|
|
Title: |
SAP SECURITY EXPERT
|
Location: |
US-Florida-Gainesville/Jacksonville
|
Work History: |
Managing Consultant - Application Architect SAP Security
IBM -
Multiple
September 2010 to Present
NBC Universal - Global HCM Project
Lead of HCM Security
ESS/MSS, Portal, Eureka, ECC, HCM
General Motors - Global Projects
Back Point 1, Back Point 2
ECC, SRM, CRM, EWM, WEB UI (Business role), BI, Portal
Medtronic – Transition Project
Lead of SAP Security
Global implementation
R/3, GTS, APO, BW, BI, CRM, SNC, MDM, MII, LPO, ESourcing, Portal (SRM, CRM, BI, MDM), Solution
Manager, GRC, SLD, Business Process Management (BPM)
Bridgestone – Development
Lead of SAP Security
Global implementation
R/3, GTS, APO, BW, BI, CRM, SNC, MDM, Portal
Applied Materials -Total Upgrade, Security Lead
ECC, CRM, SRM, BI, GRC, GTS, Portal
GM Vin by Vin, SAP Security/GRC
Projects Description/Scope:
Business Scenario Overview
1. General Motors will offer leasing in Canada for Cadillac and Buick vehicles. The program will be
administered by FLinx. GM will provide risk sharing in the form of a first loss guarantee.
2. GM is implementing the VIN-by-VIN Revenue Recognition Accounting System in SAP-ECC6. Three
GM scenarios will be included in Phase 1: 1. Collateralized Borrowing (CB) for GM US
2. Limited Risk Leasing (LRL) - specifically Canada Leasing - for GM CA
3. Multi-Element Arrangement (ME) for GM US and GM CA
Responsibilities/Deliverable/ Achievements:
ECC 6, BI,CRM, SolMan, SRM, PORTAL, Ldap, Sun IDM
Sap Security Approach- high level design
1. R3 Security Strategy and Architecture
2. Portal Security Strategy
4. BI, CRM, SRM Security Strategy
5. Sap Security Integration
6. Business processes, data elements, documents and user position assignments
7) Portal, BI, CRM, R3 roles and integration
9) Testing, Cut Over and "Go life"
IBM Internal Project Blue Harmony Project:
Is consolidating its extensive global collection of individual SAP applications and versions into a single
global instance that will deliver greater resilience and flexibility to IBM's operations in 170 countries
around the world
Responsibilities/Deliverable/ Achievements:
ECC 6, CRM2007, BI - Cognos. Internet Portal
1. SAP Security Strategy and Architecture
2. BI Cognos Reconciliation
3. GRC reports and BI Cognos reconciliation
4. Internet Portal and BI Gognos integrations
5. Ldap Bi Cognos Groups and Roles
6. Integration with ECC6, CRM2007
SAP Security Techno-Functional Lead
Canada Corp
May 2010 to September 2010
Sub-Contract with Bombardier Aerospace in Sap Security Field (Clearance)
Montreal, Canada
Project Description/Scope: Extended Warehouse Management (EWM)
Responsibilities/Deliverable/ Achievements:
Solution Manager, Remediation SOD (segregation of duties), Re-design roles, ERP, Approva BizRights
Lead SAP SECURITY Consultant
IBM ISM
October 2009 to April 2010
• ECC 6, BI,CRM, Sol Man,SRM,PORTAL, Tivoli IDM
• HCM Remediation Project
• Roles and Infrastructure re-design
• Migration from ECC 5 to ECC 6
• BW 3.5 migration to BI 7.0
SAP SECURITY Consultant
SAP America Inc
April 2007 to April 2009
Permanent
Industry: Multiple
Companies worked for as SAP America consultant: ConAgra Foods, Becton, Dickinson and Company, Graphic Packaging, Colgate,
Deloitte US, Allegheny Energy, Inc., NASA, Whirlpool, Eastman, Adobe, CMC, BNSF,
Chevron-Philips, Department of Personal State of Washington, FEMSA (Coca Cola
Mexico and Latin Americas), JoAnne, CMC, SAP internal projects and others
Projects Description/Scope: Multiple/Security
Role: Team Lead (Security)
Competency Areas: • SSO-Concepts (Certificates, SAP Logon Tickets)
• Kerberos and Public-Key Cryptography
• Business Continuity Planning
• Security Management Practice
• Security Infrastructure Architecture
• Compliance
• Enterprise SOA Security in SAP Systems
• Authorization groups functional tables, custom development authorization solutions
• Implementing and reviewing SAP Authorization Concept
• Integrating ABAP User-Management with Organizational Management
• Central User Storage Techniques
• Build Framework: Security Audit tools & Change Documents (SCDO)
• Maxware, IDM and LDAP in a company environment
• GRC Suite: Compliance Calibraitor.5.X, Role Expert, Virsa, Fire F, Maxware
• SAP UME administration and J2EE roles
• Handling PFCG (check indicators, SU24, transport & upload roles)
• Configure and implement cryptographic technologies in SAP System
Responsibilities/Deliverables/ Achievements:
• Upgrade ECC 5.0 to ECC 6.0
• Security Policy and Strategy
• BI 7.0 Strategy and Tactics, Analysis Authorization
• HLD for HR - BI Dynamic Authorization Model
• Conversion from Structural Authorization to BI analysis authorization.
• New GL (Security), ESS, MSS
• CUA Landscape and Presentation
• CUA creation, review, and recommendation
• P_ADM_SEC _70 Security Course Development (Author)
• GRC AE configuration and review
• Authorization Concept Lead Consultant (SAP Resource Management@Field Services) New SAP development
• Security GTS 7.1 design and implementation (Global Trade Services)
• Analysis Authorizations (BI) creation and implementation
• PD profiles and BI structure security and authorization design
• Structural authorization BI analysis and BI structure conversation
• Upgarde to SAP R/3 Enterprise Release 4.70
• Integration Analysis: IBM Tivoli Identity Manager ,LDAP, SAML, SAP UME, Internet Portal, Biller Direct
• IBM Tivoli Access Management Integration
• CRM2007 security and design
• Dynamic CRM Authorization Model, ACE and business roles set up and IMG (SPRO) configuration
• ACE, Web UI and ABAP roles integration from complete UCD (User Centered design SAP Metology)
• An Architectural View of SAP's Analytical CRM Capability
• CRM integration with ERP, BI
• SAP CRM module, SAP Biller Direct, SAP Exchange Interface ("PI/XI")
• Flexible security framework that can be adapted to specific customer (business partners) needs
Sr. Consultant
Convergys Corporation -
Jacksonville, FL
April 2006 to April 2007
USA
Industry: Software Consulting Company, Government, Banking, Chemical, Retail,
Pharmaceutical, Telecommunications, Manufacture
Companies worked for: State of Florida, Fifth Third Bank, AT&T, Whirlpool, DuPont,
Johnson && Johnson, Pfizer, Solectron Corporation, Guidant, Lucent and others
Project Description/Scope: SAP Global security and authorization support, development and design for share service (multiple projects).
Application and Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, SAP CRM, SRM, BW, BI 7.0, Portal, XI, ESS/MSS, HCM
Operation System: Windows XP
Integration TIVOLI Identity Manager
CUA
2007 to 2007
UME and corporative LDAP
• SolMan 7.0 integration with Role Management
• SRM 7.0 security development
Responsibilities/Deliverable/ Achievements:
RBAC-Role Based Access Control Model development
• Overview Role Based Access Control, Consideration of Role Based Access Control, The Role modeling challenge, Role Based Access Models Overview, Statement of the Problem
• Access Control Principles,The Implementation and Conversion Program, Migration Plan
• Implementing the Pilot Program, Role Based Access Control security AIX management overview, RBAC in Oracle (RDMS), Role Based Access Model for SAP, Policy-Based Authorization
• Business Processes, Business Policies, The RBAC pattern as an extension of the Authorization pattern, Role-Based Access Control (RBAC) Pattern, Implementing and Modeling Roles in ITIM
• Separation of Duty in Role Based Access Control System Pattern
Experience/Project Work
Business Roles, Technical (ABAP)
Interaction Center CRM (Security) and Access Control Engine
2007 to 2007
• Roles, IS* integration
• Customer Relationship Management (CRM) includes the methodologies, strategies, software, and web-based capabilities that help an enterprise organize and manage customer relationships
• Security based on industry standards
• Development of tailored security and controls techniques in conjunction with system upgrade (i.e. ERP) and the design or re-engineering of business processes (i.e. shared services environment)
• SAP framework for SAP Global security upgrade
• Completed ECC 6.0 upgrade for global companies
• SAP Global security and authorization support, development and design
• Requirements for an Identity Services solution: • Standard protocols: Like SPML and LDAP
• Flexible architecture: The solution capable of coping with such changes in a way that it removes the burden of changes from identity service consumers.
• Secure:The solution has the means of controlling access to the identity data
Senior SAP Security Consultant
ASAP/Value SAP, Security and Authorization
March 2005 to April 2006
Duration: 13 months
Responsibilities/Deliverables: • Security based on industry standards
• SAP framework for SAP HR Global security and authorization support and implementations.
• Development of tailored security and controls techniques in conjunction with system
• implementations (i.e. ERP) and the design or re-engineering of business processes (i.e.
• shared services environment
Achievements
• Completed SAP Global security and authorization (HR) support for eleven global
• companies
• Completed SAP Global implementation for leading global provider of electronics
• manufacturing services (EMS) and integrated supply chain solutions
Senior Security Consultant
Bearing Point -
Victoria, British Columbia, CA
July 2005 to January 2006
Victoria, British Columbia
Industry: Software Consulting Company, Public Sector, and Government
Project Description/Scope: SAP framework for security and authorization design for Public Sector.
Application and Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, SAP CRM, SAP Biller Direct, BW, Portal, XI, SAP FI, CO, MM, PP, SM, PSCD and others
Operation System: Windows XP
Project Development: ASAP/Value SAP, Security and Authorization
Role: Senior Security Consultant
Responsibilities/Deliverables: • ASAP methodology/User Centered Designed
• Role definition depends on HR positions
• Conversion from "as is" to "to be" business processes
• Assignment of Authorization Groups to Tables (TDDATA, VD_DATA)
• Authorization groups and tables trace from applications
• Access Control- Authorization Groups (SM30, TBRG table)
• Role design "ABAP and JAVA" sites for XI
• Security Strategy for web Methods Integration Platform
• Role design, development and assignment (PFCG, SU01)
• Authorization Groups-Report-types programs (SA38, SE38, AUTHORITY_CHECK)
• Document Types in design and configuration processes (T003)
• Check indicators (SU24, SU25, SE93, and SE97)
• Authorization checks by assigning reports to authorization classes (RSCSAUTH)
• Tables for relationship for Tcode, Roles and users (Agr_Users, Agr_Texts, Agr_Tcodes, and TSCT)
• Developed CUA for all systems from XI
• Sensitive Transactions Analysis (objects level matrix)
• Segregation of Duty matrix (objects level matrix)
• Role design and security policy strategy
Achievements: Completed Security and authorization design for Public Sector project.
Senior SAP Security Consultant
Canada Customs and Revenue Agency -
Ottawa, Ontario, CA
April 2005 to July 2005
Ottawa, Ontario, Canada
Industry: Government (Security Clearance)
Project Description/Scope: Re-Design SAP security and authorizations
Role: Senior SAP Security Consultant
Responsibilities/Deliverables: Re-Design SAP security and authorization
• Analyze current situation
• Role selection multidimensional matrix
• Role definition depends on HR position
• Re-designed and re-built security roles (PFCG)
Pricewaterhouse Cooper
PwC
January 2005 to March 2005
Industry: Financial, Chemical (Security Clearance)
Project Description/Scope: • SAP audit (Automatic Control Environment)
• Application and Software: SAP R3 4.7 Enterprise, Visio, Microsoft Project, ACE-Automatic Controls Environment, Guardian- Manual Controls Environment
• Operation System: Windows 2000, Unix, and Oracle
• Project Development: ASAP/Value SAP, Security and Authorization, SOX, SOD- Segregation of Duties Test, STA-Sensitive Transaction Analysis
Senior Associate
SAP Security Audit and Controls
November 2004 to 2005
Duration: 2 months
Responsibilities/Deliverables: • SOX, SOD Analysis and advice
• Assessment of the SAP control environment to identify internal control deficiencies and recommend improvements
• SAP Audit (ACE)
• Business Processes- "As is"-Transactions -objects-authorizations field's Analysis, best practice and recommendations
• Sensitive Transaction Analysis (objects level matrix)
• Segregation of Duty matrix (objects level matrix)
• Operational Control and Computer Operations Analysis
• Physical Security and Security Polices
• Completed assessment of the SAP control environment to identify internal control deficiencies and recommended improvements.
• Completed SOD and SOX analysis and recommended improvements
Project Technical Lead of Medical Designated Facilities
Saudi Aramco
April 2004 to December 2004
Saudi Arabia
Industry: Oil, Health Care, and Hospitals
Project Description/Scope: • Medical Designated Facilities System involved 105 hospitals, clinics, and remote area designated facilities across the country
• Application and Software: SAP R3 4.7, Visio, Microsoft Project Manager, BW 3.5, and Internet Portal 6.0, SRM, APO, SRM
• Operation System: Windows XP
• Project Development: ASAP/Value SAP, IS-H and IS-H* Med, Security and Authorization, Documentum
Role: Project Technical Lead of Medical Designated Facilities
System (105 hospitals, clinics, and remote area designated facilities,
Monitoring Quality of Healthcare), Kingdom of Saudi Arabia (50+ international
Consultants' global team)
Responsibilities/Deliverables: • SAP User - Centered Design
• Gave guidance and control to the project and project organization
• Flexible framework, which can be adapted to specific customer needs
• Increase productivity by provision of templates, tools, and examples
• Completed Business Blueprinting
• Industry-Specific Components for Hospitals (IS-H, IS-H*MED)
• Roles and security strategy design for: • SAP R3
• Customer Relationship Management (CRM) includes the methodologies, strategies, software, and web-based capabilities that help an enterprise organize and manage customer relationships.
• Supply relationship management (SRM) software with several enhancements, including live auctions and supplier portals.
• Advanced Planner & Optimizer (APO) provides up-to-date information about a company's current inventory and triggers orders for more supplies when a certain quantity of customer orders have been placed and processed. Authorization of APO users has to specify in the BW system
• Different scenarios for Single Sign-On to SAP Systems
• Defined on high level design which method of Single Sign-On (SSO) you use with a SAP System
• Application and Software: SAP R3 4.7, Visio, Microsoft Project Manager, BW 3.5, and Internet Portal 6.0, SRM, APO, SRM
• Operation System: Windows XP
• Project Development: ASAP/Value SAP, IS-H and IS-H* Med, Security and Authorization, Documentum
• Defined quality assurance checkpoints and formats of deliverables
• Guided customer staff in implementation tasks with clearly defined rules and responsibilities
• Supported consultants in the various functional areas to work in a similar way within a project team
• Detailed design phase of the project
• Captured the detailed scope and requirements for: • Business processes
• Master data
• Organisation structures, Hospitals structures
• Development work
• Produced a blueprint to describe how the business intends to run its business using the SAP R/3 system: • Established the development system: • Provided Team Training, Business Process Master List, Development Master List (DML)
• Business Blueprint Document, Configuration Approach Document
• Landscape Strategy, Rollout Strategy, Change Management Document Strategy
• Development System Environment, BB Management Summary
• Patient Management, Eligibility Check, Contract Management
• Basic Data flow modeling, Data selection matrix
Senior SAP Analyst/SAP Security Analyst
Kingston General Hospital -
Kingston, Ontario, CA
August 2001 to January 2004
Kingston, Ontario, Canada
Industry: Health Care, Hospitals
Project Description/Scope: SAP-Security and Authorization. IS_H* prototype
Role: Senior SAP Analyst/SAP Security Analyst
Responsibilities/Deliverables: • ASAP/Value SAP
• Evaluation of business processes
• Design high-level strategy for SAP Security (Architecture)
• SAP-Security and Authorization
• SAP profile Generator (PFCG)
• SAP module concept
• SAP Hierarchy Concept
• SAP Technical Structure and promote to Production Strategy
• Security Control Tools
• Organizational Management
• Structural Authorization
• Business conception (model) of structural authorization
• Security upgrades using SU25 and Profile Generator (PFCG)
• Review and correction of sensitive authorizations (s_tabu_dis, s_rfc, etc.), including creation and assignment of custom authorization groups for sensitive tables
• Evaluation and recommendation of SAP menu vs. user menus
• Resolve issues arising from testing using system traces and dumps
• PD and PA Switches (OOPS, OOAC)
• Conversion of manual profiles and implementation of role based security, including IM department
• Evaluated and used SAP standard roles as templates for custom roles
• Review critical and sensitive authorizations, implement improvements to meet audit requirements
• Post Go Live support to resolve all security-related issues
• Evaluation of Central User Administration (CUA)
• Maintenance of HR organizational structure to administer and control user access, including time-delimited access (e.g. temporary assignments to positions)
• Basic HR configuration (e.g. create Evaluation Paths for reporting purposes)
• Comprehensive knowledge exchange and documentation of Security and HR functions, including use of PPOMW, Expert functions (PO10, PO13, etc)
• Profile Generator (PFCG) and related functions
• IS_H* prototype
• Established detailed security upgrade plan, strategy and dual maintenance procedures
• Created of new 4.6C authorization objects and values
• Evaluated customized matrix of Authorization groups - tables, users - groups
• Used of HR structural transactions (e.g. PPSC) to maintain workflow position to position assignments
• Customized HR to allow activity group assignment in PPOMW
• Created of HR security authorization objects for structural authorizations based on Info Type and allowed functions / activities (e.g. Help Desk staff were only allowed to display structural assignments, not change users assigned to positions, etc.)
• Created Organizational Plan (PPOM_OLD), Personal Master Record (PA40), User I.D (SU01, SU10), Info type 105(PA30), Structural Authorization Profiles (OOSP), Info type 1017 (PO10), Assigned Info type 1017 (PO13), Assigned Structural Authorization Profiles to User I.D (SE38), Setup Regular security (PFCG),
• Cleaned up and optimized security Roles
• Established security testing procedures and tools
• Worked on procedures and applications of dual-maintenance of security changes
• Worked to build strategy and implemented structural authorization
• Built and evaluated up to 5 different IS_ H* prototypes
Senior Systems Analyst
Visa International -
Foster City, CA
June 2000 to April 2001
Technical Lead
Conversion (migration) from Assembler 370 (3, 5 millions lines of cod) to C/C++ in mainframe and PC environment was using Visual Age C++ for TPF. My responsibilities involve directing the Process and Technology Deployment (PTD). PTD supports the Shared Services Organization in the evaluation, acquisition, and roll out of software tools and development methodologies.
Responsibilities also involve object oriented (OO) mentoring the teams (Over 500 people) engaged in OO development using UML based tools for analysis and design. Advising development teams on how to effectively utilize tools for OO structuring team oriented development. Also need to participate in the development of guidelines and other forms of support documentation such as guides in setting up their environment and instruction manuals.
Designed a critical Visa International application for TPF (CVV-Card Verification Value, Functional Messages, and Address Verification Value)
Carried out initial system study and design and involved in full phase of development. The project contains over 3 million lines of code. Worked as software architect and consultant for project VISA NEW GENERATION
Application and software: Rational Rose, Visual Age C/C++, Extra! For TPF, NFS Maestro Solo, MS Exchange/MS Outlook, MS Internet Mail, MS Office and MS Excel
Operation System: Window NT4.0, AIX UNIX 4.2, MVS, VM, TPF (VPARS)
Hardware: IBM mainframe, PC workstation
Project Development: Large system, locking critical Visa applications
Member of Boing
Oracle Telecomputing -
Carleton Place, ON, CA
September 1999 to June 2000
Senior Embedded Programmer Analyst
Designed air traffic Control System for Cuba (drivers for fire wire backup of air traffic system, radar simulator), Air traffic Control Simulator (client and telecommunication server), TCP/IP, SMTP, Voice Communication Systems, DSP's SIEMENC, MOTOROLA (MPC7450), i960, INTEL, EMULEX, (PEB 20560 20340), drivers, these entailing the development of deferent models to forecast the effects of alternative sector and route geometry's, the establishment of a lab to house simulation models and the reams of data they employ and the development of a internationally recognized process for airspace
.
Designed Small Computer Systems Interface (SCSI), back up systems for Air traffic Control
SCSI-3 technologies disk array applications, Hot-Swap support. Worked as software architect for low level software and hardware development
Designed 3 functional areas: Interfacing, Switching and Conferencing, Supervision and Control
Designed the program for main component of architecture a Peripheral Component Interconnect adapter card
It performs the Switching/Conferencing, Supervision and Control. It communicates with the Interface Shelf for reception of Signaling and Supervisory signal, voice, and data
Application and Software: C/C++ compiler for Linux, Hardware and Software
Configuration, Assembler, C/C++, and, Java 2.0, Vi editor
Operation System: Linux (Caldera, Slack ware, Red Hat 4.1-6.1, Turbo Linux),
UNIX, Windows NT, Windows 98, Qunix
Hardware: PC server/workstation, oscilloscopes
Project Development: Air traffic control systems, Air traffic control simulator, back up systems, firewire drivers, Linux drivers (PCI, ISA, Firewire), touch screen drivers
Senior Programmer Analyst
Alternative Resources Corporation and Subsidiaries/National Grocery -
Toronto, ON, CA
March 1999 to June 1999
• Designed, programmed, tested, and documented set of batch applications to check information in the database
• Designed, programmed, tested, and documented the interface application between two warehouse systems.
Environment: Application and software: Oracle 7, C, Pro*C/C++, PL/SQL, OOP methods, MS Exchange/MS Outlook, MS Internet Mail, MS Office 98 and MS Excel. Operation System: AIX UNIX 4.2, Window NT4.0 server/workstation, Windows 95. Hardware: PC server/workstation
Project Development: Real time warehouse system
Senior Research Officer
City of Kingston Corporation
October 1998 to March 1999
• Collect, research, inventory and provide feedback on Year 2000. Compliance information on the following City's assets: • Hardware components
• Packaged software
• Commercially available customizable software solutions
• Process control components
• Visual Basic, Access
• Application and components support.
Environment: Applications and Software: MS Visual Basic V5 Enterprise SP3,
Access 97 MS Exchange/Outlook, MS Internet Mail, MS Office 98
Operating System: Window NT4.0 server/workstation, Windows 95
Project Development: Marketing application, multi-user, and real time. With over 2000
Local servers and several mainframe host machines.
January 1997 - September 1997
Contract
Brain's II
Kingston, ON
Field Service Engineer
• Serving public computers: Ministries of Transportation, Health, management Board
• Secretariat and private organizations (Lipton's, The Bay, Sears, Alcan
• Heavy customer contact
• Repair of complex computer systems
• Repair to Component Level (assembler language, schematics and oscilloscope)
Environment: Application and software: Assembler, Test programs, OLTEP
Operating System: OS 390, Windows 3.1, 95, Window NT4.0 server/workstation,
Windows 95, UNIX, OS/400
Hardware: IBM mainframe, IBM LAN Server, AS400
Project development: Real time system analysis and decisions for complex systems
Director of IT Technology
Krigen Corporation
September 1991 to January 1996
• Managed information systems and their associated hardware
• Specified, designed, and implemented customized information system solutions.
• Design, implementation and maintenance of the Inventory Management System Application for storing, searching, retrieving information about buildings belong to municipal property.
• Participated in analysis, design evaluation, development, testing and implementation of Application systems
• Designed at High-level all steps of Application systems (Architecture)
Environment: Application and Software: Borland C/C++, Assembler, Embedded
Systems, PL/1
Operating System and Platform: OS 7.0, OS Real Time, UNIX, MVS, and DOS
Hardware: Mainframes, PC, and Hybrids
Computer Engineer
Vinnitsa, Ukraine
September 1984 to August 1991
Technical Lead
• Carried out component level troubleshooting, program and micro-program using Assembler testing
• Designed and implemented of several packages for different aspects of the maintenance and usage of telecommunication equipment (Systems architecture for all levels software and hardware).
• Evaluated projects to develop time, cost, and completion estimates
• Conducted Analysis of systems specifications and estimation, developed block diagrams and flow-charts, conversion and systems implementation plans, prepared system and programming documentation.
• Created decision logic tables in which all new software was tested.
• Tested software for system compliance and accuracy recommend system enhancements.
• Participated in development of information systems, databases and hardware drivers
Environment: Application and Software: Borland C/C++, Assembler, Embedded Systems, PL/1
Operating System and Platform: OS 7.0, OS Real Time, UNIX, MVS, and DOS. Hardware: Mainframes, PC, hybrids, Data Transmission Multiplexers, SNA Network, a hard disk interface for a hard drive, a tape drive interface for a tape drive.
Computer Engineer
Chkalov Aircraft Production Association
August 1981 to August 1984
Team Lead
• Installed and tested data transmission multiplexer.
• Troubleshoot and resolve system problems.
• Designed software tools for DOS
• Created installation documents
• Channels I/O simulation and programming
• Designed channels simulators
• Designed for all level systems access to • Data transmission multiplexer (Systems Architecture witch combines software and hardware from low level to high)
Environment: Application and Software: Assembler Embedded Systems, PL/1
Operating System and Platform: OS 7.0, MVS, and DOS
Hardware: Mainframes, Data Transmission Multiplexers, SNA Network, a hard disk
interface for a hard drive, a tape drive interface for a tape drive
|
Skills: |
• Experienced technical and functional SAP Security Consultant specializing in SAP security global
design and implementations with the next methodology: SAP User - Centered Design (UCD), RBAC,
IDM (SAP and none SAP Systems integrations), SOA, REST, Agile environment
SAP security global design and implementations for:
• SAP Portal (EP), XI/PI, MDM, Global CUA build, Solution Manager, SRM,CRM 2007 (7.0, 7.1), ACE ,
Business Role (WEB UI), BI, SAP R3, Enterprise Portal, Global Trade Services, ERP, ECC, ESS/
MSS, PSCD, HR, HCM, TREX, SCM, PS, APO, ERP, PLM, SCM, SAP Human Resource Management
Systems (HRMS), GRC Access control, Process control and Risk control, Virsa, Virsa Compliance
Calibrator, Virsa Firefighter, Access Enforcer, Role Expert, Risk Analysis and remediation (RAR)
application, the Enterprise Role Management (ERM) application, the Super User Privilege Management
(SPM) application, and the Compliant User Provisioning (CUP) application.
• Proposal preparation on client site with security analysis on real systems and real data
• Contribute to the design and implementation of the authentication and authorization services
• Evaluate, recommend and implement SAP and/or 3rd party software security tools for
Development and Operations
• Design and program in-house security software tools to help identify and monitor suspicious
activity, automating security reports.
• Perform security reviews across multiple teams
• Provide architectural and design security recommendations on new product features.
• Design and develop a test-driven scalable application in an Agile environment
• Lead development for all security working closely with other lead developers
• Work closely with Product Owner on full agile lifecycle: use cases, stories, sprint planning,
• Provide thoughtful input at all stages of product development
• Audits systems implementations for more than 6 years and SOX and SOD analyze, IS* security
including utilities and banking sector and utilities
• NetWeaver SAP Identity Manager (NWIM 7.0 and 7.1)
• Event-driven SAP ERP HCM integration with IDM 7.1
• Further integration with SAP Business Suite, including operations like updating employee master data
or linking users to business partners
• Extended integration with SAP's GRC solution (SAP Business Objects Access Control)
• Web user interface based on WebDynpro
• Extended platform support (Windows, UNIX, Linux, Quinix, UNIX XP, MVS)
• Support for connector framework to enable partners to develop third-party connectors
• Participated actively with internal training/knowledge transfer to new security team members as well
as project support team members.
• Advised project team members on the procedure to report and re-test security issues
TECHNICAL
• Technical analyst for SAP security in production & non-production environments.
• Segregation of Duties and Audit Compliance Standards.
• Proficient in use of standard security administration tools such as Profile Generator for Authorization
Profiles/Roles administration (design, development, implementation), and User administration, (mass
user creation and maintenance).
• Experience includes advanced technical & some functional knowledge of most SAP modules.
• Advocate of three tiers job role model and other SAP security leading practices
• Advocate User Centered Design and a process in which they needs, wants, and limitations of the end
user of an interface or document are given extensive attention at each stage of the design process
2
• Experienced with implementing CUA functionality within customer landscapes
• Authorizations insights implementation and SOD analysis
• Proficient in use CRM2007 (7.0, 7.1) security administration tools as ACE, Business Role, Technical
Roles (PFCG)
• ACE General Parameters, Ace activation and Super Object Type set, Work Package Definition
• Business Role (Web UI)-Creating Role Configuration Keys,Transaction Lancher, Menu Navigator,
Logical Link for Transaction
• Actors creation, Rules and Rights creation, ACE Design Report
• Proficient in use BI Analysis Authorizations tools as ( RSECADMIN, RSD1, RSA1)
• SAP Global security and authorization support for share service, development and design
Work Experience
|
Education: |
Diploma in Software Engineering
CDI College - Ontario, CA
1997 to 1998
Master of Science in Computer Science and Electronic Engineering
Vinnitsa State Technical University
1981
|
Endorsements
|
 |
Gennadiy has received 0 endorsements.
|
Gennadiy has endorsed 0 Members.
|
| |
Rank |
Title |
Location |
Status |
Actions |
|
Public Messages
|
|
| From |
Date |
Message |
No public messages. |
|
|
