Ajjayy Agarwaal

Architect, SAP Security Lead | Axalta Inc. | PA                                                Nov 2021 – Oct 2022

u Leading the Security team and supporting the offshore implementation for regional rollouts. Use ‘SAP Best Practice’ S4 Hana Security Business Roles to redesign and strategize the new Security implementation rollout. Work with Business and SI Workstream and Process Owners to identify Organizational attributes for supporting custom enhancement builds, localization, help define and design Security roles, derivations etc, setting up test scenarios, negative testing of SOX and IT controls, running workshops for Business, Audit and Compliance users and other stake holders. Perform project planning, team allocations and Global resource augmentation, planning Security build and rollout with implementation team. Assist with and guide client through upgrading GRC to V12. Build a Global Securty support team structure to assist with Unit testing, System Integration test cycles, UAT testing etc, provide defect resolutions, and related issues etc.

SAP GRC Controls Architect | Costco | WA                                                             Oct 2021 – Nov 2021

u Global SAP GRC Platforms Control Architect engaged with process improvisation efforts, new project implementation assessment and Risk & Control management. Assisted with MDG implementation project and supported GRC Audit reporting, testing and working with Audit on evidences.

GRC IDM Architect | State of Pennsylvania | PA                                               Jan 2021 – Oct 2021

u Review existing IDM architecture and strategies and propose new Security and GRC Access Provisioning Design to effectively manage HR provisioning and automate the Hire-to-Retire process using the SAP native ECC HCM system. Gather requirements, project scoping, plan and conduct Security trainings and manage SOX compliance awareness workshops for Business Process Owners, Audit & Compliance, IES, HR team and the PA State Comptrollers Office. Present and draft architecture to reflect available functionalities, SOX features, reports and utilization of technology that had not been utilized. Perform complete project planning train Security resources on day to day handling of the system and reports.

Configured the upgraded GRC system AC12.0 to integrate with BW, CRM, FES, LSO, SolMan, SRM and BPC backend plugin systems for user provisioning through the use of HR triggers and Business Roles, leveraging BRFPlus logic based on decision points. Helped identify correction notes for implementation and defined a complex workflow process for approval, access certification, SOD review and Mitigations.

Architect, SAP Security & GRC | Seagate Inc | CA                                           Nov 2020 – Jan 2021

u Design Security Architecture for Oracle conversion to SAP using SAP Activate Methodology (Go-to-Market). Use ‘SAP Best Practice’ S4 Hana Security Business Roles to redesign and strategize new Security rollout. Design Security and SOX compliance workshops for Business, Audit and Compliance users. Train Auditors and orient them to SAP Security application functionalities, SOX features, reports and utilization of technology in respect to migrate from as-is to to-be. Perform project planning and resource augmentation, planning with Stake holders. 

Architect, SAP Security & GRC | Ingram Micro | CA                                         Oct 2020 – Nov 2020

u Review S4/Hana, R/3 risks and rulesets and incorporate Organizational level segregations across the 50+ units. Review Access workflow procedures; provide best practices and guidance to a sustainable design, job frequencies, and reconsolidating risks eliminating false positives for correct reporting across different countries.

Manager, SAP Security & GRC Compliance | eBay, Inc. | San Jose, CA  November 2015 - May 2020

u Versatile, technical, and knowledgeable Security Manager. Managed large SAP, IDM, and Middleware integration project engagements. Facilitated cross-functional teams and managers and performed assessments to evaluate Controls, Security, and Segregation of Duties as associated with product optimization, implementation, and configurations. Managed system users, usage licensing, AMC’s and project teams both onsite and offshore. Responsible for system implementations, SOX and GDPR Compliance. Effectively strategized to implement solutions cutting and reducing AMC and license costs

Key Accomplishments -

• Customed solution for Internal Audit compliance requirements. Due to budget-cuts and spending sanctions, compliance around the Ariba SaaS system not funded. Manually Integrated GRC compliance system with the SaaS solution.
  • Internal Audit able to analyze SOX compliance issues and violations. Effectively planned mitigations and remediations across systems, including the Ariba system. Saved $500K+ on integration and implementation, plus an additional cost of $200K on annual product licensing and AMC's.
• Consolidateduser licenses for first-year to reduce license spending and eliminated multiple license types. Similar users provided the same access across the landscape, and licenses recaptured. Reduction continued for all years going forward.
  • Reported reduced usage saving by 20% on SAP licensing across all systems, renegotiated usage, and utilized surplus licenses on newer systems during years 2, 3 and 4 effectively reducing numbers by 30%+.
• Inherited SAP GRC system with majority functionality unconfigured in the Compliance area. Educated the team on every missing process with personal sessions conducted to bring the support team up-to-speed and completed end-end workflows.
  • Complete self-reliant capabilities with analysis empowerment along with same-day reporting delivered. Able to operate efficiently with all information during development, change, delete, and ongoing Change Management for review.
• Laid out architectural plans and implemented the use of firefighter usage for financial period closing (month/year ends) blocking the gaps within 30 days.
  • Established controlled access within SAP systems to the Finance team users engaged in period-closes and provided an auditable platform for Internal Audit teams and Security teams to monitor action usage history & logs.
• Reconfigured system to drive automation through the system workflow usage, seeking automated approvals for requesting any kind of access, approvals and kicking off inquiries on such requests, logging information for audit. Quarterly SOX reporting on large flat files (Excel) were previously sent over emails to approvers and manually adjusted to reflect changes.
  • The change Led to Internal and External Audits' satisfaction and enabled approvers to switch from manual approvals and record keeping to approving through automated workflows with in-system data retention.
• Automated the manual way of Control reporting through usage of BOTS and Robotic Process Automations (RPA’s)
  • Redefined the audit reporting process and saved the Security team 2000 man-hours amounting to a dollar saving of over $200k every year. Quarterly, Semi Annual and Annual Control testing and test samples were originally manually performed that took a team of 5, a period of 60 days through the financial year to make data available.

Architect GRC & Security | Gulfstream Aerospace | Savannah, GA  November 2013 - October 2015

u Led the compliance initiative, analyzed and implemented security controls in the user access administration space, streamline segregation of duties. Designed, implemented, and optimized the SAP compliance solution. Implemented SAP GRC Access Control and managed the implementation through post implementation support.

SAP GRC Architect | Chevron Phillips Chemical Company | Remote, TX  August 2013 - October 2013

u Managed the project and implemented AC10 Access Request Workflow to enhance the company's upgraded GRC10 system with additional functionality and configured MSMP and BRFPlus logic.

SAP GRC Consultant | Pacific Gas and Electric Company | San Francisco, CA  February 2013 - August 2013

u Managed and implemented the GRC upgrade project from managing design architecture to requirement gathering, documentation, testing and rollout. Upgraded SAP GRC 5.3 to GRC AC 10.0. Applied Access Request Management approval workflows and configured workflows to enable access request, approval and audit automation. Built test scripts and documented test objectives, approach, and detailed plan identifying testers, aligning tester schedules for testing workflows, control testing and SOD tests. Lead GRC testing working with the test coordinator while being responsible for managing both Integration testing and UAT test cycles.

GRC Solution Architect | Hitachi America Limited | San Francisco, CA  October 2012 – January 2013

u Managed a GRC remediation project to integrate additional back-end systems to connect to the existing GRC 5.3 landscape and delivered cross-system risk analysis functionality across 100+ systems and clients on the landscape. Implemented cross system risk analysis functionality and reconfigured the system to be able to interpret user name inconsistencies across all connected systems to enable the cross system analysis to perform as required.

SAP Security/GRC Lead Analyst | Varian Medical Systems | Palo Alto, CA  July 2012 - January 2013

u Designed and planned implementation strategy from blue printing through realization. Defined and documented SOP's for Security and GRC for day-to-day operations. Provided technical guidance to Security team on operations, product management issues and process automations. Setup and maintained systems for audit compliance, and risk management with related organizational rule mapping and assignments for global risk reporting segregation by regions.

GRC / Security Architect | Hitachi Global Storage (HGST) | San Jose, CA           March 2012 - July 2012

u Built security to support new APAC and to incorporate and restrict new regions by country specific organization levels. Cleanup production to eliminate support roles incorrectly transported to productive systems.

GRC Solution Architect | LAUSD - Unified School District, | LA, CA     September 2011 – February 2012

u Implemented GRC AC10.0. Configured GRC AC Emergency Access (EAM), Access Risk Analysis (ARA), Access Request Management (ARM) & Business Role Management (BRM) components. Led the Remediation task of custom transaction addition to the GRC rule set and provided extensive process maintenance training to Security team members. Exposed Early-watch vulnerabilities and led extensive cleanup. Automated user and role builds using various automation utilities like CATT, LSMW, Mercury QTP. Developed and streamlined role build and remediation process for Security team to follow for ongoing support.

SAP Security GRC Solution Architect  | Boston University | Boston, MA    May 2010 - October 2011

u Provided Project Management for GRC AC implementation. Managed and implemented GRC10.0 Solution. Formulated project plans for activities, resource allocations, and timelines, writing up project plans, scoping and defining system specs and hardware sizing. Prepared detailed project plans for GRC and Security activities, manage resource allocation, timelines and scheduled deliverables. Implemented GRC 5.3 CUP, RAR & SPM and ramped-up to GRC10.0. Implemented Emergency Access Management (EAM), Access Risk Analysis (ARA), Access Request Management (ARM) & Business Role Management (BRM) as one of the foremost complex Global Ramp-Up implementations using automation to leverage Hire-Retire processes. Worked with SAP Labs to assist development teams to have GRC HR trigger procedures and function modules correctly built and applied for the offered functionality. Blueprinting and configuration with design documents (CDD's) for GRC Access Control: RAR, CUP & SPM. Wrote Security Strategy document with strategy details included a high-level drill down to security parameter settings and integration of SAP security with Information security etc. and provided security workshops for project team and functional leads while addressing preliminary concerns of SOx, Security, Authorizations and access concepts in the SAP world.

SAP Security Analyst| Hewlett Packard| Remote, TX                                 March 2010 - June 2011

u Administered all SAP systems connected to BizRights for analyzing BizRights Insights and ensuring compliancy system wide. Worked with SOX, Basis and Development teams to facilitate authorization changes per approvals and extensively used Approva BizRights to assess issues of concern. Assisted the security team with rolling out of new security roles, adding custom transactions to existing roles and working around maintenance of derived and composite roles following standard change and test procedures.

SAP GRC Architect | Mentor Graphics Corporation | Portland, OR            October 2009 - April 2010

u Managed GRC implementation project working with key stake holders on requirement gathering and identification of business processes and approvals steps to determine workflow requirements. Trained business process owners and approvers so they understood GRC

developed courseware curriculum for end users, approvers, and internal audit for product familiarization. Worked with Internal Audit and SOX team to familiarize them with the new GRC tool explaining GRC Risks, Rules, Functions, etc. for Risk identification and scoping.

SAP Security & GRC Lead | Sandisk Corporation| Milpitas, CA         March 2008 - September 2009

u Managed and led a large implementation team size of 12 to implement SAP Security and GRC. Effectively distributed and delivered a sustainable and auditable solution. Worked with the project team of FTE’s, system integration team, project team and offshore & regional support. Performed business process analysis, blueprinting, security design, segregation of duties analysis and work on requirement gathering, blueprinting, role definition & building and realization activities for implementing various products namely ECC, BI-7.0, SRM-5.0, SCM-5.10, PI-2004s, CRM-6.0 (2007), Solution Manager -4.0, FI-CO, GTS-2004s & GRC 5.2, 5.3 Access Control & Transport Connect. Architect and integrate SAP securely with other enterprise applications like IDM. Provided core internal security processes to create a security specific education and awareness program to appropriate stakeholders. Designed technical landscapes and configured workflows for GRC Compliance Calibrator, Role Expert, Access Enforcer and Firefighter 5.2.

                                                                                                                Jan 2000 - September 2009

u Summary of US engagements since 2000.

07/2008 – 8/2008
Position: SAP Security/GRC Lead (Remote)
Client: Smith & Nephew inc. – (Pharmaceutical)

03/2008 – 4/2008
Position: SAP Security/GRC Consultant - (Remote & Onsite)
Client: AES Corporation – (Utilities)

02/2008 – 02/2008
Position: SAP BI Consultant 
Client: DIRECTV – (Entertainment)

01/2008 – 01/2008
Position: SAP GRC Consultant
Client: Novartis/Chiron – (Pharmaceutical)

05/2007 – 12/2007
Position: SAP GRC & Security/ DBA
Client: Genentech, Inc.- (Pharmaceutical)

08/2006 – 05/2007
Position: mySAP Security, Identity Management Lead
Client: Toyota Motor Corporation (TFS Division)- (Automobile Finance)

07/2006 – 02/2007 
Position: Security & Controls Architect - (Remote & Onsite)
Client: Avanex Corporation (High Tech/ Optic Fiber) – (High Tech)

05/2006 – 7/2006
Position: Sr. SOX/Security Architect
Client: Smith & Nephew Inc. (Endoscopy Div.- Pharmaceutical)

2/2006 – 4/2006
Position: GRC Security Lead (Cap Gemini)
Client: Genentech Inc.  (Pharmaceutical)

04/2004 – 1/2006

Position: Security & GRC Analyst

Client: Applied Materials, Inc. (Semiconductor)

04/2003 – 03/2004

Position: Sr. SAP Security Administrator

Client: Guidant Corporation (Medical Devices)

08/2002– 03/2003

Position: GRC Security Consultant

Client: UCB (Pharmaceutical)

01/2000– 03/2003

Position: GRC Security Analyst

Employment: Virsa Systems (GRC Startup)

Bachelors degree from Panjab University, India