubleshooting security issues using SU53, ST01.
Resolve user’s daily problems (lock, unlock, reinitialize passwords, no access to a transaction)
Extensively used SUIM to get Transactions, Roles, and Users etc.
Creating Users using eCATT and LSMW Scripts.
Identify conflicts and approve exceptions, Clarify and Classify Risk – High, Medium, Low.
Estimate clean-up efforts, Analyse roles and users.
Determine alternative controls to mitigate risk, Educate management about conflicts approval and monitoring.
Document a process for monitoring mitigation controls.
SAP EXPERIENCE:
Working as a SAP Security and GRC Consultant at KPMG Advisory Services Pvt Ltd, Since February 2020
PROJECT 1:VIACOM 18 MEDIA PVT LTD February – Present.
Project Type Support & Implementation
Role SAP Security & GRC ,Fiori Consultant
Team Size 2
SAP Environment ECC 6.0
BASHA SHAIK SAP security & GRC Consultant
Ph.No :+91-9866224448 Email: sapbasha1@gmail.com
Role & Responsibilities:
Configuration settings for Access Risk Analysis (ARA) and maintaining the Rule set to satisfy customer requirements.
o
Performed Configuration settings for Emergency Access Management as well.
o
Run the Access Risk Analysis.
o
Helping the Basis team Scheduling background jobs for synchronizing Authorizations into Access Control Repository and
o
monitoring the jobs.
Activating application in client (SPRO),Check sap ICF services(SICF),Activating BC sets.
o
Creating the initial user, Active common workflow, Perform automatic workflow customize, Perform task specific workflow.
o
Creating mitigation controls for customized risks as per business process owners and auditors suggestions.
o
Assigning mitigations controls to users.
o
Creating the Fire fighter-Id with Emergency access.
o
Creation of Roles, Profiles, Authorizations Adding Authorization Objects.
o
User administration like creating, modifying and password resetting based on user request.
o
Management of Users, Authorizations, Profiles and Roles.
o
Handled, Analysing and solving the missing authorizations and day-to-day security issues that are being raised by the users.
o
Handles all issues related to Security / Authorizations.
o
Creating and maintaining Objects and Roles including Single role, Composite role and derived role.
o
Optimizing the authorization checks by utilizing the SU53, user information and system traces
o
Performed authorization trace using ST01 for the issues related to the authorization issue.
o
Adding the roles, profiles to the user upon request.
o
Performed User comparison using PFCG, PFUD and by scheduled PFCG_time_dependency job.
o
Sending weekly and monthly reports to managers, approving all access requests.
o
Creation of Users, Locking / Unlocking & copying of Users.
o
Generate transports for security to move profiles and roles to the proper clients
o
Use Profile Generator to create, modify and customize Authorizations, Transactions, Roles, and Authorization Profiles.
o
Managing lock entries lock/unlock transaction codes.
o
Manual addition of Authorization objects in roles.
o
Provided On call support 24*7 for various issues.
o
Worked as a Senior Software Engineerat Hexaware Technologies from March 2018-Feb 2020.
Worked as a SAP Security and GRC Consultant at ITOUCH INFOTRONICS PVT LTD from Jan 2015-March2018.
Responsibilities:
Configurationsettings for Access Risk Analysis (ARA) and maintaining the Rule set to satisfy customer
requirements.
Performed Configuration settings for Emergency Access Management as well.
Run the Access Risk Analysis.
Helping the Basis team Scheduling background jobs for synchronizing Authorizations into Access Control
Repository and monitoring the jobs.
Activating application in client (SPRO),Check sap ICF services(SICF),Activating BC sets.
Creating the initial user, Active common workflow, Perform automatic workflow customize, Perform task
specific workflow.
Creating mitigation controls for customized risks as per business process owners and auditors suggestions.
Assigning mitigations controls to users.
Creating the Fire fighter-Id with Emergency access.
Creation of Roles, Profiles, Authorizations Adding Authorization Objects.
User administration like creating, modifying and password resetting based on user request.
Managed and created new users, groups for easy administration.
Mass user maintenance through SU10 and handling user issues through SU53, SU56 and System Trace
ST01,STAUTHTRACE
Extensively used SUIM transaction code for security analysis.
Analyse and fix the missing authorizations.
Extensively worked on SUIM in generating reports for and analysing authorization issues
Locking/deactivating accounts as per client request
Restricting authorizations of fields, field values
Worked on gathering business requirements, analyzed, built, tested and implemented security
Designed security structure for development and IT support teams across all systems in landscape
Prepared test scripts for security unit testing and integration testing
Handled production cutover activities and go live support
Created single and composite roles
Created master and derive roles
EDUCATION:
Qualification Educational Institution / University
Yours Sincerly,
Basha Shaik.