Anil kumar sap security and grc consultant
•Download as DOCX, PDF•
0 likes•477 views
Anil Kumar has over 4 years of experience in SAP security, GRC, and auditing. He currently works as a Solution Delivery Advisor for Deloitte USI providing maintenance and support for SAP systems. His skills include user administration, role development, GRC access control, and performing ICS audits. Previously he consulted for Yash Technologies and Wipro Technologies where he supported SAP security, GRC, and 24/7 production systems.
More Related Content
What's hot
What's hot (19)
Similar to Anil kumar sap security and grc consultant
Similar to Anil kumar sap security and grc consultant (20)
Recently uploaded
Recently uploaded (20)
Anil kumar sap security and grc consultant
- 1. Sensitivity: Internal& Restricted ANIL KUMAR Email:mailtoanil.kumar1@gmail.com Phone:+91 9066740788/7019051003 PROFESSIONALSUMMARY: Work Experience : Presently working as a Solution Delivery Advisor with Deloitte USI since Jan 2019. Have 4.6 Years of experience in SAP Security R/3 / ECC 6.0 and GRC 10.1 and ICS audit. This includes Client Interaction and working with different teams (functional, ABAP & Basis) with various support activities. Extensive experience in SAP Security Administration & Authorization. Having a good hands-on experience in GRC Access Control 10.1 Skill Sets ERP Skills SAP Security & GRC 10.1 ECC Security User Administration, Role development and Administration, Troubleshooting GRC 10.1 Support on ARA, ARM, EAM, BRM, mitigation control, connector issues, ECC system integration with GRC, knowledge on configuration for user provisioning – Access Control (MSMP). TOOLS Service Manager 7, Service Now , MS reporting tools, Remedy New Tools & technologies SAP Audit Management, SAP UI Masking(Basic), GRC 12.0 Web enabled firefighter, SAP UAR Organization 1 : Deloitte USI Role : Solution Delivery Advisor Project : Maintenance and support of entire SAP system(Teleflex) Duration : Jan 2019 – Till now Teamsize : 5
- 2. Sensitivity: Internal& Restricted Organization 2 : Yash Technologies Role : Consultant - GRC and SAP Security and Authorization. Project : Maintenance and 24/7 Support of the entire SAP Systems(SLB). Duration : July 2018 – Nov 2018 Teamsize : 10 Organization 3 : Wipro Technologies. Role : Consultant - GRC and SAP Security and Authorization. Project : Maintenance and 24/7 Support of the entire SAP Systems(Philips). Duration : February 2015 – June 2018 Teamsize : 15 Members. TECHNICAL SKILLS: SAP Security Skills User administration involvingcreating users, modifying users, copying users, deleting users, assigning roles & profiles using SU01, Mass User Maintenances with the help of SU10. Proficientin use of standard security administration tools such as ProfileGenerator for Authorization Profiles/Roles administration. Creation of Single Roles, Composite Roles, Derived Roles using PFCG and assigning to Users and perform user comparisons. Day to day User management, role management and transport management activities. Monitoring the critical transaction codes and ensures that they are assigned to the concerned users only. Good working knowledge on Tables like AGR*, USR* to provide the solutions based on the client requests. Extensively used SU53, ST01 & SUIM to assign missing authorizations to the users. Expertise in restricting the Table access fora user by using S_TABU_DIS. Expertise in restricting Reports access fora user by using S_DEVELOP &S_PROGRAM. Creating and maintaining User groups with SUGR foreasy user administration. SAP GRC Skills Analyzing the SOD Conflictsat User level and Role level by using Access Risk Analysis (GRC 10.1). Determine and report if any risks willbe introduced by simulating the addition of transactions, Role, or Profileto a User ID by using GRC RAR and GRC ARA. Mitigation and remediation of users and roles forSOX using User/Role Analysis in RAR.
- 3. Sensitivity: Internal& Restricted Producing SODAnalytical Reports (both Summary and Detail) against Users, User Groups, Roles and Profilesusing ARA. Creating monitors and approvers and mapped them to the mitigation controls for any kind of risk associated with a user, role or profile. FF governance, Role Upload, ORU/ User group creation and mapping, Functional area creation etc. in GRC. Scheduling Ad-hoc jobs in GRC for user and role sync, critical action/ criticalpermission, etc. Providing Emergency access to functional, technical & audit team members using EAM. Creating Firefighter IDs and assigning the Firefighter IDs to Ownersand Controllers. Having knowledge on troubleshooting issues related to GRC request by analyzing the root cause via t-codeSLG1. Basic knowledge of MSMP and BRF+ application. ICS audit Skills Worked on aligning important security parameter settings, default users, default SAP_ALL& SAP_NEWprofiles. Working on Audit Issues created by External Auditors. Involvedin Audit Interviews with External Auditors. Operational Monitoring of various controls. Worked on an activity to maintain illegal passwords in table USR40 to have the system stable (prevent system for Bruce – Forceattacks). SOD Checks – Monitored users having High & Critical access – Tookaction to mitigate & remediate users tokeep the SAP system secured. Monitored Firefighter Usage Controls Monitored usage & logging of critical tables & client opening for direct changes. Monitored users having critical,limited allowed access to important actions & permissions. Critical SAP Support Issues. Risk Analysis of Users having SODConflicts. Role and Responsibilities: Technical analyst forSAP security in production & non-production environments. User Administration–To ensure the integrity of SAP Security by actively creating, maintaining, deleting and lockingof users, Default tab maintenance, password reset, creating user group, role assignment of R/3, BW and other different systems. Experience and knowledge of security procedures foruser creation, maintenance in client- specific user administration model. Proficientin troubleshoot authorization related problems using SU53, ST01 and SUIM. Copying and Modifying SAP-ProvidedUser Role Templates and also created a set of custom user role templates. Excellent communication and follow-upskills in gathering requirements from functional teams and data owners. Developed and documented security policies and procedures, user maintenance, activity group and role maintenance using profile generator.
- 4. Sensitivity: Internal& Restricted Mentor and provide guidance to new project team Security Analysts on the Security and authorization concept. Resetting the LDAP connection when issue arises for synchronizationbetween GRC and activedirectory. Monitoring the list of users with criticalT-codes and criticalprofiles like SAP_ALL& SAP_NEW. Experience in defining background jobs, scheduling, modifying, deleting and analyzing the jobs and regularly monitoring the job logs and the job status. Identify and document issues and risks as needed and submit weekly status reports to higher level management. Mitigation and remediation of users and roles forSOX using user/role analysis in ARA. Creating Firefighter IDs and assigning the Firefighter IDs to Ownersand Controllers. Creating new risks/functions and modifying the risks/functions whenever it is required. Respond to requests, gathering all the requirements needed forfunctional team and business and prepare SAP security reports based on management and department needs. Worked on ticketing tool (SM7 and SNOW) to resolve the issues and problems in different kinds of SAP modules. Collaborate withother team members and business representatives to ensure that security roles, authorizations, activity levels and settings meet the client requirement. Securing Standard users like SAP*, DDICagainst misuse. Contribute to the documentation forthe various tasks that we perform on daily basis. Technical trainings and Knowledge transfer forthe team members and lateral joiners. Workin shifts to provide support to Philips global operations. Supported during weekends and also for various migration activities. Performing various ICS audit activities like taking samples for actions performed in SAP production environment to ensure that the activities are performed under SOX compliance. Educational Qualification: Completed M.C.A with 89.75% from Pondicherry Central University, Puducherry Personal Details: Date of Birth : 09th October 1990 Father’s Name : Surendra Prasad Language : Hindi ,English Nationality : Indian Sex : Male Declaration: I declare that the above details are true to the best of my knowledge and belief. Date: Place: Bangalore (Anil Kumar)