SAP Security & GRC Consultant

SAP GRC/Security Consultant
See details below in Project Engagements.

Goal: Enable the organization to be able to demonstrate compliance with GDPR.
Responsibilities: Overall responsibility for project planning, project execution, Steering Board reporting.

Goal: Organization and business process redesign including, replace legacy systems with SAP and implement a consignment stock ownership driven business model.
Responsibilities: Responsible for analysis, design and development of all required authorizations for all German end users, outsourced resources and internal consulting organization. Rollout GRC and user management.

Goal: To implement a new business model with consignment stock ownership for 12 countries.
Responsibilities: Overall responsibility for design new roles that reflected the new business model. User management. Project support.

Goal: Replace legacy systems and implement a retail driven business model including an automated warehouse with SAP AFS and SAP EWM. Project success was critical, as Japan is the most profitable market for the client.
Responsibilities: Responsible for analysis, design and development of all authorizations. Enhancement of current authorization concept in SAP AFS. New authorization concept for EWM (Fiori) and a new User Provisioning processes in SAP GRC. Introduced an easy to understand business role concept based on business roles coupled with easy to use user management process in SAP GRC.

Responsibilities: Operational support. Role maintenance. POC and approval in SAP IdM

Duration: July 2015-August 2015


Project: Greenfield SAP ERP 6.0 IS-Oil Implementation
Role: SAP Authorizations Consultant and GRC Consultant
Client: IBM Slovakia
End client: Slovnaft (Oil&Gas)

Mission: After acquisition the new owners MOL Hungary decided to replace a high number of legacy IT-systems based on Oracle by implementing SAP ERP 6.0 Oil and HCM, upgrade MOL Hungary GRC Access Control to 10.0 and roll it in together with SCM and BI.
Responsibilities:
• Participate in developing an Authorizations Concept mainly in FI, CO, MM, SD, PS and BI roles in PFCG and RESECADMIN. SU24 maintenance. Responsible for creating an authorization solution for the Global Master Data-team.
• Build access rules from business/audit defined SoD matrix and upload them to SAP GRC Access Control 10.
• User account management. Mass user provisioning based on position/task/role mapping developed in MS Access.
• GO-LIVE/Hypercare support.
Duration: June 2014-Nov 2014


Project: SAP GRC Access Control 10 implementation - Compliant User Provisioning

Mission: To design, develop a template solution with a new user provisioning process using GRC Access Control 10 User Provisioning featuring an approval workflow and embedded SoD risk analysis. Implement the suggested solution in Hong Kong as a pilot and evaluate before further rollout. In addition basic configuration of Business Role Management that served as a repository for master data.
Responsibilities: Lead the development of a new User Provisioning processes and configure application accordingly. Preparation of master data uploads in BRM. Mentor junior consultants. Technical issues management and resolution. Conducting workshops with both business and Internal Audit. Brief project steering board including CIO and Director of Internal Audit.
Duration: May 2012-Oct 2013


Triumph International (Fashion) - SAP Access Control 10 implementation - Risk Analysis & New Authorization Concept

Role: SAP GRC/Authorizations Consultant
Mission: Replace legacy authorization tool/concept with a new SoD-free Authorization Concept based on the master/derived principle and SAP GRC Access Control. Identify business owners for user access and move accountability from IT to business. Identify business risks and build rules. Consolidate all user ID's across all systems. Replace the legacy firefighting tool with SAP GRC Emergency Access Management.
Responsibilities: Technical configuration of the development and productive environments. Identify and report application issues during the ramp-up phase which were communicated and resolved together with the vendor. Optimize user roles.
Duration: July 2011 - Sep 2012


Project: SAP BOBJ GRC Access Control 5.3 implementation - RAR and FF

Client: OKD, a.s. (Mining)

Role: SAP GRC Consultant
Mission: Define relevant SoD risks and implement SAP GRC Access Control to be able to detect SoD risks in the ERP environment. In addition, also implement the Firefighter component to enable monitor super user access.
Responsibilities: Co-authoring the business blueprint. Assisting with the installation in a Microsoft Server/Oracle environment. Configuration of Risk Analysis and Remediation, Superuser Privilege Management. Conducted rule-building workshops and perform end user training.
Duration: Sep 2010 - Dec 2010


Project: SAP GRC Access Control 5.3 implementation

Client: Zentiva Group a.s. (Pharma)

Role: SAP GRC Consultant
Mission: Implement a sustainable, automated solution that provides end-to-end automation for detecting, remediating, mitigating, and preventing access and authorization risk in corporate ERP, SRM and SCM systems.
Responsibilities: Conducting risk recognition workshops with business representatives. Installation and configuration of a two tier SAP GRC Access Control 5.3 on Redhat Linux/Oracle. Training of security administrators. Create application authorization concept. Workflow analysis, design and configuration for CUP and ERM (BRM). Implement Password Self-Service. Integration with LDAP.

Member of a five men SAP Security Team responsible for the security of the SAP landscape and providing 3-level support to 4000 SAP users worldwide. Apart from our project commitments (described in detail below) our operational tasks included authorization development/maintenance, user maintenance in both CUA and SAP GRC 10, SoD violation reports, controls executions and housekeeping and assisting external audits.

Apart from various project commitments (described in detail below) also responsible for the administration and maintenance of the company servers and demo systems. Patching, licenses management and backing up SAP systems. Installing, configuring, evaluating and upgrading new software in ramp-up programs.

• Ramp-Up installation, configuration and evaluation of SAP Identity Management 7.2, SAP Process Control 10, Access Control 5.3 & 10 demo systems.
• Installation and implementation of Solution Manager 7.0 (Maintenance Optimizer) and SAProuter including SAP Service portal connectivity.
• Implementation of HCM (OM&PA)
• Install and technical setup of BI 7.0
• Demo SAP Authorization Concept. (Analysis, creation of additional org units, roles creation, profile generation, derivation, testing)

Role: SAP Security Consultant/Presales

Mission: Help clients to detect and report possible SoD conflicts on both role and user level in various SAP environments. To showcase the capabilities of SAP GRC with the intention to sell an implementation project.

Responsibilities: User and authorization data extraction from at client sites. Uploading user and role data with LSMW and eCATT. SoD Analysis with GRC Access Control 5.3 and CONFLEX. Aggregate analysis data, interpret and translate the findings into business language. Review of the authorization concepts, the user provisioning policies and suggest on improvements. Write the audit reports.

Contribution: In three cases, the analyses led to subsequent purchase and implementation of SAP GRC Access Control.


Project: SAP GRC Access Control 5.3 and SAP Identity Management implementation

Mission: Implement an automated end-to-end solution for identities, user provision with embedded SoD-analysis by implementing and integrating SAP GRC Access Control 5.3 and Identity Management 7.1.
Responsibilities: Together with SAP CR develop a solution where I was responsible for the SAP GRC part and SAP CR the IdM part. Installation and configuration of a single tier landscape. Training of security administrators. Conducting workshops with competence center members.
Duration: Sep 2008 - Feb 2009


Project: CONFLEX Implementation
Client: RWE Transgas, a.s. (Utilities)

Role: SAP FI/MM Training Consultant
Mission: Rollout of SAP ECC 6.0 and IS-Utilities after merger between Slovenske Elektrarne and ENEL.
Responsibilities: Key-users training, testing and documentation during new implementation of SAP system (ECC 6.0 SAP IS-Utilities) for area of purchasing, stock movements, accounts receivable, accounts payable etc.

Duration: Oct 2008 - Dec 2008
Project: SAP ECC 6.0 Upgrade Project

environment.
Responsibilities: Participate in project meetings and rule building workshops. Adjust SoD conflict matrix. Perform end user training.

Duration: Feb 2008 - Apr 2008

Project: SAP ECC 6.0 Roll-out
Client: ENEL a.s. (Utilities)

Mission: Technical upgrade from SAP R/3 4.60 to ECC 6.0 with IS-Beverage.
Responsibilities: Preparing, administrating and execute unit and integration tests incorporating FI, CO and MM modules.
Duration: Aug 2007 - Nov 2007

Responsibilities included categorizing invoices, their legal completeness; determine key attributes such as tax code, approvers and authorization level, before further processing by the data entry administrators. Process control duties and trouble shooting.

Production manager at the second biggest tabloid in Sweden. Responsible for technical completeness of the graphical files and subsequent electronic distribution to six different printing plants across Sweden. Coordinating the work with the prepress staff at the plants to meet tight deadlines during night shifts.