Home

anwesh reddy - SAP Security and GRC Consultant

[email protected]

Location: Dallas, Texas, USA

Relocation: yes

Visa: h1b

Resume file: Anwesh Reddy_Resume for vendors_1758203712129.docx Please check the file(s) for viruses. Files are checked manually and then made available for download.

Professional Summary: Seasoned SAP Security & GRC Consultant with over 15 years of global IT experience, specializing in SAP ECC, S/4HANA, GRC Access Control, Fiori Security, GxP, SOX, 21 CFR Part 11, and ITGC compliance auditing. Demonstrated expertise in user administration, role design, SoD controls, and authorization management across implementation, migration, upgrade, and support phases. Proficient in SAP Service Delivery Management and Project Leadership, with a strong track record of aligning security frameworks to business goals, enabling innovation, and driving continuous improvement. Known for a methodical approach, stakeholder engagement, and commitment to operational excellence. Adept at managing audit readiness, resolving complex issues, and leading crossfunctional teams to deliver secure, compliant, and scalable SAP environments. Received the Tata Consultancy Services Contextual Master Award for driving innovation and delivery excellence in SAP GRC & Compliance projects Well-versed in SAP Supply Chain Management (SCM) concepts and end-to-end workflows, supporting secure role design, process automation, and compliance across procurement, inventory, and logistics modules. Implemented role-based access control (RBAC) across SAP SCM modules, preventing unauthorized actions and ensuring compliance with SoD policies, audit requirements, and business process integrity Applied strong logical and technical acumen to design, develop, and implement scalable SAP Security and GRC processes, enhancing system integrity, audit readiness, and operational efficiency Served as Scrum Master across Agile and Waterfall delivery models, driving cross-functional collaboration, sprint planning, and timely execution of SAP Security and GRC initiatives Demonstrated strong communication and presentation skills, fostering trust with business stakeholders and promoting a customer-centric approach to SAP Security, compliance, and service delivery. Led SAP Security compliance and audit initiatives, ensuring alignment with SOX, SOD, and internal control frameworks while proactively addressing gaps and maintaining audit readiness across global landscapes. Directed compliance investigations and variance analysis, overseeing formal documentation of review findings and leading the team s structured reporting to support audit transparency and risk mitigation. Demonstrated deep understanding of SOX and SOD risks, partnering with internal and external auditors to identify control gaps, implement mitigation strategies, and ensure sustained compliance across SAP environments. Implemented strategic process improvements across SAP Security and GRC workflows, delivering measurable time and cost savings while enhancing operational efficiency and audit readiness Influenced cross-functional stakeholders with diplomacy and tact, fostering ethical decisionmaking and driving effective resolution of compliance and operational challenges across SAP landscapes. Led a 120-member cross-functional team, driving on-time deliverables through a win-win leadership approach that fostered accountability, collaboration, and sustained performance across SAP support operation Served as the highest escalation point for Management issues, coordinating with aligned stakeholders and IT leadership to ensure timely review, risk mitigation, and strategic resolution. Built and customized SAP roles to proactively minimize Segregation of Duties (SoD) risks, ensuring alignment with audit requirements, business needs, and GRC rule sets across ECC landscapes. Designed and developed global SAP roles in R/3 ECC, standardizing access controls across business units and enhancing compliance, scalability, and operational efficiency Troubleshot user access and role administration issues across SAP Security, ECC, and GRC, including role creation, role maintenance, and resolution of authorization conflicts to ensure seamless access and compliance Led multiple roles including Security & Compliance Lead, Transition Lead, Project Lead, and Service Delivery Manager, ensuring SLA adherence across daily production operations. Oversaw WSR preparation, request handling, incident resolution, escalation management, problem ticket analysis, and change control within SAP landscapes. Leveraged SUIM (User Information System) to generate multi-dimensional SAP Security reports, supporting audit readiness, access reviews, and role/user analysis across ECC and GRC environments. Applied Active Directory and SailPoint concepts to streamline user provisioning, enforce access controls, and support identity lifecycle management across SAP and enterprise systems. Led SAP ECC Security administration, including design and maintenance of Authorization Roles via PFCG, Role Administration, Unit Testing, User Administration, and Transport Management. Translated functional requirements into technical role designs, ensuring compliance, traceability, and alignment with business processes. Troubleshot complex authorization issues using SU53/ST01 analysis, enhancing user experience and reducing support turnaround time. Developed backend roles with T-codes, OData services, and Webdynpro components, ensuring complete authorization coverage across front-end and back-end layers. Performed trace and error log analysis to identify and resolve missing services and backend authorizations, reducing access-related incidents and improving deployment efficiency Led implementation and administration of SAP GRC Access Control across versions 5.3, 10.0, and 12.0, delivering end-to-end solutions for Access Controls Delivery Excellence & Governance Led cross-functional teams across offshore/onshore models, driving continuous service improvement and operational excellence. Managed Offshore Development Centres (ODCs) and led successful execution of all internal and external Technical and Operational Control Audits, ensuring audit readiness, compliance alignment, and zero non-conformities Oversaw on boarding and off boarding processes for a 350-member project team, ensuring seamless access provisioning, compliance adherence, and operational continuity across SAP and enterprise systems Managed Customer and Organizational Statements of Work (SOWs), proactively identifying and resolving execution gaps, handling escalations, and ensuring timely project monitoring and closure. Achieved 99% SLA compliance in authorization, 95% across SAP modules, and >85% CSI (Customer Satisfaction Index) through proactive issue resolution and stakeholder engagement. Monitored KPIs, conducted QBRs, and managed service-level agreements to ensure alignment with business goals and audit expectations. Collaborated with Information Technology Risk Assurance ITRA teams to develop Management Action Plans (MAPs) addressing identified audit gaps, strengthening internal controls and accelerating compliance closure across SAP environments. EDUCATION: Master of Science (M.Sc.) Dr. Babasaheb Ambedkar Marathwada University (BAMU), Aurangabad, India-2002 Bachelor of Science (B.Sc.) Osmania University, Hyderabad, India -1997 Certifications: SAP: SAP Certified Associate-Security - Administrator(C_SEC_2405) ISACA: CISA (Certified Information Systems Auditor) Professional Experience: SAP Security & GRC Consultant Realtech Services LLC, NJ, USA May 2025 Current SAP Security & GRC Consultant / Service Delivery Manager / Project Manager Tata Consultancy Services (TCS) Global Delivery Model Client: Johnson & Johnson Medical, AkzoNobel April 2016 - April-2025 SAP Security Consultant & Compliance Lead Johnson & Johnson Medical February 2010 March-2016 SAP Engagement History: SAP Security & GRC Consultant at Tata Consultancy Services September 2017 - April 2025 Client: AkzoNobel Industry: Manufacturing Designation: SAP Security Lead/Transition Lead/Project Manager/Delivery Manager Led SAP Security & GRC transition to TCS as part of AMS; planned KT sessions, authored System Appreciation Documents (SADs), and facilitated Gateway/Playback reviews Administered SAP User & Role provisioning across production and non-production systems; managed GRC workflows, MSMP approvals, and SailPoint integration Maintained Rule Sets, Function IDs, and Risk IDs; performed risk analysis at user/role level and implemented mitigation controls with Risk Owners Managed Central User Administration (CUA); resolved cross-client access issues and performed advanced troubleshooting. Enabled centralized/decentralized Firefighter access supported EAM operations across satellite systems Led Authorization support for system downtimes and Month/Year-End activities, ensuring uninterrupted access for time-sensitive financial and operational tasks Collaborated with functional module solution architects (FI, MM, SD, PP, etc.) to design and implement consistent, business-aligned SAP Authorization roles across ECC. Partnered with Business Process Owners across Finance, Supply Chain, and Manufacturing to analyse workflows and identify SAP Security requirement Collaborated with RIC (Regional In-Control) team to redesign Authorization roles, eliminate SAP_ALL/SAP_NEW profiles, and reduce eliminate/reduce high and critical SoD risks as part of role remediation. Led end-to-end change request lifecycle, including risk analysis, role impact assessment, deployment coordination, and post-change validation Resolved high-impact incidents such as access failures, SoD violations, and Firefighter ID misuse, collaborating with functional teams and internal Access Control team. Performed root cause analysis for recurring authorization issues, driving long-term fixes through problem management workflows and knowledge enablement Streamlined ticketing workflows, reducing turnaround time and enhancing traceability across AMS and project environments Led resolution of critical, time-bound SAP Security issues, delivering detailed root cause analysis and actionable solutions to business stakeholders Managed high-priority incidents under tight deadlines, ensuring minimal business disruption and clear communication across functional teams Provided comprehensive RCA documentation, enabling audit traceability, knowledge reuse, and stakeholder confidence in long-term remediation Built trust with stakeholders during high-pressure scenarios, translating technical findings into business-relevant insights and preventive strategies Instrumental in identifying and implementing process enhancements across SAP Security and GRC workflows, driving operational efficiency Led SNC (Single Sign-On) rollout across SAP landscape with zero business impact Migrated ServiceNow access forms to a unified model, reducing provisioning time Automated background jobs for inactive account lock/deletion; implemented chatbot-based unlock program, reducing ticket volume and improving SLA Contributed to the migration of Business Employee Active Directory from EDF to SailPoint, supporting identity lifecycle management, access provisioning, and compliance alignment Collaborated with IAM, SAP Security, and infrastructure teams to ensure seamless transition of user identities, roles, and entitlements Synced SAP accounts with Business Active Directory using unique account IDs, enabling identification and clean-up of duplicate and unused accounts Executed targeted account deactivation and deletion, reducing SAP license consumption and optimizing cost Performed cross-system reconciliation and user mapping, ensuring data integrity and compliance with access governance policies Achieved measurable reduction in SAP license costs, contributing to operational efficiency and audit readiness Migrated SAP accounts to Active Directory via SailPoint; eliminated duplicates and reduced license costs Handled high-priority incidents, root cause analysis, and downtime/month-end/year-end activities from the authorization side Developed and authored comprehensive SOPs based on business workflows as part of AMS support, driving process standardization, operational efficiency, and enhanced audit traceability across SAP environments Authored and published multiple SAP Authorization Knowledge Articles, empowering business and IT teams with self-service guidance; reduced dependency on support requests by clarifying access procedures and promoting proactive issue resolution Led and mentored the SAP support team through daily interactive sessions, resolving technical issues collaboratively while enhancing communication skills and cross-functional effectiveness Created detailed, step-by-step Work Instruction (WI) documents for the SAP support team, enabling consistent issue resolution, faster on boarding, and improved operational efficiency Conducted stakeholder sessions across SAP landscape to promote self-help and authorization best practices Received Contextual Master Award for identifying bottlenecks impacting SLA performance; implemented process improvements that elevated SLA compliance to 98%, consistently maintained while managing ~4,000 user requests/month Represented SAP Authorization and SCM modules in Steering Committee Meetings, providing strategic input on access governance; led audit readiness initiatives and addressed external auditor queries with precision and clarity Successfully migrated client workspace from Citrix to Microsoft AVD with business stakeholder alignment and zero disruption Maintained strong rapport with business units and third-party vendors; led daily team connects to resolve technical issues and enhance communication Expertly handled all types of SAP Security and GRC escalations, resolving high-impact access issues, SoD conflicts, and audit anomalies with precision and speed Received client recognition for demonstrating a business-driven mindset and clear management skills, ensuring steady performance and proactive resource planning Successfully navigated last-minute requests and high-pressure scenarios, maintaining SLA adherence and delivering consistent outcomes across SAP Security and GRC operations Built trust with business stakeholders through transparent communication, strategic prioritization, and commitment to operational excellence SAP Security Consultant at Tata Consultancy Services April 2016 - August-2017 Client : Johnson& Johnson Medical Industry: Life Sciences Designation: Security & Compliance Lead Project Responsibilities: Spearheaded SAP Security administration across ECC and integrated systems, ensuring alignment with Global IT Security policies and business process requirements. Configured and optimized SAP authorizations to support role-based access control (RBAC), segregation of duties (SoD), and compliance framework SOX. Managed transport activities using CHARM, streamlining change control and reducing deployment risks Developed background job automation for User Access Review (UAR) of Non-dialog accounts, eliminating manual reporting and enhancing audit readiness. Authored Standard Configuration Security (SCS) documentation based on global templates, ensuring consistent security posture across landscapes. Validated SIT and UAT role changes by reviewing test documentation, ensuring accurate provisioning and full alignment with audit and compliance controls across SAP landscapes. Designed and implemented privileged Firefighter ID strategies, including function-specific FFIDs and workflows, enhancing access traceability, risk mitigation, and SOX audit readiness. Authored and maintained SOPs, Work Instructions, and Knowledge Articles, continuously updating documentation to reflect evolving security policies, compliance mandates, and audit frameworks (e.g., SOX) Conducted regular team briefings and training sessions on organizational policies, security standards, and compliance protocols. Led escalation handling and trained teams on audit preparedness, compliance expectations, and deviation management. Managed Corrective and Preventive Actions (CAPA) for internal reviews and audit observations, driving continuous improvement. SAP Security Consultant: February 2010 - March 2016 Client: Johnson& Johnson Medical Organization: Kelly & Adecco Industry: Life Sciences Designation: SAP Security & Compliance Lead Project Responsibilities: Managed user provisioning, mass locking/unlocking, and validity adjustments across SAP landscapes, ensuring compliance with SOPs and audit requirements Designed and maintained SAP user groups to streamline access control and support role-based governance Resolved authorization issues by analyzing SU53 and ST01 trace files, assigning appropriate roles post-approval, and documenting audit trails Generated periodic reports on critical and sensitive access; led User Access Reviews (UAR) to support SOX, internal, and external audits Provided SAP Security support during UAT phases, including creation of test IDs and resolution of authorization gaps with functional teams Successfully implemented automated programs to lock and delete inactive user accounts, enhancing system hygiene and reducing exposure Participated in transport management activities; reviewed functional and technical specification documents for alignment with SAP standards Monitored Firefighter (FF) logs weekly, identified deviations, and implemented corrective/preventive actions to ensure Audit compliance Led compliance and audit initiatives, achieving zero non-conformities across SOX, internal, and external audit cycles Enhanced the inbuilt ticketing tool (Issue Tracker), conducted user training sessions, and improved incident resolution workflows across SAP environments Keywords: materials management rlang information technology Idaho New Jersey South Carolina South Dakota Wisconsin