BALA KRISHNAN

LOCAL Candidate • balasapsecurity@gmail.com • 408-429-5909

PREMIUM SAP COMPLIANCE & SECURITY CONSULTANT

SUMMARY OF QUALIFICATIONS
• Fantastic SAP Security & Compliance consultant with more than seven plus years of SAP implementation
experience. Strong Expertise in SAP Netweaver suite including EHS, PLM, HCM,SCM, and BI.
• Solid expertise in audit issues, SAP VIRSA/GRC, SOX, Portal Security, BW/BI Security, PI/XI Security,
ECC/R/3 Security, CRM Security, SCM/APO Security, SRM/EBP Security, MDM Security, PCI
compliance and upgrades. Track record of improving productivity through efficient ECATT and LSMW
scripts for repetitive tasks.
• Core expertise in SAP GRC Access controls, GRC Process Controls and GRC Risk Management.
• Fantastic audit experience. Former Ernest & Young consultant. Assisted several clients in clearing
the audit.
• Led GRC implementation efforts at several clients. Championed an Identity Management initiative.
• Fantastic background in Pharmaceutical and Life Sciences industries. Solid background across other
industry verticals, including Hi-tech, Telecom, Retail, Manufacturing, Finance & Telecom.
• Former BIG FOUR and ex-IBM Consultant. Participated in multiple full cycle implementations.
• Proficient in Change Management applications like Remedy, HP/Peregrine Service Center and HP Quality
Center and in Business Process optimization techniques using Solution Manager.
• Thoroughly experienced in all phases of a project lifecycle beginning with the business blueprint all the
way until production support.
• Effectively able to communicate complicated concepts in an understandable manner, matching the
message to the audience.
• Strong leadership qualities and ability to work independently. Great team player. Adept and experienced
in problem solving and providing solutions.
• Persuasive, with ability to communicate effectively with culturally diverse audience. Public speaking and
executive management briefing experience.

PROFESSIONAL EXPERIENCE HIGHLIGHTS

LEAD SAP SECURITY & COMPLIANCE CONSULTANT January 2009 – Present
LIFETECH (FORMERLY APPLIED BIOSYSTEMS) Foster City, CA
• Spearheaded the effort to update and implement Security and Controls surrounding key business processes
like Procure to Pay, Order to Cash and Finance involving ECC 6.0, BI, CRM, SRM/eBuy and SCM/APO.
• Performed User Administration of all the systems in the SAP landscape using the CUA.
• Played a key role in the implementation and support of SAP GRC 5.2, including SAP GRC Risk
Management and its upgrade to GRC 5.3.
• Assisted the client in dealing with audit issues in the SAP environment.
• Desinged the training material and imparted training to end users on SOX..
 BALA KRISHNAN ● balasapsecurity@gmail.com ● (732) 546-3835 ● Page 2

• Proposed an excellent SOD remediation plan to address the SOD conflicts both at user level and role level
as determined by the SAP GRC tool.
• Eliminated false positives by performing a risk analysis at the permission level using GRC's compliance
Calibrator.
• Managed the connection between LDAP and the User Management Engine(UME).
• Advised the client on industry best practices in the area of 21CFRPart 11 compliance.
• Assisted the client with process orchestration in order to meet the requirements of FDA & HIPPA.
• Closely worked with the Portal team to design appropriate roles in Java stack for the SAP Portal solution.
• Advised the client on the benefits of using SAP Solution Manager for Business Process Management and
also assisted the client in implementing the same on the SAP landscape.
• Championed an initiative for Identity Management implementation. Presented this new concept and
gathered feedback; provided key inputs for the business case.
• Performed Basis tasks like transport management, performance monitoring and new client creation.
• Closely worked with the power users and the end users on Security issues related to BEx Analyzer in the
SAP BW environment.
• Improved productivity through development of ECATT and LSMW scripts for repetetive Security tasks
including role deletions and modifications using PFCG.
• Alleviated audit concerns such as sensitive transaction access control by configuring alert monitor in
Compliance Calibrator.

SENIOR SAP SECURITY/VIRSA/GRC CONSULTANT January 2008 – December 2008

APPLIED MATERIALS Santa Clara, CA
• Implemented the SAP GRC Access Contol Suite including Risk Terminator for Risk Management and also
GRC Process Controls.
• Designed, developed and performed positive and negative testing of the roles in SAP ECC, CRM, SRM,
SCM, BI, SAP MDM and SAP Portals.
• Established SAP security policies and procedures, advised the clients on industry best practices in areas of
audit, SOX compliance, SOD remediation and mitigation for the SAP implementation.
• Setup Solution Manager for the client and interfaced it with ARIS.
• Performed comparative analysis of Oracle IDM and SAP IDM products; analyzed and evaluated options on
integration of SAP IDM and SAP GRC.
• Installed Service packs and performed troubleshooting of spool/printer issues in the SAP environment.
• Responsible for resolving issues related to audit and SOX compliance. Played a key role in the
implementation for new financial controls for SOX compliance.
• Designed and developed SAP technical roles using PFCG as per the business requirement.
• Proposed and implemented security strategy for ECC, SRM, SCM, PI, PORTAL, HR, GTS and BI systems.
• Configured LDAP on CUA; enabled dataflow, mapped fields. Created and maintained ECATT scripts.
• Led knowledge transfer sessions; Trained the production support team.

SAP SECURITY & GRC/VIRSA LEAD – ELIS PROJECT May 2007 – December 2007
WYETH PHARMACEUTICALS Malvern, PA
• Accountable for security of complex, multimillion-dollar SAP Netweaver project on ECC, SCM, SRM, BI
and CRM.
• Designed and developed SAP technical roles; analyzed financial business processes, ensured compliance
from SOX perspective.
• Implemented the GRC suite, including Risk Terminator, Process controls, Access Enforcer, Compliance
Calibrator and Firefighter.
• Configured transport paths, created client copies, installed support packs and performed other Basis tasks
as required.
 BALA KRISHNAN ● balasapsecurity@gmail.com ● (732) 546-3835 ● Page 3

• Extrapolated SOD type controls and critical access as part of GRC 5.2 implementation. Customized the
ruleset in GRC for SOD analysis.
• Configured and maintained UME Data sources with LDAP server; performed pre-upgrade analysis of R/3
4.7 system before upgrade.
• Developed Portal roles, extensively involved in resolving security issues raised in HP Quality Center.

SENIOR SAP SECURITY & RISK MANAGEMENT CONSULTANT August 2006 – April 2007
IBM/COLGATE-PALMOLIVE Piscataway, NJ
• Single-handedly handled Security activities for the global roll-out of Colgate’s Procure to Pay project.
• Interfaced with the auditor and supported all audit activities.
• Closely coordinated with the Validation Manager in Regulatory Affairs in order to perform risk
assessment of the users in select countries.
• Effectively prevented new SODs by proactively checking for the same at the role creation stage itself using
the simulate feature in VIRSA and thus achieved Preventive Compliance.
• Designed and developed test scripts for different test scenarios for SOX compliance.
• Assessed the as-is business processes and made appropriate recommendations in alignment with
the FDA regulations.
• Reviewed and analyzed the deficiencies in the existing security processes and recommended process
improvements.
• Implemented security in SRM/EBP, BW and R/3 systems and actively involved in upgrade activities.
• Maintained the Org Structure in eBuy/SRM and used custom programs to process user attributes.
• Set up service desk in Solution Manager, utilized ChaRM for change management.

SAP SECURITY ADMINISTRATOR January 2006 – August 2006

T-MOBILE Bellevue, WA
• Ensured SOX compliance, utilized VIRSA/GRC’s compliance calibrator, performed simulation of risks
before modification. Enabled regulated super user access control, utilized trace results to identify expected
authorization values; incorporated them into security roles after upgrade.
• Maintained security for BW power users, prepared reports for SOX compliance, synchronized SAP HR key
data, worked in numerous process improvement projects.

SECURITY AND CONTROLS ANALYST September 2005 – December 2005

ERNEST & YOUNG Lyndhurst, NJ
• Worked for the IT Risk and Assurance division of E&Y and involved in developing custom solutions on
SOX/SOD for their clients.
• Actively involved in the development of E&Y methodologies and Best Practices in the areas of Enterprise
Security and Risk management.
• Part of a team to develop effective controls for the business risks across various industry verticals.
• Involved in developing R&C Risk Matrix, Impact and likelihood assessments and Mitigating controls.

SAP SECURITY ANALYST January 2005 – August 2005

HEWLETT PACKARD Houston, TX
• Set up security roles and user accounts for more than 14,200 end users. Coordinated user account
creation/termination policy with HR and operations. Created SAP authorizations, user mater records, table
authorizations, authority checks and customized BW InfoObjects and authorization objects for all clients.
• Analyzed trace fields and tracked missed authorizations for user access problems; inserted missing
authorizations manually.
• Identified mitigation controls for all associated business risks and played key role in blueprint phase of the
upgrade project.
 BALA KRISHNAN ● balasapsecurity@gmail.com ● (732) 546-3835 ● Page 4

SAP BASIS/SECURITY ANALYST November 1999 – December 2002

NIKKEL/ENVENTURE TECHNOLOGIES Bangalore, India
• Supported worldwide clients and served as liaison between client and offshore team in India. Made
recommendations on key technical issues, performed troubleshooting and resolved several production issues
• Effectively resolved a variety of user administration issues for different user types- including dialog,
communication, RFC, system and Reference. Created and modified different kinds of SAP roles.
• Configured transport paths and approvals in STMS to transport objects from Development to QA and then
to Production. Supported internal and external security audits.
• Installed service packs and applied patches. Created and maintained SAP clients. Resolved performance
bottlenecks.

EDUCATION AND TRAINING

MASTER OF SCIENCE IN ENGINEERING
WESTERN MICHIGAN UNIVERSITY Kalamazoo, MI
Concentration in Industrial Engineering; Graduated in 2004
BACHELOR OF SCIENCE IN MECHANICAL ENGINEERING
P.E.S. COLLEGE OF ENGINEERING Graduated in 1999 Bangalore, India

CERTIFICATION
SAP CERTIFIED SECURITY CONSULTANT

AFFILIATIONS
Member of ASUG