CV/Mission de Consultant SAP IdM freelance

Exemple de missions de Mohamed,
Consultant SAP IdM habitant Paris (75)

• Veolia – AWS (Amazon – GRC Cloud Migration)
  Jan 2017 - Jan 2018

  o Implement Role re-design assessment based on the business needs (Role Structure, Org Level, T.codes and Auth.Objects, ..)
  o Defining new User Process approach
  o Preparing Cutover from “On-premise” & “On cloud” processes
  o Integration GRC and Cloud Service Now tool -ticketing tool
  o Organization and Leading GRC workshops with Internal Control team to optimize the “security policies” and access procedures
  o GRC Audit assessment report with 113 security controls and GRC security roadmap

• Plastic Omnium : GRC Access Control & Process Control – FIORI 2.0 Dashboard
  Jan 2016 - Jan 2017

  o Developing a new Top Management dashboard approach based in FIORI 2.0
  o Enabling multi-device (Android, IOS, Windows Phone, Desktop, …) dashboard based on hybrid application
  o Building AC & PC Key Risk Indicators and trends to enable Manager to take right decision
  o Enables monitoring the remediation actions and issue violations
  o Compatible and based on Hana Cloud Platform

• Lesaffre – C4C – Security & Authorization Fiori PP (Production Planning Apps)
  Jan 2016 - Jan 2016

  o Reviewing current User Management process (Employees & Business Users) for Pilot Phase 0
  o Leading Business workshops to define the Business Role Matrix for the Sales teams & Back-office on Fiori
  o Enabling and restricting access rights via Org. Structure, Work Centres & Access Restrictions to limit the visible data for each user group
  o Restricting the screens based on the customer security needs and requirements via the Page Layout
  o Secure the Business Roles & FIORI roles to provide a improved User Experience for the end-users

• Veolia GRC Advisor – AGORA Core-Model deployment (GRC)
  Jan 2013 - Jan 2016

  o Reviewing Internal Control procedures & Policy Management
  o Improving the existing privileges and business rules
  o Leading Business & Risk workshops – Procurement, Finance, Sales, Controlling and HR areas
  o Enabling Internal Control with GRC Process Control & Risk Management approach
  o Building PC & RM Business Blueprint phase
  o Building GRC ARM (Provisioning) connector to non-SAP system as COUPA
  o Assessed business requirements and defined technical specification documents for the financial and sales needs
   Organizational Collection Kit
   Authorization Analysis
   Global Security Strategy
  o Leading the GRC roll-out with regards to reporting and analysis approach
  o Worked closely with the business process experts and key-users on a day-to-day basis for their reporting needs.
  o Secure all the access processes and define with Internal Control the review frequency
  o Building a new role catalogue and macro-profiles corresponding to users’ job positons within he organization

• CEO Risk Management Dashboards on SAP UI5 – Saudi Aramco for SAP AG
  Jan 2013 - Jan 2013

  o Reviewing and re-defining the KPI Dashboard business requirements
  o Collaboration with the customer and the internXWal and external SAP Experts
  o Organization of meetings and workshops with SAP Experts and Business Roadmap SAP Program directors (SAP HANA, SAP UI5, FIORI, SAP-UX )
  o Starting new design approach with customer Aramco for the CEO Dashboard
   Wireframe & Storyboard
   New Design proposal on Landing page, Graphs, Interaction screens and analysis view
  o Driver tree implementation based on UI5 to perform forecasts and financial simulation tool

• SAP GRC Process Control & Risk Management – COE Validation Process for SAP AG (Walldorf)
  Jan 2011 - Jan 2013

  o Helping SAP Labs to enable, define and troubleshoot GRC PC/RM 10.0 & 10.1
   Enabling the organization to plan and define the risk management framework document.
   Building the GRC organizations reflecting the core-model approach, plus defining the roles and responsibilities.
   Establishing the business process or using similar business activities as in GRC AC and PC.
   Defining the several risks and KRI to monitor the daily business tasks
   Agreeing with Stakeholders risk drivers, impacts, events and build a kind of link between all the activities; surveys can be used for this task.
  o Activating Risk assessment method to identify or challenge the current risks
  o Determining the possibility of the risk to occur, business is fully part of these decision. However, these can be adjusted after the first phase of the project
  o Configuring incident management for any loss that suddenly occurred
  o Deciding or applying the agreed response action, and remediation plan to roll-out
  o Analysing the efficiency of the risk response or control
  o Validation all risk management business scenarios in building a step by step document
   Defining regulation, policies and risk catalogue
   Enabling the control catalogue, objectives and test plans
   Activating the Issue Management and creating Ad-Hoc issues
   Following up on testing and remediation plans
   Implementing policy management and sign-off
   Testing and troubleshooting reports

• Unilever (UK-Port Sunlight & NL- Rotterdam) SAP Security ‘As-is Situation’ and SAP Best Practices implementation prior to a Global Audit
  Jan 2010 - Jan 2011

  • Achievements
  o Global security audit across 7 topics:
  • Defining Audit Requirements
  • As-is situation throughout the SAP Landscape (ECC/BI/Portal/XI)
  • Updating the Role Matrix (Business Authorization Matrix)
  • Providing a Core-Model Segregation of Duty matrix (1st Phase Finance, Purchasing and Project Management)
  • Revising and improving the SAP Security Strategy
   Establish a list of standard security tools and reports
   Defining a roadmap implementation plan
  o Super User Accounts & SAP Specific Password Settings
  o Login & GUI Settings & User Administration & Role Administration
  o Remote Access & Table Access
  o Program Access & Custom Developments
  o General System Administration
  o Backup & Recovery
  o Batch Processing & Spool Management
  o Change Management & Transport Management System
  o Auditing & Compliance

• Consultant: Project name - SAP SoD (ECC- FI, SD-MM & HR, BI & SRM (E-shop)

  Engie (Paris /France)SAP Security & GRC Lead
  Jan 2009 - Jan 2011

  • Management achievements
  o Performing a formal high-level SAP GRC Solution presentation in front of the European Business Directors and the Internal control department
  o Launching the SAP GRC project (kick-off) with a defined roadmap
  o Ensuring that business requirements have been properly captured and documented.
  o Building and validating the customized SAP IS-U & SAP IS-OIL (JVA) SoD Matrix for the company.
  • Technical achievements
  o Assist the SAP technical during the SAP GRC implementation phase
  o Provide input and guidance to key SAP Segregation of Duties (SoD) design decisions and configuration issues with particular emphasis on using "SAP Best Practices)
  o Configuration of the business defined SoD Matrix (Top 10 risks for Sales & Purchasing)
  o Analysing the SoD reports by roles and users, showing top risks to the Business

• SAP Security & GRC Consultant: (ECC- FI-CO, SD-MM & QM , HR, BI & SRM)

  GSK (GlaxoSmithKline) (Belgium/France)
  Jan 2008 - Jan 2010

  • Achievements
  o Role design & change management process
  o Providing authorization recommendations and best practices for the Business Directors and SAP functional Experts
  o Enhancing the documentation and technical procedures
  o Helping and Assisting the Business Directors & Managers to convert towards the SAP Best Practices
  o Designing and implementing a PoC (Proof of Concept) approving and validating a successful migration from SAP GRC 5.2 to 5.3

• SAP GRC (Access Control Solution ) Consultant (ECC 5-6 FI/CO & APO/SCM & BI 7.0)

  BELGACOM (BELGIUM, Brussels)
  Jan 2008 - Jan 2008

  • Management & Technical achievements
  o Following the start of the so called “ONE” project (merging amid three large companies)
  o Defining the Financial budget and project action plan
  o Planning and designing the new SoD matrix and business processes.