Académique Documents
Professionnel Documents
Culture Documents
SUMMARY OF QUALIFICATIONS
• Fantastic SAP Security & Compliance consultant with more than seven plus years of SAP implementation
experience. Strong Expertise in SAP Netweaver suite including EHS, PLM, HCM,SCM, and BI.
• Solid expertise in audit issues, SAP VIRSA/GRC, SOX, Portal Security, BW/BI Security, PI/XI Security,
ECC/R/3 Security, CRM Security, SCM/APO Security, SRM/EBP Security, MDM Security, PCI
compliance and upgrades. Track record of improving productivity through efficient ECATT and LSMW
scripts for repetitive tasks.
• Core expertise in SAP GRC Access controls, GRC Process Controls and GRC Risk Management.
• Fantastic audit experience. Former Ernest & Young consultant. Assisted several clients in clearing
the audit.
• Led GRC implementation efforts at several clients. Championed an Identity Management initiative.
• Fantastic background in Pharmaceutical and Life Sciences industries. Solid background across other
industry verticals, including Hi-tech, Telecom, Retail, Manufacturing, Finance & Telecom.
• Former BIG FOUR and ex-IBM Consultant. Participated in multiple full cycle implementations.
• Proficient in Change Management applications like Remedy, HP/Peregrine Service Center and HP Quality
Center and in Business Process optimization techniques using Solution Manager.
• Thoroughly experienced in all phases of a project lifecycle beginning with the business blueprint all the
way until production support.
• Effectively able to communicate complicated concepts in an understandable manner, matching the
message to the audience.
• Strong leadership qualities and ability to work independently. Great team player. Adept and experienced
in problem solving and providing solutions.
• Persuasive, with ability to communicate effectively with culturally diverse audience. Public speaking and
executive management briefing experience.
• Proposed an excellent SOD remediation plan to address the SOD conflicts both at user level and role level
as determined by the SAP GRC tool.
• Eliminated false positives by performing a risk analysis at the permission level using GRC's compliance
Calibrator.
• Managed the connection between LDAP and the User Management Engine(UME).
• Advised the client on industry best practices in the area of 21CFRPart 11 compliance.
• Assisted the client with process orchestration in order to meet the requirements of FDA & HIPPA.
• Closely worked with the Portal team to design appropriate roles in Java stack for the SAP Portal solution.
• Advised the client on the benefits of using SAP Solution Manager for Business Process Management and
also assisted the client in implementing the same on the SAP landscape.
• Championed an initiative for Identity Management implementation. Presented this new concept and
gathered feedback; provided key inputs for the business case.
• Performed Basis tasks like transport management, performance monitoring and new client creation.
• Closely worked with the power users and the end users on Security issues related to BEx Analyzer in the
SAP BW environment.
• Improved productivity through development of ECATT and LSMW scripts for repetetive Security tasks
including role deletions and modifications using PFCG.
• Alleviated audit concerns such as sensitive transaction access control by configuring alert monitor in
Compliance Calibrator.
SAP SECURITY & GRC/VIRSA LEAD – ELIS PROJECT May 2007 – December 2007
WYETH PHARMACEUTICALS Malvern, PA
• Accountable for security of complex, multimillion-dollar SAP Netweaver project on ECC, SCM, SRM, BI
and CRM.
• Designed and developed SAP technical roles; analyzed financial business processes, ensured compliance
from SOX perspective.
• Implemented the GRC suite, including Risk Terminator, Process controls, Access Enforcer, Compliance
Calibrator and Firefighter.
• Configured transport paths, created client copies, installed support packs and performed other Basis tasks
as required.
BALA KRISHNAN ● balasapsecurity@gmail.com ● (732) 546-3835 ● Page 3
• Extrapolated SOD type controls and critical access as part of GRC 5.2 implementation. Customized the
ruleset in GRC for SOD analysis.
• Configured and maintained UME Data sources with LDAP server; performed pre-upgrade analysis of R/3
4.7 system before upgrade.
• Developed Portal roles, extensively involved in resolving security issues raised in HP Quality Center.
SENIOR SAP SECURITY & RISK MANAGEMENT CONSULTANT August 2006 – April 2007
IBM/COLGATE-PALMOLIVE Piscataway, NJ
• Single-handedly handled Security activities for the global roll-out of Colgate’s Procure to Pay project.
• Interfaced with the auditor and supported all audit activities.
• Closely coordinated with the Validation Manager in Regulatory Affairs in order to perform risk
assessment of the users in select countries.
• Effectively prevented new SODs by proactively checking for the same at the role creation stage itself using
the simulate feature in VIRSA and thus achieved Preventive Compliance.
• Designed and developed test scripts for different test scenarios for SOX compliance.
• Assessed the as-is business processes and made appropriate recommendations in alignment with
the FDA regulations.
• Reviewed and analyzed the deficiencies in the existing security processes and recommended process
improvements.
• Implemented security in SRM/EBP, BW and R/3 systems and actively involved in upgrade activities.
• Maintained the Org Structure in eBuy/SRM and used custom programs to process user attributes.
• Set up service desk in Solution Manager, utilized ChaRM for change management.
CERTIFICATION
SAP CERTIFIED SECURITY CONSULTANT
AFFILIATIONS
Member of ASUG