1. Responsible for remediation/mitigation or risk acceptance of critical MS Windows (OS), Oracle, JBOSS, Adobe, MS SQL & VNC Vulnerabilities (Yellow List) within SHELL Production and Business Critical applications (ERP) Supporting SHELL Upstream, Integrated Gas and New Energy business.2. Lead the timely identification, Remediation/Acceptance or Risk Acceptances based on an evaluation of business Risk ratings3. Responsible for Critical database security configurations review and engage with d/b owners in driving remediation, findings-Actions and Risk Acceptances4. Focal point for evaluating Penetration Testing requirements for Applications, Infrastructure and interfaces in Shell UP/IG/NE from a risk and advisory standpoint5. Pre-Audit Assessments and External/Internal Audit Support

Sr. IT Auditor Corporate Internal Audits Johnson & Johnson1> Conduct Internal Controls Review (ICR), Continuous Control Reviews (CCR) & Pre-implementation Review Audits for IT General Controls & General application controls specializing in ERP (SAP) Platforms : Application security, Change management, Interfaces, Logical and database security, Infrastructures & Project Management2> Control automation for SAP Applications using industry best practices and solutions.3> Led multiple small, medium and large audit engagements independently across multiple sectors, geography and technologies as a Team Coordinator (TC). Involved in Audit Risk assessment, planning, scoping reviews. Drafting Engagement memos and providing periodic Audit review status, dashboards to Audit Leadership team and Management Reporting Company Leadership team. Involved in departmental metrics preparation for Audits.

As a part of J&J Global IT Application Services Supply Chain organization. Responsible for managing SAP Security implementation , Maintenance and Enh. activities across 3 Platforms in EMEA for Pharma group of companies in JnJ.1. Operational Excellence and Project Governance:a. Ensure adherence of SAP Security services to the agreed OLA's/SLA's, SPOC for SAP Security issues (Level 3), managing escalations for EMEA Pharma platformsb. Delivery of SAP Security Enh., Maint. & Operational support Services to be delivered On Time, maintaining highest standards in quality and on agreed costc. Measurement of performance against agreed service levels using Key metrics in an identified frequency across all Factory platforms and providing key inputs to the Governance layers as KPI's, KRI's and CSF's for decision support. d. Designing Service delivery framework and Service catalogs for Service mgmt tool (ERP Factory tool).2. Responsible for cost reduction during the entire life-cycle:a. Reduce costs by adopting consumption based modelb. Responsible for the stability of platforms and getting the cost of Base Business/Support activities down by 15% every yearc. Resource capacity and consumption management3. IT Lead for SAP Security Support & Solution architect for Projects/Enh.:a. IT Lead for Change requests ensuring Peer reviews, Unit test checks are performed prior to Implementation into the Quality environment.b. Implementation of reusable solutions for effort reduction & cost optimization like: Custom tools for Mass user and Role mgmt., IT/Business critical access, SOD conflict, Internal Controls System, System health checkup & User Access Review automation, monitoring and analysis.c. Design and implementation of Tiered FF ID solutions4. Delivery & Vendor Mgmt.a. Delivery & execution of all Support and new Project activitiesb. Managing vendors across multiple vendors to drive operational excellence, cost reduction, & high quality deliverable

Part of the One-IT Apps integrated team in Philips team comprising of 100+ SAP security consultants. My responsibilities were leading the SAP security team (10+) for Healthcare Sector. SPOC for all the SAP security related deliverable's in Support as well as liaising with Project team.Key responsibilities: As a senior consultant, involved in the entire lifecycle of the project right from the functional specification to the maintenance phase Translate functional requirements into solution proposals and technical specifications. Interact directly with ‘Business users’ at the client end for requirements gathering. Responsible for the execution of Quality, Unit and Acceptance Testing and Customer Support.  Ability to architect, design and develop solutions Successfully executed several projects in various roles as technical lead and development specialist. Responsible for SAP Audit Support, ICS/DCM control execution and reporting (Periodic SOD report, Terminated and transferred users check etc.) Monitoring FF Usages and ensuring the necessary controls GRC AC 5.3 for Exposure Mitigation & Remediation of Risks  Configuration of RAR (Virsa Compliance Calibrator), CUP (Virsa Access enforcer), SPM (Virsa Firefighter’s), ERM (Virsa Role Expert) Connector Issues, Standard job scheduling, monitoring and review of reports. Access Request approval and provisioning workflow configuration using CUP workflows  GRC AC10.0 and GRC AC10.1 Executed Proof of Concept (POC) for complete GRC AC 10.0 functionalities in place  Requirements gathering from the Functional/Business teams  Design and customization of Rule-Sets as per the Business requirements and have them validated from the Functional Focal, module leads  Design, Configuration and Testing GRC AC 10.1 Suite : ARA, BRM, ARM & EAM Built Segregation of Duties (SoD) rule set and conduct SoD related workshops.

Part of the SLNA Enable II Project team and single point of contact from offshore.This project was aimed at implementing new dimensional products like BI, EP, and SOLMAN & CRM. My key responsibilities were liaising with the on shore team to collect functional and technical SAP security requirements for design of new roles & Authorization conceptsKey Responsibilities: Functional & technical Specification requirement gathering from project team for Logistics, Manufacturing, Procurement, Finance , CRM, SNC & BI role design Mass Role Build using SECATT & LSMW scripts. Worked Extensively on USOBT, USOBX, USOBT_C, USOBX_C tables for customizing Standard Authority checks for T-Codes. Involved in Customized Z-transaction creation with ABAP team  Table restriction using S_TABU_DIS, S_TABU_LIN , S_TABU_NUM & S_TABU_CLI for Parameterized Table access T-codes. Transport of Security related objects like role transport, organizational element transport. Creation of User group and mapping them to users for Security administration for users Usage of HP Quality center to create Test scripts and use them for Defect management. Worked on Authorization Issues related to Dialog users using su53, user buffer overflow issues using su56 , critical non-dialog user issues like Communication/RFC users, BG and System users using Authorization trace in ST01  Performing and managing technical Upgrades (SU25): - Preparing the system before and after upgrade. - Functional/Business Requirements from the Functional/Business teams and preparing Technical design by liaising with them. - Executed the SAP Technical Upgrade Activities, Adjusted / modified the Authorizations post - up gradation - Transport of adjusted / modified changes to Quality system for Integration testing & UAT support.

After getting trained on SAP Basis for Net weaver Web AS 6.40 my first assignment was into AMAT Business Transformation (BT) project, which was full lifecycle implementation project for various mandatory components like ECC, BI, MDM, GTS, PI, HR/HCM etc. and new dimensional components like SRM, CRM, BPC etc. Being a part of the Security implementation team was able to work on Mass Master/Template roles creation for all of the components. Created multiple Derived roles for Company/Org level restrictions. Created Job/Function specific composites/container roles for IT and Business teams.Key Responsibilities: Gather specifications for ECC 6.0,BI,SCM,SRM,EP,MDM for implementation of roles which are required for the Business transmission After Gathering information creation of Masters, Single, Derived roles in child system, and Composite roles in CUA..  Creation of Analysis Authorization in BI system and assigning to roles . Functional testing support extensive testing in development and quality systems before moving the roles to production through mercury ticketing tool. User Admininstration through CUA. Extensively used mass user creation using(SU10) for mass user creation and addition Of similar roles to mass users.  Worked on Firefighter role creation and Firefighter Id Creation and providing Firefighter access  Worked in GRC 5.3 Access control Suite: RAR , CUP and SPM  Applying Mitigation/Remediation Ctrls based on Risk Id's. SAP OSS (Online Service System) support user activation Worked on SSO user login issues in portal. Generated Security Audit Logs for users using and SM20 for user audit Trail and Configured SAP security audit logging setting suing SM19 Creation of BP type person and company using T-code BP for CRM implementation in Solar Project