Fathima Shaik

Role Design Implementation and Authorization Framework and GRC Implementation

• Designing and Implementation of the Role and Authorization Framework for FI and SCM modules, MDG, IBP, EWM.
• Creation of the test scripts and coordinating the testing with Business Analyst team.
• Designed the Initial SoD Analysis and Remediation Approach.
• Analyzed the SAP delivered rule set for Risk Analysis & Remediation, which includes Actions, Permissions, Functions and Risks for customization
• Troubleshoot SOD Ruleset Issues and resolve them.
• Design and Develop the FF functional and Technical roles based on the inputs from business teams
• Configuring GRC components shared settings and Access control specific settings.
• Risk analysis activities: Building Rule set, testing, remediate risks, mitigate risks, creating rules using BRF+ environment and performing risk analysis
• Preparing the Rule Upload les for Business process, Functions, Authorizations, Risk & Rule set
• User provisioning: Configuring access request forms, maintain EUP, Requesting access
• Building and maintaining MSMP workflows
• Business Role Management BRM: Configuring Role management, create single, composite roles and business roles
• Emergency access Management EAM: FFID, assign owner and controller to FFID, maintain reason codes, execute firefighting sessions and monitoring emergency access
• Conducted thorough audits and identified areas for improvement, leading to enhanced internal controls and risk management practices.

Client: Toyota

Toyota Motors USA is a vehicle manufacturing and distribution company focused on delivering top quality industrial products at the best value to our customers. They strive to consistently grow our business by increasing market share, improving distribution processes and targeting new markets with expanded product lines. They are the USA leader in aluminum sales. It has implemented wide range of SAP modules to maintain its global position. It has got around 20000 SAP users.

SAP Security and GRC Solution Architect:

• SAP GRC Access Control, Process Control, Risk Management,
• SAP Application Risk and Control reviews (Post implementation, configuration reviews) or SAP Authorization reviews
• Work with the business managers in refining risk in Fraud management
• Application Risk and IT Control reviews involving SAP configuration reviews, SAP post implementation reviews, SAP authorization reviews, SAP sensitive access review etc.
• Functional Risk and Controls experience for Source to Pay, Material to Inventory, Order to Cash, or Record to Report.
• SAP GRC Access Control, Process Control, Risk Management, or Global Trade Services implementation, including governance, design, configuration, and testing.
• Understating of SOD / SOX / Security Assessment / SAP Authorization / Roles.
• Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements in Risk and Audit Management.
• Compiling and delivering audit documentation and effectively completed security redesign for Sarbanes Oxley (SOX), state, and corporate compliance.
• Created Segregation of Duties conflict matrix to ensure compliance to company standards, saving the team several hours in research time.
• Designed the IT controls with main focus of eliminating redundancy in quarterly assessments.
• Analyzing & Documentation of Security audit, reports outlining the effectiveness of the system, explaining any security issues and suggesting changes and improvements.
• Provided a written and verbal report of Audit findings.
• Exception detection and compliance checks in Fraud Management.
• Analyzed data from all relevant transactional systems and spotted the suspicious activities and stop high-risk transactions in Fraud Management.
• Detect Fraud on SAP by User Behavior Analytics (UBA) to detect fraud on SAP in real-time.
• Detect risks, fraud and anomalies earlier by screening business partners and transaction data across the enterprise.
• Lead the end to end security migration process (developed, configured, testing, troubleshooting & support) from ECC 6 (EHP7) to S4Hana 1610 and 1709. Green and Brown.
• Updated the entire Finance (FICO), SCM, business role to new S4Core version.

Mohawk USA is one of the largest suppliers of premium carpet, rugs, laminate, sheet vinyl, luxury vinyl tile and wood flooring in North America. They strive to consistently grow our business by increasing market share, improving distribution processes and targeting new markets with expanded product lines. It has implemented wide range of products at the best value to our customers.

• SAP Application Risk and Control reviews (Post implementation, configuration reviews) or SAP Authorization reviews.
• Work with the business managers in refining risk in Fraud management.
• Application Risk and IT Control reviews involving SAP configuration reviews, SAP post implementation reviews, SAP authorization reviews, SAP sensitive access review etc.
• Functional Risk and Controls experience for Source to Pay, Material to Inventory, Order to Cash, or Record to Report.
• SAP GRC Access Control, Process Control, Risk Management, or Global Trade Services implementation, including governance, design, configuration, and testing.
• Understating of SOD / SOX / Security Assessment / SAP Authorization / Roles.
• Managed SOX Compliance Remediation tasks to comply with SOX/SOD requirements in Risk and Audit Management.
• Compiling and delivering audit documentation and effectively completed security redesign for Sarbanes Oxley (SOX), state, and corporate compliance.
• Created Segregation of Duties conflict matrix to ensure compliance to company standards, saving the team several hours in research time.
• Designed the IT controls with main focus of eliminating redundancy in quarterly assessments.
• Analyzing & Documentation of Security audit, reports outlining the effectiveness of the system, explaining any security issues and suggesting changes and improvements.
• Provided a written and verbal report of Audit findings.
• Exception detection and compliance checks in Fraud Management.
• Analyzed data from all relevant transactional systems and spotted the suspicious activities and stop high-risk transactions in Fraud Management.
• Detect Fraud on SAP by User Behavior Analytics (UBA) to detect fraud on SAP in real-time.
• Detect risks, fraud and anomalies earlier by screening business partners and transaction data across the enterprise.
• Lead the end to end security migration process (developed, configured, testing, troubleshooting & support) from ECC 6 (EHP7) to S4Hana 1610 and 1709. Green and Brown.
• Updated the entire Finance (FICO), SCM, business role to new S4Core version.
• Attention and focused with SAP SNOTE 2227963, 2227963, 2270355, 2029012 for migration process
• SAP HANA DBA Security with BI/BOBJ. Created roles for both BI and BOBJ running on HANA.

Block 3 & 4 – ERP is a leading wholesale provider of Telemobile communication Industry. From standard products to tailor-made coverage across all lines of business, Swiss Re deploys its capital strength, expertise and innovation power to enable the risk taking upon which enterprise and progress in society depend.

• Configures/Implemented/Reviewed SAP GRC suite (a/o Access Control, Process Control, Risk Management).
• Assisted in providing periodic updates, education and presentations to staff and management on various aspects of IT Security Governance, Risk Management & Audit Compliance
• Design and assess SAP GRC Access Control suite of programs, including user provisioning, segregation of duty management, emergency access, and role management.
• Designing Audit Planning.
• Hands-on working experience in Process Control.
• Authorization Administration: Comprehensively use
• Profile Generator to generate roles, maintaining existing roles and transporting new roles across landscape.
• Restricted table access and program restrictions through authorization groups.
• Worked on Derived role/Inheritance relationship.
• Converted Profiles into Roles through SU25.
• Setup BW and BI security for query users, administrative users and power users.
• Provided authorizations for reporting users.
• Provided an access to execute queries by users.
• Restricted INFOAREA button to BI Users.
• Setup security at the Infoobject level (field-level security) and key figure level.
• Created roles restricting access to Infocubes, ODS objects, specific queries and workbooks.
• Built analysis authorization in RSECADMIN and inserted them in the role using S_RS_AUTH.
• Maintained detailed documentation on SAP security configuration settings, providing a valuable reference tool for troubleshooting or future system enhancements.
• Implemented monitoring tools to track user access patterns, identifying anomalies and responding proactively to suspicious activity.
• Collaborated with IT support teams to troubleshoot end-user issues related to SAP security configuration, ensuring continuous system availability and performance.
• Collaborated with cross-functional teams to design secure solutions for new business initiatives, ensuring compliance with industry standards.
• Served as primary point of contact for resolving complex SAP security-related incidents, minimizing downtime and business disruption.
• Conducted thorough risk assessments for proposed changes to SAP landscapes, balancing business requirements with necessary safeguards against potential threats.
• Managed the end-to-end lifecycle of SAP roles, ensuring appropriate authorization levels were maintained at all times.
• Evaluated emerging technologies in the field of SAP Security to determine their potential applicability to the organization''s SAP landscape.
• Developed custom reports to monitor critical security events, enabling swift detection and response to potential threats.
• Assisted in incident response planning, preparing for and managing potential security breaches or other threats to system integrity.
• Partnered closely with internal audit teams to address findings related to inadequate controls or non-compliance within the SAP environment.
• Identified potential risks and vulnerabilities with regular security audits, proactively addressing identified issues.

Client Profile: PwC

PricewaterhouseCoopers(PwC) is an independent research firm with global revenue of 1.4 million dollars. PwC is judged to be a vanguard firm, i.e a firm with broad and deep capabilities in the market. As a full service professional services firm with end to end consulting and advisory , tax and regulatory services.

• Monitored the critical transaction codes and ensures that they are assigned to the concerned users only.
• Assigned Roles to the Users based on the Service Request Approvals.
• Worked on User Groups to divide user administration based on the area of location.
• Worked extensively with user information system (SUIM)
• Worked with security related tables such as USR02, AGR_TCODES, AGR_USERS, AGR_DEFINE, USOBT_C and USOBX_C.
• Extensively used SU53, SU56, ST01 to trace and assign the missing authorizations to the users.
• Maintained Authorization objects using the transaction SU24.
• Converted Profiles into Roles through SU25.
• Users Support, Trouble shooting & providing solutions.
• Configured GRC AC 5.3 (SPM & RAR).
• Performed risk analysis using VIRSA Compliance Calibrator for the role assignment to the users and transaction assigning to the roles and suggesting mitigation controls or remediation when required.
• Mitigate role level and user level risks.
• Utilized GRC identifying Segregation Of Duty (SOD) conflicts.
• Maintained detailed documentation on SAP security configuration settings, providing a valuable reference tool for troubleshooting or future system enhancements.
• Implemented monitoring tools to track user access patterns, identifying anomalies and responding proactively to suspicious activity.
• Partnered closely with internal audit teams to address findings related to inadequate controls or non-compliance within the SAP environment.
• Collaborated with cross-functional teams to design secure solutions for new business initiatives, ensuring compliance with industry standards.
• Delivered comprehensive training to end users on SAP security best practices, fostering a culture of shared responsibility for information protection.
• Enhanced system security by developing and implementing SAP security policies and procedures.
• Assisted in incident response planning, preparing for and managing potential security breaches or other threats to system integrity.
• Kept scripts and test cases updated with current requirements.
• Documented testing procedures for developers and future testing use.