Hema V

• Highly experienced SAP Security Consultant with over 7 years of experience in providing SAP Security solutions across industries. Proficient in designing and executing security for various SAP modules.
• Managed user access, data access, and system authorizations.
• Conducted system testing and troubleshooting.
• Worked on Segregation of Duties, ITGC'S, ITAC'S.
• Performed ruleset analysis
• Involved in SAP & GRC implementations and upgrades
• Performed Role redesign activities
• Provided support to end-users and other stakeholders.
• Mentored junior consultants, helping them enhance their skills and contribute more effectively to projects.
• Evaluated clients' needs and created plan of action to provide solutions.
• Increased client satisfaction by providing tailored consulting services and effective problem-solving strategies.
• Built strong relationships with clients through consistent communication and proactive problem-solving efforts.
• Evaluated existing business processes, recommending improvements that led to increased operational efficiency.
• Streamlined project management processes, improving efficiency and reducing overall costs.
• Prioritized projects and project tasks depending upon key milestones and deadline dates.

Project Booking :

• Built, drafted and Executed SOD'S in service now
• Analyzed passport policies to identify any impact on the SOD control.
• Performed end to end Quarterly SOD detective control for BTL and Booking.com which includes gathering of audit requirements, execution of control, seeking inputs from risk owners on control execution.
• Connected directly with clients to address any queries related to overall SOD and ensured to have enough process and technical depth to answer any queries and resolved any discrepancies within the stipulated timelines.

Project Google :

1. IPE LMD'S & Mochi :

• Performed bi-monthly continuous monitoring and impact assessment to detect critical object changes using LMD'S
• Streamlined the process of Mochi by automation via Worksoft tool
• Orchestrated script execution and extracted comprehensive reports using the Worksoft tool. Additionally, troubleshooted and rectified failed scripts

2. Project Northstar :

• Conducted Logic Validation Testing in SAP Fiori which ensures that the business rules and processes within SAP Fiori apps function correctly.
• Executed Data Completeness Checks Between Salesforce and Fiori

3. Project Sherlock :

• Performed ruleset analysis to identify Segregation of duties conflicts and Risk Analysis at Action and Permission level, which further gave scope to role redesign or adding mitigation controls.

4. Project Shield :

• Worked on transformation of roles from company code level to country & entity level
• Used LSMW scripts and updated roles with descriptions. Performed Authorization and organizational updates to roles in S4, MDG & BW systems.
• Created Analysis authorizations in BW and added the nodes to the Analysis authorizations.
• Conducted Functional user testing and imported all the roles successfully to production environment.

5. ITAC Testing :

• Assisted in automation of ITAC process by writing test scripts for current year workpaper for both test of design and effectiveness with the help of business process knowledge via Worksoft tool.

• Working as SAP security consultant in Global supply chain management project.

• Hands on experience in working on SAP Security Administration and SOX ITGC controls

• Working as an Incident Manager in team and performing Audits periodically.

• Performed SOX Audits by running controls like (A.M.SOD, A.O.SOD, RU control, UAM control, A.S.CS, A.S.UAA)

• Involved in day-to-day troubleshooting activities of SAP Security.

• User administration involving creating/modifying/deleting/locking of users.

• Hands on experience in Role designing / modification / transport for ECC.

• Using SU53 for tracing missing authorization objects and suggesting recommend appropriate roles for the end users.

• Used SUIM for Analysis and Report generation of the Users, Roles, Profiles, Authorization Objects and Change Documents.

• Experience in SAP Security Role testing, SAP Security Transports, Troubleshooting SAP Security issues.

• Ensured protection and adherence to the goals of the overall SAP security strategy.

• Creation of Singe roles, composite and derived roles using PFCG.

• Mass locking, unlocking, deleting and creation of users using SU10.

• Locking and unlocking of transactional codes using SM01.

• Supporting GRC user access requests and working on GRC Access control.

• Making approver changes in GRC and analyzing the issues related to approver set up.

• Performing GRC roles clean-up.

• Resolving GRC access request related issues.

• Transporting roles across the Landscape

• Role setup in GRC and its maintenance

• Supporting around 210 SAP systems for all HPE & HPI employees.

• Working on user access related activities.

• Supporting enterprise portal and supplier portal related activities.

• Establishing RFC connection between the systems.

• Establish/open connection in Service marketplace also provide developer access keys and object access keys and OSS message creation.

• Supporting around 14+ Non-SAP applications.

• Coordinating with other high-level teams during Major Incident calls (MI) for a swift resolution of the issue, minimizing business impact and ensuring maximum customer satisfaction.

• Performing periodic audit on all the production systems internally.

• Focusing on User Access Management in SAP and Non-SAP applications, for all IT roles in production systems. Supporting role setup, business process setup in GRC

Performing health checks

SOX audit Experience:

• Worked on SOX ITGC controls for HPI and HPE

• Excellent knowledge in understanding risk functions (critical access)

• Worked on controls like Revoke users (RU), User Access Review (UAR), User Access Administration (UAA), User Access Monitoring (UAM), A.M.SOD & A.O.SOD.

• Worked on activities like Test of Design and Test of Effectiveness during the beginning and end of the Audit period.

. Conducted walkthrough with internal and external auditors.