The CSL SAP Security Architect working with the wider CSL group to integrate processes and procedures to enhance our ability to serve the organisation and ensure patient safety.

I was accountable for the defining a reusable deployment security methodology for two major SAP programmes within GSK for both the Consumer and Manufacturing businesses, which lead to successful implementations in 115 markets and 12 manufacturing sites with over 55,000 users live.I developed a new approach to managing and delivering the go-lives though out the programme's life-cycle. This meant that with multiple projects in various stages the team of 27 were clear on their responsibilities and the timelines they were working to, with clear direction and the time to complete the activities the team operated very effectively in delivering everything that was required.The delivery of the Consumer ERP (CERPS) and Manufacturing ERP (M-ERP) solutions were delivered on one platform which meant I had to ensure the template solution was fit for purpose and enabled the business processes to operate as expected by the functional teams and the business.As well as developing the security solution for the CERPS and M-ERP systems I was also accountable for ensuring that the end users were correctly mapped to the correct level of access to enable them to work within the system. To define the process I facilitated workshops with business stakeholder, training teams and my members of team..Within my team I had a dedicated group that was responsible working with the business to identify the people within the organisation that would required access to the system and what their duties were. This information was then used with the Business Change & Engagement team to identify the training requirements for all of the people that were going to be using the system. The information was also used identify the access required for the users.Throughout the programme I was responsible for attending meetings to ensure that proposed changes to the template would not have a negative impact on what had already been implemented and that would be the most flexible solution going forward.

I established a GSK Global qualified three tier Robotic Process Automation (RPA) landscape that is used by the seven Business Units within the organisation, along with the process to establish virtual desktops for developers and for the Bots to use. As a result of the landscape and processes I wrote significant cost savings were realised within the first three weeks of operations for the first two Business Units to employ the Automation Anywhere RPA solution.To enable the three tier landscape I worked with stakeholders from the Platforms, Tech Operations, Quality Risk & Compliance, Finance Risk Management and RPA leads from each of the Business Units, to establish effective processes to provide the servers required for the Automation Anywhere solution.I then carried out the implementation of the software on the development server, at the same time, authoring the Technical Installation Plan. Working with reviewers and approvers from my group and QRC the TIP was approved which enabled the installation of both the Quality Assurance and Production systems to classified as Qualified.I worked the same stakeholder groups to document the process for establishing Virtual Desktops, the existing process for Virtual Desktop was not sufficient for the RPA solution.In addition I wrote guidance notes, standards and process for the development standards, the use of the Automation Anywhere Control Room and Automation Anywhere Client as well as working on the documentation of the transportation method, which was not present in the vanilla Automation Anywhere solution.

I managed a small team that transitioned from a legacy user management solution to shared GRC 10.0 solution, that required 9.2 million lines of data to be transformed and 124,000 users to be synchronised with the the data sources and 12 connected SAP systems.

I delivered independent assessments, and effective and efficient Control Reviews to evaluate and improve the design and operating effectiveness of the Internal Controls over Financial Reporting (ICFR) and meet the internal control accountabilities and Management Assessment under BP’s Management Framework and compliance with the Sarbanes-Oxley Act.The reviews were done through a framework I developed with senior stakeholders which included:1. Evaluation Planning - developed work plans for tests of operating effectiveness of key internal controls, including scope, effort and timing.2. Testing - performed the performance of process and system walk-through and limited detailed control testing.3. Consultation - provided internal control expertise to business segments through Control Evaluation Template reviews, tests of operating effectiveness and requests for assistance.4. Project Management - organised work and resources effectively to accomplish assigned tasks while minimising disruption to accounting service providers and business segments.5. Business Process Analysis - utilised knowledge of and exposure to broad processes to identify areas for process standardisation, simplification or improvement.Provided controls and processes expertise and advice in a consulting and advisory capacity to the organisation as required and identify areas for standardisation, simplification or improvement.Identified, share and embed internal control best practices throughout the BP Group and demonstrate a strong understanding of internal controls, business process analysis and risk assessment.

I championed of the continuous improvement and global alignment of security and compliance standards, policies and procedures while facilitating the end-to-end process design for Security and Compliance solutions within the Enterprise Systems footprint, including linking in with the Information Architecture and Technical Architecture team.I conducted architecture security reviews for projects and provides linkage into Enterprise Architecture and Digital Security. Assured project compliance with the ES Architecture and existing SAP templates for security. Accountable for the integrity of the end to end process design/solution within the ES footprint and owner of the ES Functional Design Authority for the Security set-up and risk management.