BASHA SHAIK SAP security & GRC Consultant

Ph.No :+91-9866224448 Email:sapbasha1@gmail.com

PROESSIONAL SUMMARY:- I am 5 years experienced SAP Security GRC consultant with Fiori Security. Looking
forward for better opportunities and challenges ahead in my career so that I can learn and improve my skills in more
SAP areas.

TECHNOLOGY EXPERTIES:
SAPReleases SAP R/3 ECC 6.0, FIORI SECURITY
TechnicalSkills SAP GRC AC 10.1: Access Risk Analysis (ARA), Emergency Access Management (EAM),
Access Request Management (ARM),Business Role Management (BRM).

SKILL SET:

 Had an opportunity to take part in Implementation & support project of SAP GRC ACCESS CONTROL 10.1.
 Configured common settings like GRC AC post-installation tasks through specific IMG Activity nodes.
 Performed risk analysis using ARA for users and roles in execution and simulation modes.
 Performed mitigation against various risks for users & roles.
 Activating application in client (SPRO), Check sap ICF service (SICF), Activating BC sets.
 Adding the connector to auth scenario, enabling the right rule set.
 Assign connector to the logical groups, Generating rule set, job synchronizing authorization, Run the first
analysis.
 Creating the Fire-fighter-Id with Emergency access.
 Assigning the Fire fighter-id to fire fighters with proper approvals.
 Performed User & Role analysis to find the existing SOD violation for users and roles.
 User administration user creation, deletion, locking, unlocking, password reset.
 Maintaining derived roles, single roles and composite roles using Profile Generator in SAP R/3 systems.
 Mass user comparison by running “pfcg_time_dependency” job in back ground
 Report generation by using SUIM based on business requirement.
 Analysing Missing Authorizations and Troubleshooting security issues using SU53, ST01.
 Resolve user’s daily problems (lock, unlock, reinitialize passwords, no access to a transaction)
 Extensively used SUIM to get Transactions, Roles, and Users etc.
 Creating Users using eCATT and LSMW Scripts.
 Identify conflicts and approve exceptions, Clarify and Classify Risk – High, Medium, Low.
 Estimate clean-up efforts, Analyse roles and users.
 Determine alternative controls to mitigate risk, Educate management about conflicts approval and monitoring.
 Document a process for monitoring mitigation controls.
SAP EXPERIENCE:

Working as a SAP Security and GRC Consultant at KPMG Advisory Services Pvt Ltd, Since February 2020
PROJECT 1:VIACOM 18 MEDIA PVT LTD February – Present.
Project Type Support & Implementation
Role SAP Security & GRC ,Fiori Consultant
Team Size 2
SAP Environment ECC 6.0
 BASHA SHAIK SAP security & GRC Consultant
Ph.No :+91-9866224448 Email: sapbasha1@gmail.com
Role & Responsibilities:

Configuration settings for Access Risk Analysis (ARA) and maintaining the Rule set to satisfy customer requirements.
o
Performed Configuration settings for Emergency Access Management as well.
o
Run the Access Risk Analysis.
o
Helping the Basis team Scheduling background jobs for synchronizing Authorizations into Access Control Repository and
o
monitoring the jobs.
Activating application in client (SPRO),Check sap ICF services(SICF),Activating BC sets.
o
Creating the initial user, Active common workflow, Perform automatic workflow customize, Perform task specific workflow.
o
Creating mitigation controls for customized risks as per business process owners and auditors suggestions.
o
Assigning mitigations controls to users.
o
Creating the Fire fighter-Id with Emergency access.
o
Creation of Roles, Profiles, Authorizations Adding Authorization Objects.
o
User administration like creating, modifying and password resetting based on user request.
o
Management of Users, Authorizations, Profiles and Roles.
o
Handled, Analysing and solving the missing authorizations and day-to-day security issues that are being raised by the users.
o
Handles all issues related to Security / Authorizations.
o
Creating and maintaining Objects and Roles including Single role, Composite role and derived role.
o
Optimizing the authorization checks by utilizing the SU53, user information and system traces
o
Performed authorization trace using ST01 for the issues related to the authorization issue.
o
Adding the roles, profiles to the user upon request.
o
Performed User comparison using PFCG, PFUD and by scheduled PFCG_time_dependency job.
o
Sending weekly and monthly reports to managers, approving all access requests.
o
Creation of Users, Locking / Unlocking & copying of Users.
o
Generate transports for security to move profiles and roles to the proper clients
o
Use Profile Generator to create, modify and customize Authorizations, Transactions, Roles, and Authorization Profiles.
o
Managing lock entries lock/unlock transaction codes.
o
Manual addition of Authorization objects in roles.
o
Provided On call support 24*7 for various issues.
o
Worked as a Senior Software Engineerat Hexaware Technologies from March 2018-Feb 2020.

PROJECT 2:Gate Group International March 2018-Feb 2020

Project Type Support & Implementation
Role SAP Security, Fiori Security
Team Size 4
SAP Environment ECC 6.0
 Responsibilities:

 Creation of Roles, Profiles, Authorizations Adding Authorization Objects.

 User administration like creating, modifying and password resetting based on user request.
 Managed and created new users, groups for easy administration.
 Mass user maintenance through SU10 and handling user issues through SU53, SU56 and System Trace
ST01,STAUTHTRACE
 Extensively used SUIM transaction code for security analysis.
 Analyse and fix the missing authorizations.
 Extensively worked on SUIM in generating reports for and analysing authorization issues
 Locking/deactivating accounts as per client request
 Restricting authorizations of fields, field values
 Worked on gathering business requirements, analyzed, built, tested and implemented security
 Designed security structure for development and IT support teams across all systems in landscape
 Prepared test scripts for security unit testing and integration testing
 Handled production cutover activities and go live support
 Created single and composite roles
 Created master and derive roles
 Created user accounts and assigned roles and profiles.
 Worked with business leads gather Fiori Applications requirements

Worked as a SAP Security and GRC Consultant at ITOUCH INFOTRONICS PVT LTD from Jan 2015-March2018.

PROJECT 3:Starhood Hotels Jan 2015-August 2016

Project Type Support
Role SAP Security &GRC Consultant
Team Size 4
SAP Environment ECC 6.0 & GRC

Responsibilities:

 Configurationsettings for Access Risk Analysis (ARA) and maintaining the Rule set to satisfy customer
requirements.
 Performed Configuration settings for Emergency Access Management as well.
 Run the Access Risk Analysis.
 Helping the Basis team Scheduling background jobs for synchronizing Authorizations into Access Control
Repository and monitoring the jobs.
 Activating application in client (SPRO),Check sap ICF services(SICF),Activating BC sets.
 Creating the initial user, Active common workflow, Perform automatic workflow customize, Perform task
specific workflow.
 Creating mitigation controls for customized risks as per business process owners and auditors suggestions.
 Assigning mitigations controls to users.
 Creating the Fire fighter-Id with Emergency access.
 Creation of Roles, Profiles, Authorizations Adding Authorization Objects.
 User administration like creating, modifying and password resetting based on user request.
 Managed and created new users, groups for easy administration.
  Mass user maintenance through SU10 and handling user issues through SU53, SU56 and System Trace
ST01,STAUTHTRACE
 Extensively used SUIM transaction code for security analysis.
 Analyse and fix the missing authorizations.
 Extensively worked on SUIM in generating reports for and analysing authorization issues
 Locking/deactivating accounts as per client request
 Restricting authorizations of fields, field values
 Worked on gathering business requirements, analyzed, built, tested and implemented security
 Designed security structure for development and IT support teams across all systems in landscape
 Prepared test scripts for security unit testing and integration testing
 Handled production cutover activities and go live support
 Created single and composite roles
 Created master and derive roles

PROJECT 4: Johnson & Johnson September 2016-Feb2018

Project Type Support
Role SAP Security &GRC Consultant
Team Size 3
SAP Environment ECC 6.0(Security)

• Working in 24/7 support

• Supporting user creation and change requests
• Managing validity dates of contractors
• Working with user reports group wise
• Changing PFCG roles as per business request
• Adding the roles, profiles to the user upon request
• Creation of Users, Locking / Unlocking & copying of Users.
• Checking SU53 screen and assigning roles as per user
request
• User creation and assignment of roles
• Restriction of regular and temporary user accounts
• Creation of Single and Composite roles
• Ticket handling-related to various issues ranging from user
expiration to missing authorizations
• Maintain password restrictions
• Creation of mass users using SU10
• Locking and unlocking users and analyzing SU53 reports.

EDUCATION:
Qualification Educational Institution / University

B.Sc(Computers) Osmania University

I do hereby declare that all the above information furnished by me are true and correct to the best of my knowledge.

Yours Sincerly,
Basha Shaik.