Please find attached a copy of my update Resume.Available for Contract 1099, W2 or Permanent

Cameron International, Houston Texas. Executive level support for a SAP Security project involving “carving” out a business segment of 850 employees, selling that business segment to an international oil company. Day 1 of a scheduled six month project is 02 June 2014. Stood by and provided SAP Security advice and guidance where needed. The SOW changed with final agreement between buyer and seller. The agreement called for no changes in access to SAP and precipitated rolling this consultant to another project. This SAP Security was slated to administrator and be responsible for all areas and modules in the environment.

2013 – February 2014 (1 year)|Los Angeles, CaliforniaHondaDesign, Testing, and build phase of new SAP implementation, working with IBM Security team, E&Y and Honda to build roles for support personnel and Production Users on ECC. Modules in SAP ECC, SRM, GRC, BW/BI BPC, XI/PI, and Web Application Server (WAS), Roles and groups. Provided defect analysis for Functional Unit Testing (FUT) of Security Roles. All changes made in SU24 with Transaction transported from Dev to Testing client system, used SU53 and ST01 trace to identify missing authorizations. Used Technical Design Documentation and Rapid Deployment stratigy, provided by Risk & Compliance to build Roles. Analyze Test scripts execution to determine if reported SU53 authorization error is valid. Actively provision users and obtain approval for SAP Access Requests, for new and existing users, basic or additional access using SharePoint as request tool.

SAP Security Consultant for IBM through NG to GCSS Army. Audit Readiness and implementation.April 18, 2013 completed the IBM Orientation in Herndon, VA, now working on a SAP implementation in Richmond, VA through Northrop Grumman to GCSS-Army. This is a Security Administrator position of trust with the US Government. Currently writing technical documents in an audit environment related to reporting, monitoring, and sustainment issues to improve and streamline existing policies and procedures and creating Standard Operating Procedures. Generally non-clossified information.

Mine Safety Appliances (MSA) through Novus Consulting13 February 2013 to March 31, 2013SAP Security Consultant on site and remote Cranberry, PA. Currently consulting on analysis of SOD issues, using a new GRC tool, named SYMSOFT Control Panel. Also daily maintenance of Roles and users for a Global SAP implementation project, currently dealing with Germany and France. Utilizing standard set of SAP authorization maintenance transactions and skills.

Responsible for SAP security leadership in on/off shore model, duties GRC approvals, assignment of FF, Role change control through Solution Manager and stage review process from Change control Board. Enforcement of strong SOX controls including storage of change Chain of Evidence in a digitally signed DB. Break fix for roles, changes in positions through Compliant User Provisioning CUP. Provide reports to management on all changes on SAP. Mandatory completion of compliance training on periodic times schedule. Participate in daily conference calls to report on security issues incidents and progression of scheduled changes through Change Control Board. Secure access, to a large landscape of SAP Application Servers, termination of users, locking of transactions, updating tables, reports automation, more: Rochester NY, November 27, 2011 > March 23, 2012. Worked as a Security consultant on authorizations for a BW upgrade project from 3.x to 7.0. Analyzed the Client requirements on Analysis authorization from SOW and prepared the detailed project plan for the analysis authorizations implementation. Existing BW 3.1c Security Business Reporting Authorization Roles to be re implemented in Upgraded BW 7.0 Environment with no change in security design. BW System Administration Roles to be retained in same version 3.1c post upgrade to Version 7.0. Security features, limited to technical upgrade, need to be implemented to the upgraded R/3-4.7 to ECC 6 environment. Functional upgrade including Role optimization will be taken in future projects. Collected all pertinent information needed to create analysis authorizations. .

Advised client on conflict resolution with rules in Separation of Duties (SoD) matrix loaded into the Security Weaver (SW) suite of tools. Conflicts are defined when one SAP end-user has the authorization to accomplish a possibly fraudulent act without collusion or assistance from someone else. Used simulation in SW tool to ascertain what changes were needed to remediate conflicts at the Role, and User levels. Skills used with SAP tables, SW tables, authorization objects, transaction codes, activity levels, Organization Levels, Structured authorizations, and experience with SAP modules to provide a fix. Manager reference is available.

Worked with role changes to comply with recommendations from external audit to remove critical authorizations from Production roles, and daily change requests from employees. Required skills employed include analysis of missing authorizations, obtaining approval to grant access and transport new access to test in QA and upon proof the new authorizations work as required transport to Production. Employee replaced by a new Bangalore team for SAP Security support.

Not employed in SAP related work, and recovery from extenuating circumstances

Consulted with project management and business units to validate User Master data and configure Virsa Compliance Calibrator for future external audit. Worked closely with the security administer staff to provide validation and create reports for mitigation or remediation of conflicts at the user level. Delivered documentation i.e. instructions specific to running and configurations for the Compliance Calibrator. Provided a step by step plan to move forward with resolving discrepancies issues in regards to segregation of duties. Client released this consultant one week early do to cost saving measures, by corporate management.

Center for Continuous Improvement CCI, a SAP implementation Project with extensive HR component and sub components. The security team of twelve administrators is organized in silos. Management responsibility in Finance security administration and role redesign for compliance. The activities surrounding this duty are as follows; discuss issues with proponent clients, obtain written approval from designated owner/manager, ensure Role Change and Impact Analysis forms are attached and are technically correct. Create or modify security roles in DEV, create testing type users in DEV, analyze authorization errors, implement fix and re-test. Insist that the proponent client accomplishing the testing actually writes “pass” in the Notification ticket as evidence to the future auditor. Then create a transport to move object to the Quality environment and test again. This includes Development, Quality Assurance and Production, landscapes in accordance with the rules and regulations prescribed by Southern California Edison. Obtain approval from Finance management and administered assignment of Fire Fighter IDs for temporary access to sensitive transactions like SE16 and SM30. Utilized transactions PA20, PA30, AP40, and PO13 to provide test users with structured authorizations in the Quality environment. Use of Mercury Quality Center software to formally document and test all steps in the process to move objects to Production. The SAP application “Notification” to document steps taken and obtain approvals, T-Codes IW22, ZIW28 and IW66. Other: Interface with Organizational Readiness to obtain approval for user audience changes and assignments to Production users. An additional sub-project duty was P2P Implementation for Finance:

Strategic Modernization Initiative (SMI); a massive new implementation of SAP on a Global scale, 1700 users with positions (composite roles); modules: ECC, SRM, CRM, SCM, EP, XI, & BI, Duties include Production authorization analysis and non-production support. Create users, Role/Position creation and modification, mass changes, transports and imports, troubleshooting authorizations, defect processing (Mercury Quality Center). Schedule and attend meetings with business process and development teams for solution initiation and follow-up to provide smooth transition for go-live activities.

Title: Managing Security Administrator; Environment R3 4.6C, ECC-5, ECC6, APO, BI 7.0, CRM 5, SRM, SCM and Inventory Collaboration Hub (ICH) systems. SAP realization phase development of roles for cutover team lead, production support, and end user management in a P2P implementation project. Engaged by management in a complete life cycle for Business Intelligence 7.0 from collecting requirements to implementation, also redesign of BI 7.0 Analysis Authorizations, modification and repair of previously migrated Analysis Authorization for Business Intelligence (BI) not working correctly in production. Used Rev-Trac change management software for the control of transports reflecting modification to roles promoted from development to QA and to production. Recommended, installed and utilized results for the new Security Weaver tool for SOD identification, remediation and/or mitigation Experience gained with SRM users_gen tool for mass generation of suppliers and user mapping for system access UME on Enterprise Portal authorization objects, parallel roles needed for back-end server.

Created basic roles containing basic transactions for ECC 6 FI, MM, WM, IM, and BW/BI. Educated the client on how the BI 7.0 module can best be used for improvement of sales and procurement efficiency, also provided demonstrations on role examples and data mining. Developed security policies, procedures using industry best practices. Business Intelligence analysis authorization objects developed for info-objects, and segregation of report display. Responsible for direct interface with management, and subject matter experts to conduct integration testing and adjust authorizations User population of 310 results in many segregation of duties issues to be mitigated or remediated using industry best practices. Created and implemented a change management procedure to document approval for security changes to be moved to QA and Production clients. Utilized SU53 error messages and ST01 system trace, feedback from users to determine missing authorizations. Researched and scoped a special project with the goal to hide the display of cost data for finished products and resale items. This involved transaction variants and screen sequences to hide data.

Environment ECC 6 HCM, FI-CO, IS-U/CCS, MM, WM, IM, BW/BI, APO, CRM, SRM, and SCM Troubleshooting duties included were for missing authorizations and requests for additional access for IS-Utilities, users, billing, and position authorizations. Use of GRC-Compliance Calibrator (Virsa), Governance, Risk & Compliance, Fire Fighter and delivered SAP ECC 6.0 diagnostic tools, profile generator, data browser, and CUA . Reviewed and approved IT Service Requests for Segregation of Duty, Federal Energy Regulatory Commission (FERC) compliance, and Environmental Health & Safety (EH&S), Modules here R3, APO, BI, CRM, SRM, SCM Skilled use of SU53, ST01 and experience to analyze and ascertain the missing authorization or transaction as well as determining that the error is not security related Collection and storing proof of approval evidence from business owners for allowable access and exceptions to regulatory issues.

Mazda Motors – Irvine CA, 03 July 2006 to 28 July 2006 Title: Lead SAP Security Consultant; ENVIRONMENT ECC 6 This three week period was distinguished by successful work for two clients simultaneously. Worked at Mazda during the day and remotely for Anspach at night from my hotel room. Traveled to Irvine CA for Mazda and connected through the Internet to FL for the remote work with Anspach. Mazda needed to make corrections to their Basis, Developer, Security roles. Anspach Medical – Palm Beach Gardens, FL, 03 July 2006 to 21 July 2006 Title: Remote SAP Security Configuration; ENVIRONMENT ECC 6 Remote Profile Generator Role Design Client needed new roles created according to a predefined set of criteria. New roles created using client defined naming convention and transactions including all R3 modules and HR structured authorizations. Created transport requests and transport documentation, including a file containing the requested transactions, assigned transaction from SAP, and an HTML document for each role showing authorizations as seen in the profile generator. Both customer were very satisfied with the work and invited me to come back at a future date.

Environment ECC 6 R3, APO, HR, BW, CRM; Security monitoring with Virsa Compliance Calibrator, (GRC) duties included monitoring super users access to production systems, conflicts in Roles, and users. This consultant was assigned the task of title of Monitor for CRM Bill Payer Direct and Enterprise Buyer Professional using GRC best practice methods. Virsa administration, Creating mitigation controls for users, and Roles in Virsa, creating monitors/approvers, business units, associated risks, mitigating monitors, users, roles, and profiles. Develop reports and export data to Excel, for Business unit review. Simulated additional transactions added to Roles, for assignment to existing users to determine possible segregation of duties conflicts. Run weekly reports of user groups in Virsa and manage Security Enhancement Requests for compliance of critical transactions with respect to SOD requirements.

Environment ECC 6 modules will multiple landscapes: Responsibilities included: Lead an operational security team, development of Change Management best practice procedures, with respect to transport management, authorization object testing, production support, and driving service improvement. Utilized root-cause analysis to drive down incident numbers, and manage the efficiency of offshore resources. Escalate high priority and unusual break/fix SAP authorization issues to management. Reported on Service Level Agreement performance; wrote detailed procedures to hand off tasks to offshore resources. Wrote strategic and tactical plans to collect data for Root Cause Analysis of problems and calculate costs and efficiency of offshore resources. Duties include: Handling high level high priority changes in the SAP landscape needed by business customers, and documenting changes in the Lotus Notes application Roles & Security Database, and in the Change Request Database. Managed the assignment of work tickets to specific technicians or service groups

Environment R3 4.6C, ECC 5.0 Supervised and mentored Glatfelter Security employee in SoD best practice and hands on operation of security transactions and tools. Worked with Information Technology, Basis and Internal Audits to identify and mitigate SAP security issues and segregation of duties (SoD) issues in major modules of SAP FI-CO, MM, SD, PP. Utilized audit reports from previous audits to isolate SoD issues and mitigate as required. Researched and implemented changes using the SAP transactions, associated with authorizations and roles to comply with Sarbanes Oxley. Installed and configured PCI Sentinel tool, to identify SoD issues in a fresh client copy of SAP production instance to identify conflicts. The PCI Sentinel tool was used to automate the process of identifying high risk SoD conflicts. Analyzed and customized the audit criteria to fit the client’s authorization structure and address high risk conflicts.

This consultant was responsible for development of an effective SAP security architecture to facilitate support GRC activities. Consultant did proactively identified opportunities to solve business problems, by combining process improvement with systems implementation. As part of the Sarbanes Oxley remediation project did create Test Users and Test Roles in R/3 major modules FI-CO, MM, SD, PP, BW, and CRM development and quality assurance environments, to mitigate identified excessive access that exists with business users. Identified transactions, authorization objects, reports and programs that the business users required by use of Security Audit log, System Audit Log and System Trace (ST01), as well as use of SE16, to view tables and SE38 for programs. This consultant did initiate meetings to collaborate with Basis, business users (SME), to educate them on security methodology and conflict issues. Managed service desk calls on a 24x7 basis through Infra-enterprise system to make approved changes to user roles. This consultant rewrote policy and a procedure to administer the changes control process. Created and customized roles throughout the development lifecycle, for use by SAP Security and Basis, this involved using the t-codes and auth-objects gathered through the trace and creating a new role that contained only those authorizations necessary for the system user to accomplish day to day SAP business functionality. Mentored and coach staff to create a communicative and productive working environment.

Environment R3 ECC 5.0 SAP / SOX Compliance ProjectConsultant provided project leadership and SAP R/3 audit team support to a large scale client who is committed to documenting all existing Information Technology controls and deficiencies, in accordance with section 404 of the Sarbanes-Oxley act. Client has many business locations and numerous systems from recent accusations making a complex and challenging mix of systems and cultures. Major duties were: Documentation of existing controls, annotating deficiencies and remediation for continued improvement of the control processes over IT systems. Team Leader responsibilities include time and expense reporting, travel planning, documentation analysis for a team of twelve consultants. Interfaces with client management, compose progress reports, and ensure compliance while applying security and IT skills. This project had top management support and was well funded in preparation for an external audit. Client discontinued funding after initial assessment for compliance.

Environment Microsoft OS, application servers and suits: This engagements goal was to assist the client with improving internal security knowledge and consult its customers with issues related to Sarbanes Oxley compliance. This time frame proved to be too early in the compliance life cycle for publicly traded companies to start work on SOX compliance issues. In an effort to profit from this consultants expertise the client chose to contract me out too its customers to install Microsoft Server 2003 and the Active Directory, this proved to be successful for the duration.