Sreenivasu Balaka
Frisco,TX
Summary
SAP Security and GRC Consultant with 12+ years of experience in implementing, configuring, and supporting SAP security solutions. And having 3+ years of experience in IT controls and compliance, risk management.
Overview
16
16
years of professional experience
1
1
Certification
Work History
SAP Security Lead Consultant
Wipro Technologies
11.2012 - Current
- Executed user administration and role administration tasks, analysis across diverse SAP systems (ECC, BW, HR, Portal) within the landscape
- Supported in SAP security design, configuration, and administration expertise in ECC, S/4 HANA, HANA DB, SAP FIORI and other SAP applications
- Supported on BI Analysis Authorization and BI hierarchies with trouble shooting issues using RSECADMIN
- Troubleshooting security issues and end user support
- Supported in GRC access control, RAR (Risk Analysis and Remediation) and SOD (segregation of duty), mitigation and remediation
- Supported in SAP GRC 10.1 configuration and administration, GRC BC sets, workflow customization and ruleset.
SAP Security Lead consultant
Wipro Technologies
11.2020 - 06.2022
- Provided Production Support for various SAP systems (ECC, BW, HR) for Security Operations: Handled all support tickets in all the SAP applications including handling security requests, incidents, and problem management tickets
- Manage SAP security for development, quality assurance, sandbox, training, and production systems Executed user administration and role administration tasks, analysis across diverse SAP systems (ECC, BW, HR, Portal) within the landscape
- Designed, developed, thoroughly tested, and maintained an array of authorization roles
- This included crafting single roles, composite roles, master roles, derived roles, and analysis authorizations
- These roles catered to both task-based and job-based functionalities, covering a wide spectrum of business processes
- Worked on GRC Support activities like which includes in creating Custom Ruleset (Rule Building), configure, GRC AC 10/10.1 Workflow, configure GRC AC 10/10.1 mitigation controls
- Risk Analysis, EAM Logs
SAP Security consultant
Philips
08.2018 - 10.2020
- Worked in Agile delivery model using scrum/sprint framework to develop solutions in time-boxed iterations with fixed scope
- Participated in daily and weekly Scrum ceremonies Managed user and role administration tasks across diverse SAP systems (ECC, GTS, Solution Manager, Fiori, CRM, PI, ME/MII, NWDI, GRC 10.0, BW, CRM,SRM) in DEV, QUA, and PRD landscapes
- Resolved authorization issues to ensure seamless system operation
- Created RFC users and designed corresponding authorization roles for RFC functions
- Developed a variety of RFC authorization role setups for efficient system communication
- Developed BI security for user roles (query users, administrative users and power users) and troubleshooting authorization issues with RSECADMIN
SAP Security consultant
Chevron
12.2016 - 07.2018
- Conducted regular IT security assessments (operational monitoring control checks) for various SAP system types including ABAP, JAVA, and MDM: Performed assessments against established baselines for system parameters configuration, SAP standard user setup, user master data
- Ensured prevention of unauthorized role assignments, checked for SAP_ALL and SAP_NEW profile assignments, verified password changes for system and communication user types
- Validated firefighter access, examined user creation, role assignment, and relevant changes
- Reviewing EAM governance model Evaluated standard role and profile assignments, role quality, non-allowed critical IT access, and limited critical access
- Identifying inactive, terminated, and transferred users
GRC Lead Consultant, Controls and Compliance Team
Maersk Oil and Gas
11.2012 - 11.2016
- Conducted monthly security control assessments to cover domains like User Access management, Network, OS & Application Security, Encryption, Backup Management, Disaster Recovery, etc
- On selected asset samples including Windows Servers, Linux Servers, VMWare, Network equipment, and Cloud application, in alignment with to established baselines and document the assessments
- Evaluated security risks across domains on an annual basis, enhancing security resilience
- Publish the organization's Security Risk Index (SRI) and collaborate with IT teams to address risks and improve SRI score
- Quarterly assessment of third-party vendor (Vendor Management) risks, maintaining risk records for vendors, and presenting findings during governance calls with customer management
- Collaborate with third-party vendors and ensure they adhere to data privacy and security standards.
SAP Security Analyst
Atos
06.2010 - 10.2012
- Performed user administration and role management activities for multiple SAP systems, such as ECC, BW, HR, Portal (EP), SRM, and CRM
- Leveraged in-depth expertise to streamline user access, maintain role structures, and enhance security protocols
- Worked on role design, build and deployment activities includes creation of single and composite roles, master and derived roles, template rotes and modification of existing roles as per requirement in ECC, HR, SRM, CRM, Portal, BI/BW, APO, PI, MDM, EP systems
- Developed BI security for user roles (query users, administrative users and power users) and troubleshooting authorization issues with RSECADMIN
SAP Security Analyst
HCL Technologies
04.2008 - 05.2010
- Provided Production Support for various SAP systems (ECC, BW, HR) for Security Operations: Managed a diverse range of security tasks, including handling security requests, incidents, and problem management tickets
- Supported in user administration and role management activities for multiple systems, such as ECC, BW
- Provided production support of all security activities for Central User Administration (CUA), ensuring streamlined user management and role management across systems
- Responsible for setting up OSS user ids and Developer keys for new users
- Created and maintained SAP OSS IDs in a secure service marketplace area based on user requests.
Education
Master of Science in Electronics and Communication -
Edinburgh Napier University
01.2006
Bachelor of Engineering in Elections and Communication -
Andhra University
01.2002
Skills
- Hands-on experience in SAP security design, build, deployment, and audits for a range of SAP modules including ECC, BI/BW, HR, MDM, Solman, CRM, SRM, ME/MII, NWDI, PI, Portal
- Strong knowledge and hands-on experience in SAP Security and Maintenance for SAP S/4 HANA, SAP Fiori Security, and SAP HANA DB
- Extensive experience in configuring GRC 10/101 Access Controls components, including ARA (Access Risk Analysis), EAM (Emergency Access Management), ARM (Access Request Management), and BRM (Business Role Management)
- In-depth knowledge of SAP Security best practices, compliance, and auditing standards
- End-to-end management of SAP ERP Security and IT Infrastructure Security projects, covering full lifecycle implementation, roll-outs, and transition and support projects
- Experience in Application security and infrastructure security
- Proficient and experienced in frameworks, standards, and regulations including SOC2, IT SOX, ITGC, NIST CSF, NIST SP-53, ISO27001, COSO, CCM, HIPAA, PCI-DSS, and GDPR
- Extensive experience in conducting IT control effectiveness testing to ensure compliance and security
- Proven proficiency in Project Management, demonstrating successful leadership in overseeing diverse projects
Certification
- Certified ISO/IEC 27001:2013 Information Security Management Systems Lead Auditor Training Course (PR320)
- Certified Lead Implementer professional for BS 10012:2017 Personnel Information Management System including GDPR
Timeline
SAP Security Lead consultant
Wipro Technologies
11.2020 - 06.2022
SAP Security consultant
Philips
08.2018 - 10.2020
SAP Security consultant
Chevron
12.2016 - 07.2018
SAP Security Lead Consultant
Wipro Technologies
11.2012 - Current
GRC Lead Consultant, Controls and Compliance Team
Maersk Oil and Gas
11.2012 - 11.2016
SAP Security Analyst
Atos
06.2010 - 10.2012
SAP Security Analyst
HCL Technologies
04.2008 - 05.2010
Master of Science in Electronics and Communication -
Edinburgh Napier University
Bachelor of Engineering in Elections and Communication -
Andhra University
Similar Profiles
SAI SUSHMA INDRANI KANISETTYSAI SUSHMA INDRANI KANISETTY
Project Engineer at Wipro TechnologiesProject Engineer at Wipro Technologies
Soumya TiwariSoumya Tiwari
Desktop Support Engineer at Wipro TechnologiesDesktop Support Engineer at Wipro Technologies
Praveen RPraveen R
Senior Project Engineer at Wipro TechnologiesSenior Project Engineer at Wipro Technologies
Swadha TandonSwadha Tandon
Project Engineer at Wipro TechnologiesProject Engineer at Wipro Technologies
Chandrasekhar NowduriChandrasekhar Nowduri
Architect at HCL America / T-MobileArchitect at HCL America / T-Mobile