Yogesh Mittal

Management Responsibilities

• Oversaw SAP application architecture and provided guidance on phased SAP rollouts for all plants globally to achieve smooth transition from legacy applications to SAP.
• Oversaw technical workstreams with 40+ resources - Basis, Security and Compliance, Fiori, WRICEF development, integration, data migration, legacy applications (AGILE, Nusil Main Menu, Macola).
• Delivered Financial Commitments - Managed Nusil Genesis Program IT budget (CAPEX & OPEX) and estimated for hypercare. Aligned APM (time recording tool) to overall financials for each phase.
• Key Contributor in making M&A Processes effective by building a strong integration team and empowering team to think out-of-box solutions to make business processes lean and simple with minimal TCO.
• Delivery lead of Nusil Program Genesis.

Technical Activities (Cybersecurity domain – SAP Application Security)

• Designed and successfully implemented SAP application UI masking strategy to protect sensitive data based on Nusil regulatory compliance polices such as ITAR, EAR, CUI, DPAS.
• Key contributor in creating SAP S/4HANA compliance validation master plan to comply with applicable US quality system regulations promulgated in FDA regulations 21 CFR Parts 11 and 820.
• Designed and Implemented SAP Access Control 12.0 (all modules) with zero tolerance to unmitigated risks
• Designed Authorizations in S/4HANA and Fiori GW in embedded deployment.
• Designed and implemented Fiori artifacts such as Fiori Apps, ODATA Services, Fiori Catalogs/Groups etc.

• Responsible to provide leadership and delivery of phased SAP rollouts at Nusil (customer) for financial transformation project with Model company using chemical templates deployed into SAP S/4HANA 1909.
• Led various workshops and created templates for stage gate closures, SteerCoupdates, UAT testing kickoff, Cutover planning, RAID logs, communication plan, SAP environment strategies, observation tracker, Financial Reporting etc.
• Laid design foundation for SAP Security, compliance and data masking/blocking functionality to comply with US regulations (ITAR, EAR, CUI, DPAS).

Customers:

• Lockheed Martin (A&D) - Overall SAP Security Lead for On-premises and Cloud Applications
• American Water (Utility) - SAP Cloud Architect
• Phillips 66 (Oil and Gas) - Delivery lead for SAP Security/GRC/Cloud and HVC applications.
• Nielsen Media (Entertainment) - SAP Cloud Architect
• Dominos Pizza (Retail) - SAP Security and Access Controls Architect
• Hemlock (Chemicals) - SAP Security and Access Control Manager
• Exxonmobil (Oil and Gas) - Advisor SAP Access Control Applications
• Corning Glass ( Retail) - SAP Security for BPC Optimizer for S/4HANA Architect
• First Quality (Retail) - Project Deliver Manager for GRC AC 10.1, SAP UI Masking
• Fitbit (Retail) - S/4HANA Security and GRC Access Control Architect
• MoD (Ministry of Defense NL) - DFPS Advisor

Management Responsibilities

• Led sales/pre-sales initiatives with customer/SAP sales; and provided effort estimates, SoW, ROM, EMT matrix or responded to their RFP's request on different SAP Security initiatives
• Managed and recruited resources globally
• Developed project CAPEX and OPEX estimates and budgets, resource-loaded schedules, earned-value tracking with help of MS Project incorporating all significant project variable
• Key contributor in creating customer Business Cases, Project Charter, Decision Registry, Requirements Gathering, Training Plan, Testing Strategy, Communication etc.
• Managed internal SAP security practice pipelines, employee skill-matrix and one of key contributors in revenue generation.
• Facilitated ongoing communication and early success or warning indicators to all members of account leadership team (customer, partner, and SAP) throughout implementation process and beyond. Ensured effective reporting to higher management and proper project profiling and performance counters.
• Spearheaded most complex SAP implementation, transformations, integration projects; and support services in large-scale global programs to ensure completion on time, under budget, and at prescribed technical scope.
• Key contributor in internal / external “SAP forums” or JAM site(s) to post questions/answers regarding technology.
• Enhanced client satisfaction through consistent delivery of high-quality services and timely followups.

Technical Experience:

• Chief architect to integrated SailPoint with SAP Cloud Identity Access Governance (IAG) as a bridge to enable creation of compliant access requests from SAP Access Control to cloud applications -C4E and Hyperion at American Water. First implementation in World!
• Integrated SailPoint with SAP Cloud IAG as bridge to enable creation of access requests from SAP Access Control to cloud applications – ARIBA, S/4HANA, SAC, Workzone (WZ).
• SME in writing transformation rules in IPS (Identity Provisioning Service) from AD to various Cloud applications and created proxy services for various cloud applications.
• Excellence in troubleshooting connector issues using POSTMAN.
• Infrastructure security - Key Contributor in building Security threat Model for data flow between EC, ECP, BTP and 3P applications such as BSI, Participated in Network segmentation.
• Designed and created role collection in BTP for cloud tenants.
• Excellent hands-on experience on Principal Propagation.
• Wrote use-case scenario for compliant user provisioning for various design integrations.
• BTP setup – Set Up Subaccount's' from Global Account and subscribe applications, created destinations, configured IAS and established trust between IAS and BTP.
• Created custom rulesets for Ariba, C4E, PRA.
• Created destinations in Cloud Connector
• SME SAP Application Security – SAP security role definition and design, Patch management, vulnerability management, Role based access controls (RBAC), Security upgrades, transformation to S/4HANA with both Greenfield and Brownfield approaches, Fiori roles and authorization design, HVC authorizations, SAC, SAP HANA DB, HANAXSA for Risk SLT, ChaRM, MDG, BW/BI, Analytics.
• Created roadmaps, strategy documents for S/4HANA and BPC embedded, Analysis Authorizations and Data Profiles for different dimensions.
• SME Fiori Content design – Custom tiles, Odata services, custom catalogs/groups/pages
• Data Privacy and Protection – Data classification and discovery, Champion in SAP UI Masking with complex regulatory requirements such as ITAR/EAR/CUI/DPAS for SAP GUI and Fiori sensitive data elements (ABAC – Attribute based Access Control), blocking functionality.
• Governance Risk and Compliance (GRC) – Designed and configured all Access Control modules including BRF+ at many customers, created centralized repository for compensating controls, custom rulesets, Implemented UAR (User Access Review), Process Controls – Periodic and continuous controls monitoring (CCM ), SOX controls, ITGC controls , table logging/audit logs.
• Led co-innovation efforts between Exxon Mobile and SAP to build a custom ruleset for PRA.
• Operational Security – Wrote SOP (Day-to-day standard operating processes), blueprint documents; DevSecOps policies, processes, and procedures
• Implemented SAP Optimization Service via Solution Manager.

Customers:

• US Army (A&D) - Security SME DFPS/RM application
• Boeing (A&D) – Led blueprint phase for RMAS project.

Responsibilities:

• Spearheaded most complex “DEFENSE” implementations, integration projects and ensured that completion on time, under budget, and at prescribed technical scope.
• Pioneer in DFPS (Defense Security Public Security) and led implementation at GCSS and also represented US Government in Germany to help them design this module.
• Designed end-to-end customized DFPS/RM application, HR & DFPS organizational structure, provided detailed assessment and solution options to address issues. Reviewed delegation and substitution processes (B210 and B290 relationships) & also provided recommendations.
• Implemented solution to address issues and bridged SAP security design gap with SAP Germany to overcome some of issues encountered in their standard RM program.
• Proposed integrated automated compliant security solution for DFPS involving GRC 10.1 and IDM 8.0
• Oversaw deployment of short-term solutions on aggressive timeline, made project plans, and incorporated significant project variables. Estimated timeframes and resources required to successfully implement short-term solution, meeting and exceeding customers' expectations of value.
• Developed project Capital and Operating Cost estimates and budgets, resource-loaded schedules, earned-value tracking with help of MS Project incorporating all significant project variables.
• Configured HANA 1.0 security authorizations.
• Implemented masking solution using UISM 1.0 – ABAC (attribute-based Access Control option)
• Reviewed Boeing supplied B969G documents to put together Security strategy, design and methodology documents, BPDD (Blueprint Design Documents) including swim lane process maps for each security process, Gap analysis, technical future state SAP Security architectural document
• Finalized architecture for compliant user provisioning and Authentication with GRC and IDM as provisioning applications.
• Interacted with customers and clients to identify business needs and requirements

• Responsible for designing and configuring ESS and MSS for 43 divisions within CoT for R1 using SAPUI 5.0 technology supporting HTML5. Created UI 5.0 Roles by using LPD_CUST and customized landing page ESS, MSS and payroll Roles and used them in personalization parameters to make sure end users get appropriate CHIPS / LANES after login into SAP System through portal
• Extensive use of HCM (Structural Authorization) / ESS /MSS Forms & Processes Project with SAP UI 5.0 including creating custom function module and custom relationships to provide access to exceptions in the org structure.
• Designed Mobile solutions with SMP 3.0, Gateway & backend ECC roles to expose self-services via mobile devices.
• Configured security roles for Business Roles in CRM 7.0 IC WebClient UI to provide access to logical links of work centers in Business Roles, Assigned Business roles to Business Use.

• Designed and deployed SAP ECC, HR, ESS/MSS, Success Factors – Employee Central, BPC, MDG, BI-BOBJ, HANA, GRC 10.1, and identity Management architectures from security perspective
• Provided expertise in implementing chaRM (Change Control Process) to bring more maturity in IT change control process, and more mature and stable SAP deployments.
• Provided leadership to successfully execute strategy to implement SSO authenticating against AD & LDAP including Self-Services.
• Provided expert guidance on securing PII
• Spearheaded project for Disaster Recovery.
• Executed compliance scripts for SAP system “Health Check” including System Vulnerability to external/internal Cyber-attacks.
• Managed Scope, Project Plan, SLA, Change Management, resources with distributed team structure model.
• Configured full suite of GRC Access Control 10.1 with BRF+ including creating controls and automated UAR.

• Provided leadership and governance to execute strategy to implement GRC Access Control.
• Designed and configured all SAP Access Control 10.1 modules including BRF+, created centralized repository for compensating controls, custom ruleset, Implemented UAR.

• Designed / configured all four SAP AC 10.0 modules including creating controls library, custom ruleset and automated UAR.

• Led design, development, and deployment of ECC/HCM/BI/LSO/BW-HR modules taking end-to-end ownership, collaborating with cross-functional teams, ensuring sustainment of design with future SAP releases.
• Managed design and deployment of numerous upgrades and first-time installations such as SAP Optimization, Self-Services (ESS and MSS), GRC & LSO rollouts.
• Developed training material and facilitated training to Clark County employees to ensure that 15+ employees continue to improve their performance.
• Implemented position-based security.
• Masked sensitive data elements such as DOB, SSN, beneficiary infotypes (PII data) in ECC and sensitive display attributes on master data for BW queries. Upgraded BW from 3.0 to 7.0.
• Portal 6.0 user administration, role migration, TREX, content administration including creating iViews, roles, worksets etc.
• Solution Manager – Defined Business Blue Print based on Application Area, Defined Business Processes, configured transactions in BPML's, Used SOLAR02 to configure “Realization phase”, defined test cases, created business partners, Excellent knowledge of “Test Plan Management” STWB_2, Configured Road Map into Solution Manager 7.0, Installed CUA on SOL Man, Generated Risk Analysis from Security Optimization
• 2011-2012 part-time advisory role.

• Re-designed SAP Security HCM architecture to make it Audit Compliant.
• Provided leadership and governance to successfully evaluate existing HCM design and steered organization for security redesign to have complete control over business processes leading to total customer satisfaction.
• Wrote future state design documents, blueprint documents, best practices “dos and don'ts”; and Operational manual for sustainment of design.
• Ensured strategic SAP security application delivery with creation of robust BI architecture environments scaled for long-term enterprise use.
• Formulated and presented high-ROI business case for new strategies to stakeholders for sustainment of SAP product from security perspective.
• Implemented targeted solutions to secure PII data in HCM.

Responsible for delivering complete life cycle of SLCM (Student Life Cycle Campus Management) module integrated with HCM and BI. The below are some of the major tasks performed:

• Spearheaded SLCM design, created real-time integration of SLCM with HCM, masked sensitive PII information for key data elements.
• Configured BI 7.0 Security, BW-HR Security authorizations.
• One of pioneers in SLCM security and provided SAP targeted solution to resolve business challenges for HR/SLCM integration.
• Created and executed project plan successfully within budget with aggressive timelines.

• SAP Security Assessment, Strategy, design, and implementation of 3 tier security role model for HCM based on ASAP methodology, masked data elements for sensitive fields such as PII information, dynamic structural profile using FM, configured CUA for non-production systems, secured PSA using VDSK1 field.
• Implemented user provisioning tool –Sentinel using Federated portal to provision identities across Universities.
• Designed and successfully implemented full blown ESS and MSS (mySAP ERP 2004) functionality.
• Worked with team member to configure SAP Enterprise portal and Sentinel for authentication, “Header Variable Login Module to Support Sentinel”, LDAP to CUA integration.

• Lead HCM/BI/eRecruit/Travel Management Security team with 15+ members.
• Provided SAP HCM, BI, EH&S, eRecruit, travel management, SEM-BCS, BPS, Portal Assessment, Strategy, design and successful deployment security architecture based on ASAP methodology and FERC Regulations.
• Responsible for designing and successfully deploying security for ESS/MSS (mySAP ERP 2004), BW-HR at Enterprise-level.
• Provided resource work estimate, budget/actuals/forecast/variance to budget, schedule maintenance, project expense summary, change management, issue logs, status reports, project overview, milestone deliverable history, security analysis and scope etc.
• Configured GRC landscape with RAR, CUP, SPM applications and customized ruleset as per PWC guidance.
• Designed and Implemented User provisioning concept with data export from mySAP HR using IDM/LDAP interface. Mapped LDAP attributes to SAP defined fields.
• Created security scripting library using eCATT and LSMW.

Security Consultant: Lead the architecture, design, implementation and support of SAP Security & Controls for the clients listed below:

» Textron, TX and CA

• Implemented SAP roles and authorizations for following modules; SAP ECC, HCM, ESS/MSS, BW, SEM-BCS security
• Configured Approva – Bizright compliance tool for risk remediation/mitigation.
• Configured full suite of GRC Access Control 5.3,CUA, License Audit Workbench (LAW) and wrote audit procedure.

» DaimlerChrysler Financial Services, MI – Implemented BI security

• » Managed and engineered full cycle of BW/BCS security implementation successfully

• Led “Delco” and “After-Market” SAP implementations of FI, Logistics, HCM, BW, and SEM modules with 8500 end-users in phased-implementation from SAP Security design and implementation perspective.
• Took complete ownership in providing SAP Security authorization design and deployment across four continents successfully. Wrote blueprint, technical design documents and security policies and procedures documents for sustainment\
• Responsible for Project Management of activities for Delphi SAP project implementations – including estimates, planning, scheduling, attending status meetings, managing resources, completing tasks and deliverables on time and within Budget.

• Lead SAP Implementation for MM, FI, CO, AM in USA location across business units and entities covering more than 600 end-users in single big-bang implementation from SAP Security perspective
• Responsible for all activities related to developing Project Plan, wrote security policies and procedures, design and implemented security model across all landscapes (production and non-production environments).
• Lead role to design, develop, enhance and maintain UNIX scripts, filters, UNIX file system, UNIX I/O processing, crontab entries etc. for SAP interfaces
• Sole responsible for installation and customization of autosys on SAP servers.
• Security lead for maintaining SAP roles and authorizations for SAP R/3 4.5B.

• Involved in activities for SAP basis, security tasks and interface maintenance including writing UNIX scripts and filters.