Name T.

Rajesh
Designation SAP Security GRC Consultant
Mobile Number +91 9972144741
E-Mail Id tiruvedhularajesh@gmail.com

Objective
Aimed to serve as a SAP Security and GRC consultant in dynamic and challenging environment with
latest trends towards the growth of Organization.

Work Experience & Professional Summary

 Around 6 years of experience as SAP Security & GRC Consultant on maintenance, troubleshooting
and day-to-day support.
 Experience in Security administration in ECC 6.0.
 Fiori Security: Creation of Catalogs, Groups and Tiles, adding them to roles in Embedded Systems,
Mapping of Odata Services and Generating data for USOBHASH table, Troubleshooting Authorization
issues in Fiori.
 Exposure to Analysis Authorizations and Standard Authorizations in BI 7.0
 Security Administration: Maintained SAP Security in terms of creating(users& roles), assigning (roles,
authorization) to users using Profile Generator.
 Configuration of Central User Administration (CUA)
 Implementation of GRC AC 10.1 & 12.0(EAM,ARM,ARA and BRM)
 Very good working knowledge of BRF+ and MSMP
 Provided End-User Training on GRC AC 10.1 & 12.0
 Good Exposure to BPC 10,1 Security
 Performed all the Marketplace Activities
 Can handle responsibilities as a proactive team member.

Technical Competency:

 ERP Apps: SAP R/3 ECC,BI Security, SCM,CRM & SRM, Fiori & Hana
 Operating System: Windows.
 Security Tools: GRC AC 10.1 and 12

Educational Qualifications

 Completed B.E., in 2011 from CIT Karnataka.

SAP Security Skills

 R/3 User administration like creation of users, deletion of users, locking & unlocking of users,
resetting passwords of users, users monitoring etc.
 Role administration like Designing/redesigning various kinds of roles (Derived Role, Composite Role
and Single Role).
 Analysis of SU53 logs and ST01, STAUTHTRACE Trace logs.
 Restricting users by user group as per business requirement.
 Restricting table access through authorization groups.
 Preparing and analyzing reports in SAP using SUIM, and security related tables.
 Supporting to internal & external auditors
 Extensively worked on GCC, BCC, 90 days super user access reports extraction.
 Monitoring the critical T-codes & authorization objects for the Basis.
 Worked on SAP Check Indicator Defaults and Field values SU24.
 Worked with AGR_1251,AGR_1252, AGR_AGRS, AGR_USERS, AGR_DEFINE tables.
 Involved in Table level ,program, Debug access authorizations restriction.
 Mass user maintenance such as mass user locking, unlocking and assigning roles to the mass users
for the business convenience.
 Used SUIM to find out the Roles with required Authorization object or with required Authorization
values.
 Single and mass roles Transportation from one system to another system.
 Adding the standard and customized t-codes into the roles.
 Worked on ticketing tool to resolve the issues & problems.
 Transported newly created and modified roles from DEV to QAS and PRD.
 Creation of User Groups and maintaining the users.
 Supported user administration for the production, development, and test environments.
 Creating derived and composite roles as per Business requirements with proper approvals.
 Existing roles modifications as per business requirements based on proper approvals.
 Creating Transport requests and Transport proposals (TP).
 Create, Release transports for roles across the SAP system landscape

SAP GRC AC 10.1:

 Having experience in ARM for creating Access requests for one user and Multiple users
 Forwarding Access requests from one approver to another.
 Creating Access request in ARM by copying from other access request.
 Generating risk analysis report for users and roles in ARA.
 Generating Firefighter log review report and cancelling Invalid Logs.
 Creating Firefighter ids, Controllers and Owners.
 Assigning Controllers and Owners to Firefighter id’s in EAM.
 Creating Access Control Owners in GRC system and maintaining in NWBC.
 Generating EAM reports periodically like Consolidated Log Report, Firefighter Log Summary Report,
Reason Code and Activity Report, Transaction Log and Session Details…etc.
 Sap access request on behalf of users in ARM tool.
 Running SOD risks in ARM forms for users.
 Performing risk analysis for users and roles.
 Running Risk analysis in simulation mode at user level and role level.
 Creating functions, risks and generating rules.
 BRM mass role upload into GRC tool.
 Creating mitigation controls and mapping the mitigation owners to users.
 Assigning mitigation controls to users based on risk analysis.
 Troubleshooting ARM, EAM,ARA & BRM Issues and fixing the issues.
 Hand on experience on BRF+ rules and MSMP configurations

Professional SAP Experience

Client: 1 ITC- Hotels

Project Contribution:
 Managing User and Role Management activities across Landscape
 Extracting and reporting on SUIM reports for complex user and Role information requirement.
 Created Master – Derived Roles where ever organization level access had to be restricted
 Configuration of Centralized EAM
 Assigning an owner to Firefighter ID and Firefighter ID to Controller and Firefighters.
 Generating Firefighter Log Reports.
 Troubleshooting Access Control Requests using Audit Logs
 Configuration and Troubleshooting Workflows using MSMP and BRF+ for New, Change, Lock and
Delete Account
 Configuration of UAR Review for Semi Annual Review
 Configuration of Simplified Access Request.
 Configuration of Password Self Service and End User Login
 Configuration of SLA's for Controllers
 Importing of roles into BRM on a weekly Basis
 Replacing Role Owners, Risk Owners, Owners and Controllers using Mass Maintenance
 Monitoring Sync Jobs on a Daily Basis
 Modifying of Rule sets and importing them into Production etc.

Client : 2 Merck(Marlabs)
Role SAP Security Consultant
Platform ECC 6.0
Duration Mar 2016 – Apr 2018

Project Contribution:
 Comprehensive use of Profile Generator to generate roles and assign roles to users.
 Created and maintained Single, Master, Derived and composite Roles
 Perform user administration creating and maintaining user accounts.
 Worked with security related tables like AGR*, USR* etc.,
 Supporting to the internal & External Audit
 Mass user and profile comparsion.
 Worked with Critical auth. objects like S_TABU_DIS and S_TABU_NAM to restrict access.
 Extensively used SU53, ST01 and SUIM to assign the missing authorizations to the users.
 Resolved Authorization issues by adding Authorization Objects manually.
 Suggesting appropriate roles based upon the SU53 screen shot for solving missing authorizations in
production
 Authorization checks using transaction SU24 and maintained check indicators for Transaction
codes.
 Monitoring the Critical T-codes & Authorization objects.

GRC 10.1
ARA(Access Risk Analysis)

 Generated risk analysis report for users and roles in ARA. if any unmitigated risks reported
reporting to role owner
 Running Sync jobs(Authorization sync , Repository object , Action usage and role usage sync )
 Running Risk analysis simulation mode at user level and role level to find out the potential risks.
 Creating the Business process, Business sub-process, F unction ID , Risk ID and generating the rules
against risk Id
 Maintaining the custom T-code in rule book.
 Creating the user id's for Function approver , Risk owner, mitigation monitor & Mitigation
Approver.
 Assigning Risk owner, mitigation monitor & Mitigation Approver in Access control owner &
organization.
 Creating the mitigation control id against risk id and Assigning user or role level assignment
 Publishing the risk analysis report to role owners quarterly.
 offline mass mitigation for huge mitigation Assignments.

ARM(Access Request Management)

 Raising the Access request or New Account , Change , Information ,lock, unlock & delete account
requests.
 Copy the access requests for existing users.
 Approving /Rejecting the access request as security admin
 Maintaining GRC Approvers , role owners in MSMP
 Importing the role's to GRC system
 Troubleshooting ARM request.

EAM(Emergency Access Management)

 Creation of FF ID'S in satellite system with super user type and super privileges access
 Created the FF ID Controllers and Owners , Firefighters.
 Assigned Controllers and Owners to Firefighter id’s in EAM.
 Created Access Control Owners in GRC system and maintaining in NWBC.
 Generated EAM reports periodically like Consolidated Log Report, Firefighter Log Summary
Report, Reason Code and Activity Report, Transaction Log and Session Details…etc.
 Changing FF ID owners & controllers in NWBC

BRM(Business role Management)

 Creating the Single , Master, Derived , Composite and Master roles