SUMMARY OF QUALIFICATIONS

Outstanding experience in SAP R/3/ ECC 6 Security / Authorizations for Supply Chain Management, Manufacturing & Utilities Companies as Security Consultant  covering 4 major and complex SAP Security projects. Performed  multiple  troubleshooting and strategy type engagements around the use of SAP Security / GRC projects.
More than 4 years SAP and 10 years Information Technology experience. 
Good understating of SOD /Security Assessment / SAP Authorization / Roles and SOX.
 
Successfully completed SAP trainings: 
�	ADM940 SAP Authorization Concept 
�	ADM950 SAP System Management 4.7 
�	Virsa Compliance Calibrator

Security Tools: SPA GRC / Virsa (Compliance Calibrator 4.0 / 5.1, Risk Terminator, 
                         Firefighter  3.0 & SAP User Management Engine / CUA) , SAP Solution 
                         Manager 4.0
Operating Systems:  HP / Sun UNIX, VAX VMS, IBM AS/400, Windows NT/XP 
Databases & Tools: Oracle 8/9i, SQL Server, TOAD and test director 
Programming Languages: C++, CORBA, PL/SQL 
ERP Applications: SAP R/3 4.6 / ECC 6.0 SD/MM, FI/CO, HR, Solution Manager 4.0

PROFESSIONAL EXPERIENCE

PETSMART, Phoenix,AZ                                                        Jan. 2008  -   Mar. 2008
Sr. SAP Security Consultant

       Helped Client for SAP GRC Access Control Upgrade from 5.1 to 5.2. Analyzed current GRC 5.1 installation on SAP R/3 4.6c. Prepared the plan for installation onto ECC 6.0 backend. Helped client in performing Solution Monitoring,  Administration and Change Control Management with use of Solution Manager.


California Portland Cement Corp., Glendora, CA                Nov. 2007  -   Dec. 2007
Sr. SAP Security Consultant

        Performed User Management for SAP ECC 6.0 using Solution Manager 4.0 / CUA. Developed / maintained the Roles and their assignment to users. Create new Roles / users for Companies new acquisitions in HR,PY, SD,MM. Perform Role Management /Transaction security by restricting access. Debugging the user authorization problems using su53 / trace. 

Centerpoint Energy, Houston,TX				     Aug. 2007  -   Nov 2007
SAP Security Consultant

              Evaluated Logical Security around SAP BASIS environment. Evaluated current user roles to improve system performance. Recommended solutions to remediate SOD conflict issues related to Logical Access for HR, FI / CO, SD/MM modules using Virsa Compliance Calibrator & firefighter 4.0.

World Bank Group, Washington,DC                          March 2007 � June 2007
SAP SOD Consultant
         
                    World Bank disburses the Loans to Developing Countries around the world to the amount of US $30 Billion. Evaluated GCC Control related to Bank�s Treasury Application and ISG (Information System Support Group) . Conducted walkthrough of business processes for System Support and Information security related to SAP R/3 FI /CO applications. Performed users / role Administration using Profile Generator. Performed SOD conflict resolutions using Virsa Compliance Calibrator for SAP in conjunction with HR FI BA�s /BPO. Analyzed usage of Emergency Super users in SAP using Virsa Firefighter.

Fannie Mae, Inc., Reston,VA                           		August 2006 � February 2007
St. IT Risk Consultant
         
                    Fannie Mae is largest Mortgage finance Company booked a profit of US $ 6.3 Billion in 2005. I was involved in Consulting with regards to Sarbanes-Oxley Compliance  for Enterprise System Management Group�s Risk Office Responsibility included guiding Information Technology Department in understanding of risk and controls as they document  Information Security . Worked on Access Control, Issue Log which included the deficiencies and recommendations to close the gaps for Oracle Database. 

PSE&G, Newark,NJ                                                                      July 2006 � Aug. 2006
SAP Security Consultant

Guide IT Department in Configuring Central User Administration for SAP  ERP System. Used Virsa Compliance Calibrator in order to assure Separation of Duties for roles and users as part of Sarbanes-Oxley 404 Compliance for SAP FI & MM Applications.

Manulife Financials (John Hancock), Boston, MA                      Oct. 2005 � June 2006
Consultant

Acted as Information Security Consultant for IT Department in assessing Logical / Physical  Security for Companies Reinsurance and Annuities Application. Recommended solutions to avoid SOD conflicts to comply with SOX Compliance for Oracle Database platform  

TRW Automotive, Shirley, UK                                  May 2005 � Sept. 2005
Lead SAP Security Consultant

Helped Companies IT / Internal Audit Department to achieve  Sarbanes-Oxley Compliance to overcome  SOD issued in SAP ERP System.
Worked on improving SAP user / Role Management to avoid SOD issues
 for SCM / FI. / HR Modules. Lead the team of  3 Security Consultants.
                                                         

Aeroflex,NY (hi-tech electronic Mfg.)		Sep. 2004   -  May 2005
SAP Security Consultant
    Coordinated  and performed testing of   SAP ERP Security for Companies facilities throughout US.  Worked on Configuration Controls for SAP Access Control & SOD in collaboration with business process owners

Merrill Lynch, NJ			 		Mar 2004     -  Sep. 2004
SOX Consultant
     Created test plan and tested automated application controls for Companies Technology Management group. Worked on testing for the 5 Stock Applications as part of Sarbnaes-Oxley 404 Compliance


Intel, Inc, CA				    		  Sep 2003 -   Feb . 2004
SAP Security Consultant
         Analyzed the Security controls of SAP ERP SCM application and Oracle Platform. Analyzed the standard and Customized settings for SAP R/3 System Parameters, CTS , Authorization profiles (Profile Generator) & User Access. Used VIRSA in order to assure Sarbanes-Oxley Separation of Duties compliance for users .

Verizon Wireless, NJ 			      	   July 2003  -    Sep 2003
IT Consultant
 Implemented  Revenue Assurance module of Amdocs Billing Software written in Unix / C. The Implementation and support was challenging as system stopped functioning before I came on-board.

US Cellular,IL 					Jan -2003   - July 2003
Consultant

Implemented  Wireless Number portability Software (as part of FCC compliance) written in C++ / Corba for US Cellular Corporation based in Chicago. Also helped in release management of newer version of STAR Billing system.

AMDOCS, Inc., St. Louis, MO                                September 2000 - December 2002
System Analyst

Implemented and  Supported Revenue Assurance module of Amdocs Billing Software written in Unix / C & COBOL. Major client include Roger�s AT&T, SBC & Sprint.

Syntel Inc., Troy, MI March 1998 - October 1999
System Analyst

Documented existing IT process and prepared gap Analysis for Y2K problem Maintained and implemented client-server applications related to Freight bill Audit payment system for Logistic Company in C, PRO* C and ORACLE RDB on VAX. Helped client in configuring and setting up of Source Control Management system.

Indian Oil Corporation, Bombay, India January 1988 - March 1998 
Assistant Manager (Systems Audit)

Audited IT infrastructures (Operating Systems, Network, LANs,) and application systems at Companies HQ and various POS all over country.  Participated in design, development testing and implementation of Billing system for Petroleum (Oil & Gas) products at POS locations for this Fortune 500 Company Helped to incorporate Audit trails in various IT Application System 

EDUCATION / MEMBERSHIPS
GRC Access Control (Virsa Compliance Calibrator for SAP v5.1)  Certification, Aug. 2007 by SAP

CISA (Certified Information System Auditor), June 2006
Network / Wireless Penetration testing, Dallascon, May 2005
IT Audit & Security Boot Camp, by CANAUDIT, Inc., Jan. 2005
B.S. (Computer Science) Aug. 1986

Member, Information Systems Audit & Control Association
Member, Information System Security Association

WORK Authorization:
US - Permanent Resident (Green Card holder)
India � Citizen
Brazil - 5 year business vis