Sudhendra N Kulkarni

Email: sudhendrak@gmail.com
Ph: +91-9972919699

Objective: Performance-driven professional offering around 15+ years of insightful experience in

various aspects of SAP GRC & Security customer/ employer expectations by delivering second-to-
none service and maintaining customer centricity in all initiatives.

Proactive decision maker, targeting challenging managerial assignments with a well-established and
globally reputed organization, bringing the following transferable strengths:

 SAP Security Role  GRC AC10/10.1/12  Risk Analysis and

Development Configuration Remediation
 Access Risk Analysis  Access Request  Emergence Access
 Business Role Management Management Management
 Client Interfacing Skills  Quality Assurance
SAP GRC Skills

 Implementation and maintenance and configuration Experience on GRC 10.0 / 10.1 / 12.0 Access
Control (ARA, ARM, EAM, BRM)
 ARA – Rule set road map implementation, Mass maintenance of Rule Set with mitigations,
maintaining related MSMP workflow, and rule set support activities.
 Mitigation and Remediation of Users and roles for SOX using user/Role analysis in ARA.
 EAM – Creation of FFIDs in backend as designed, FFID admin & Reason codes in GRC Server,
Assignment of FFID to owners, controllers, & Firefighters.
 ARM –Creation & maintaining number range, Auto Provisioning settings, custom rule id with
decision table in BRF+ customized for MSMP workflow.
 BRM-Maintain Role type settings, Define the Role Attributes, Create the role methodology.

SAP Security Skills

 Working experience on sap security Implementation, support and role redesign
projects.
 Good Experience in ECC, BI, SCM/APO, Fiori Security, HANA, S/4 Hana, and EP
Security.
 User Administration includes user creation & modification in Dev, Quality, Prod systems.
 Role Design and Development - This includes role creation, change, design, and deletion using
profile generator PFCG (single roles, composite roles, and derived roles), mass generation of
profiles using SUPC, Involved in role review activity.
 Trouble shooting all types of authorization failures based on SU53 and return codes of ST01
trace.
 Good Hands experience on SAP ECC /R3 upgrade.

SAP HANA and S/4 HANA Skills (S/4 HANA 1709)

 Creation of Users, delete & Password reset in Hana Studio as Hana Data base access.
 Creation of different Privileges in Hana Studio for Hana Data base access.
 Import and export the roles (Creating Package, creating Delivery Unit, export and import of the
Roles using through Delivery Unit in SAP HANA Studio.)
 Provide the missing access to Hana data base users (activate an Authorization Trace in case of
authorization Problems)
 Create the Fiori Tiles and Groups & Fiori Catalogs in Launchpad
 Target mapping in Fiori Launchpad as a Semantic Objects level.
 Create the Fiori apps to links in Roles & Resolve the authorization issues.
• Experience in configuring and troubleshooting Web Dispatcher for external and internal
accesses using SAML based SSO using ADFS, NetWeaver as IDP and NetWeaver as
Service Provider
• Ability to troubleshoot SAP security issues with regards to Fiori frontend and backend deployments

Project Management Skills

  Coordinating for Capability Building for SAP GRC competency
 Coordinate with sales team for SAP GRC sales activities
 Providing solutions for existing SAP GRC support projects and
 Will be involved in framing strategies for new projects such as Landscape design, Rule book
creation approach etc.
Technical Skills

ERP SAP ECC, SAP GRC & SAP EP.

Net weaver Platforms SAP Net weaver Portal 7.0/7.2 & 7.3
and BI
Programming Webdynpro Java
languages:
Web Related HTML, CSS and JavaScript.
Ticketing Tools HPSM, SERVICENOW, Remedy& SAP
Solution Manager

Professional Experience

Worked as SME Sap Security & GRC Consultant in SpinMaster from Jan 2021to till date
Worked as Competency Lead Sap Security & GRC Consultant in Softtek India Pvt Ltd from April 2013
to till Jan 2022
Worked as CoE Sap Security & GRC Consultant in KPMG Advisory service Pvt Ltd from Oct 2011 to
Jan 2013
Worked as Sr SAP Security and GRC Consultant in IBM India Pvt Ltd from Jun
2010 to Oct 20111.
Worked as SAP Security and GRC Consultant in ITC INFOTECH from Nov 2007
to Mar 2010
Worked as SAP SRM Testing consultant to SAP LABS via Bristlecone India Pvt Ltd from Aug
2007 to Nov 2007
Worked as Purchase Engineer in Shell sands Garments Pvt Ltd, Bangalore from Feb
2001 to Mar 2007
P ROJECTS
H ANDLED
Softtek India Pvt Ltd - Bangalore
Lead SAP Security GRC Consultant Aug 2020 –Till date (Restaurant Brands International)
Project Description: Restaurant Brands International Inc. is one of the world's largest quick
service restaurant companies with approximately $33 billion in annual system-wide sales and
over 27,000 restaurants in more than 100 countries. RBI owns three of the world's most
prominent and iconic quick service restaurant brands – TIM HORTONS®, BURGER KING®, and
POPEYES®. These independently operated brands have been serving their respective guests,
franchisees, and communities for over 45 years.

Key Responsibilities

 Handled Migration / Up gradation of GRC 10.1 to GRC 12 successfully.

 Support and maintenance Experience on GRC 12 Access Control
 Overall handling team size of 3 for SAP Security, and responsible for SAP Security delivery from
Off-shore and Near shore team
 As a part of production control team, responsible for change application management and part of
approver for any change across SAP Land scape.
 Handling day today activities on Security relevant tickets like user management and Role
Management
 Responsible and SPOC for internal and external auditors on their queries on process
management and for providing evidence on samples picked out on their observation.
 Common Configuration Activities – All the connection activities, Parameters, Creating Owners &
Sync Jobs.
 Analysis on the Firefighter ID’s requirement and the design of the Fire fighters accordingly.
 Create, maintain, and manage Rule Sets/Functions and Risks used to generate Rules.
 Created mitigation controls to reduce or minimize SOD violations.
 Performed the mapping of mitigation controls to the risks of respective users in ARA.
 After performing the risk analysis based on Single role, Comp role, Role and users provided the
remediation plan to remediate the risks.
 Customization of rule set and created around 40 customized rules based on business needs.
 Design and implementation of AC workflows involving user creation, change, lock/unlock
termination.
 BRF+ Rules design and development for MSMP workflow.
 Maintained the notification templates as required by the business.

Softtek India Pvt Ltd - Bangalore

Lead SAP Security GRC Consultant Jan 2017 –July 2020 (Southwest Airlines)

Project Description: Southwest Airlines Co. is a major American airline headquartered in

Dallas, Texas, and is the world's largest low-cost carrier. The airline was established on March
15, 1967 by Herb Kelleher as Air Southwest Co. ... As of 2018, Southwest carries the most
domestic passengers of any United States airline.

Key Responsibilities
 Support and maintenance Experience on GRC 10.1 Access Control
 Overall handling team size of 6 for SAP Security, and responsible for SAP Security delivery from
Off-shore and Near shore team
 As a part of production control team, responsible for change application management and part of
approver for any change across SAP Land scape.
 Handling day today activities on Security relevant tickets like user management and Role
Management
 Responsible and SPOC for internal and external auditors on their queries on process
management and for providing evidence on samples picked out on their observation.
 Common Configuration Activities – All the connection activities, Parameters, Creating Owners &
Sync Jobs.
 Analysis on the Firefighter ID’s requirement and the design of the Fire fighters accordingly.
 Create, maintain, and manage Rule Sets/Functions and Risks used to generate Rules.
 Created mitigation controls to reduce or minimize SOD violations.
 Performed the mapping of mitigation controls to the risks of respective users in ARA.
 After performing the risk analysis based on Single role, Comp role, Role and users provided the
remediation plan to remediate the risks.
 Customization of rule set and created around 40 customized rules based on business needs.
 Design and implementation of AC workflows involving user creation, change, lock/unlock
termination.
 BRF+ Rules design and development for MSMP workflow.
 Maintained the notification templates as required by the business.

Softtek India Pvt Ltd - Bangalore

SAP GRC Consultant Apr 2013 –Dec 2016 (Client: Burger King)
Project Description: Burger King Corporation was founded in 1954 and is now the world’s number one food chain
and has business across the world. Every day, more than 11 million guests visit BURGER KING® restaurants around the
world.

Key Responsibilities:
 Working with profile generator (PFCG) in creating Single roles, composite roles, and derived
roles.
 Working on Role enhancement requests as per the business requirement.
 User Administration includes user creation & modification in Dev, Quality & Prod systems.
 Restrict table access through authorization groups.
 Applying the system trace ST01, STAUTHTRACE and SU53 to identify and resolve authorization
issues for end users.
 Design of Analysis Authorizations for BI
 In BI system, Creation of Analysis Authorizations and Role administration and Trace through
“RSECADMIN” transaction code.
 Good Knowledge of Security concepts in BI/BW. Troubleshooting authorization issues in BI/BW.
 EAM – Creation of FFIDs in backend as designed, FFID admin & Reason codes in GRC Server,
Assignment of FFID to owners, controllers, & Firefighters.
 Perform Risk analysis on user level/Role Level
 Checking SOD violations and creating mitigation controls and perform remediation step.
 Create/Modify the existing roles based on the inputs from business process owners.

KPMG Advisory service Pvt Ltd Bangalore - India

Sr SAP Security & GRC Consultant, June 2012 –Jan 2013 Client (Vedanta Groups Implementation)

Project Description: Vedanta is a globally diversified natural resources group with wide ranging Interest in
Aluminum, Copper, Zinc, Lead, Silver, and Iron Ore. Overall revenues more than 11 million US Dollars.
Key Responsibilities:
 Handled Migration / Up gradation of GRC 5.3 to GRC 10 successfully.
 Successfully configured ARA Component as replica of GRC 5.3 manually all though SAP Provided
migration tool did not supported as expected.
 Rule book is created as per GRC 5.3 by setting up rule sets and generating rules.
 Authorization and repository synchronization has been successfully created with full and
incremental jobs.
 Configuration of workflow has been done as per legacy 5.3.
 Splitting of request using multiple rule result values for initiator rule kinds
 Detour workflow configuration has been carried out as per business requirement.
 Task specific settings have been done for each stage as required by business.
 Defined connectors and connectors setting for all business scenarios like AUTH, PROV, and
SUPMG
 SPM Configurations are carried out as per business requirement.

KPMG Advisory service Pvt Ltd Bangalore - India

SAP Security & GRC Consultant, Oct 2011 – May 2012 Client (MAHINDRA and MAHINDRA)
Key Responsibilities:
 Workflow optimization to reduce manual intervention and reduce the number of steps involved in
each workflow path.
 User data integration from LDAP in a to pick user manager and intern as primary approver in
workflows.
 Role optimization has been carried out from around 36000 roles. Many (around 2500+ duplicate
display roles identified and removed.
 Around 2700+ Z t-codes are identified, and selective transactions are selected as business-
critical transactions and are included in existing rule book.
 Mitigation Controls are discussed with business and existing mitigations controls have been
proposed to minimize fraudulence activity.

IBM India Pvt Ltd, Bangalore - India

Sr SAP Security and GRC Consultant, Feb 2010 – Oct 2011 Client (Johnson and Johnson)
Project Description:
Johnson & Johnson has more than 250 companies located in 57 countries around the world. Our
Family of Companies is organized into several business segments comprised of franchises and
therapeutic categories.

Companies comprise:

 The world’s sixth-largest consumer health company

 The world’s largest and most diverse medical devices and diagnostics company
 The world’s fifth-largest biologics company
 And the world’s eighth-largest pharmaceuticals company etc
Responsibilities:

 Handled the tasks of providing technical direction for developing, designing, and integrating GRC
systems for customers.
 Assigned the tasks of monitoring and reviewing the work of the development team.
 Responsible for updating project manager regarding status of development efforts.
 Served as a liaison between project manager and development staff.
 Handled the tasks of identifying system deficiencies and implementing effective solutions.
 Responsible for managing and executing project progress schedule within the timelines.
 Handled the responsibilities of managing technical risks throughout the project.
 Responsible for creating and executing development plans.
 Independently managed upgrading the GRC for New systems.
Handled Audit preparations make CIA audit through and successful.

IBM India Pvt Ltd, Bangalore - India

Security GRC Consultant, Jun 2010 – Jan 2011 Client (Sara Lee International)
Project Description:
Sara Lee Corporation's leading brands are household names known around the globe. Sara Lee
Corporation is a global manufacturer and marketer of high-quality, brand-name products for consumers
throughout the world. Sara lee international businesses are:

 North American Fresh Bakery

 North American Retail
 North American Foodservice
 International Beverage
 International Bakery
Responsibilities:

 Maintain workflow changes in CUP (Compliance User Provisioning) as per business requirement.
 Maintain the Risk Analysis and Remediation (RAR) and executing the report every month and
providing the same to audit team (PWC).
 Maintaining the Super User privilege management (SPM) system.
 Granting Fire Fighter (FF) access for requested user after proper approval.
 Generating Firefighter reports for auditing purposes.
 Access granting for the users with proper approval and proceeding with either mitigation or
remediation of risk
 Maintaining user access and access rights in all SAP applications, in line with GRC standards
and guidelines
 Running Security & Authorizations reports, cleanups, and monitoring authorizations
 Creating, changing, unlocking, and resetting passwords for requested users
 Designing, debugging, creating change authorization role

.Actively contributing to adequate security awareness by acting as an example

 Running risk analysis and generating the reports for audits in compliance calibrator, ensuring
Segregation of Duties (SOD) exists in the SAP systems, performing self-audit, audit preparation
and remediation.
 Granting privileged and compensatory controls, providing access to a controlled environment
using Fire-Fighters.
 Documenting all significant changes for audit trials.
 Actively addressing assumed security breaches and actions that violate standards, guidelines,
policies and procedures

ITC Infotech, Bangalore - India

Security GRC Consultant, Nov 2007 – Mar 2010 Client (ITC Implementation and
Upgrade GRC 5.3)
Project Description:
ITC Limited is a diversified conglomerate with businesses spanning Fast Moving Consumer
Goods comprising Foods, Personal Care, Cigarettes and Cigars, Branded Apparel, Education &
Stationery Products, Incense Sticks and Safety Matches; Hotels, Paperboards and Packaging,
Agri Business, and Information Technology.
Responsibilities:
PWC Trained GRC Consultant and were core team to be part of implementation and Upgrade.

 Coordinating for Capability Building for SAP GRC competency

 Coordinate with sales team for SAP GRC sales activities
 Providing solutions for existing SAP GRC support projects
 Involved in framing strategies for new projects such as Landscape design, Rule book creation
approach etc.
ITD Division
 Installed GRC components RAR (CC), ERM (RE), SPM (FF) and CUP (AE).
 Configured RTA, Connectors for backend systems.
 Configured CC, RE and FF
 Uploaded rule sets and made modifications to functions according to the requirement.
 Configured and defined Mitigation controls.
 Done Alert configuration.
 Configured Role Expert Steps and RE workflow in AE.
 Created and assigned Fire fighter roles and IDs.
 Done Integration between CC, RE, AE.
 Installed and Configured SAP GRC 5.3 Access control suite
 Configured Workflows in AE configuration.

FBD Division
 Evaluated and implemented SAP GRC Compliance Calibrator for SOD analysis for SAP R/3.
 Configured Risk analysis and Remediation 5.3 (Compliance Calibrator) and Evaluation of Risks
and Configured Mitigation controls.
 Installed and Configured Super User Privilege 5.3 (Fire Fighter) to address the compliance need
for the company for Emergency user access.
 Configured Enterprise Role Management 5.3 (Role Expert) and performed integration with
Compliance Calibrator to perform SOD analysis and create risk free roles to ensure continuous
compliance.
 Installed and Configured Access Enforcer also performed Workflow configurations to automate
the approval process for User creation, user change, role change etc.
ABD and MBD Division
 Rule book preparation
 Master data collection as role approvers monitors and business owners of the roles.
 Workflow finalization with business
 UMRF mapping with GRC.
 Running risk analysis and taking feedback on initial mitigation and remediation, update the
same in to the system.
 Fire fighter master data such as FF- Owners FF-Controllers and FF-ID Finalization with
business.
PCPB Division
 GRC Training is undergone from PWC team who were implementing GRC for this division.
 Testing the product patches for system consistency
 Understanding the step-by-step process involved in implementing GRC all components.
 Involved in preparation of User manuals and Configuration guide.
 Involving in making understand business end users, on Risk analysis reports.

Bristlecone, Bangalore - India

SAP MM /SRM Consultant, Aug 2007 – Nov 2007 Client ( SAP LABS)
Roles and Responsibilities

 Execution of all test cases in a package in the prescribed timeline.

 Interact with respective developer to ensure that the errors are resolved by retesting and testing
is complete to the extent of 100%.
 Timely reporting of system/technical issues during testing to the client.
 As a SRM consultant I have tested the different scenario like
 Self-service procurement
 Strategic Sourcing using Rfx.
 Strategic Sourcing using Auction.
 PDP procurement

Shell sands Garments, Bangalore - India

Purchase Engineer Feb 2001 – June 2007 Client (Triburge Wrangler Arrow)
Project Description:

Domain Experience:

Supply Chain Functions

 Inventory planning & control, fixing safety stock norms.
 Procurement planning, sourcing, vendor evaluation and development
 Coordinating supply chain internally, managing shop floor activities.
Manufacturing related functions
 Design & fabrication of counter checking trousers, fancy casual, and fancy tops
 Design of Wrinkle Free and Non-Wrinkle Free (Triburg) Trousers
  Successfully handled Quality Assurance by keeping check stations in between the pro-
duction.
 Involved in Techno Commercial activities.
 Look after inventory control System.

EDUCATIONAL QUALIFICATION

Bachelor of Engineering – Gulburga university gulburga,, S.L.N.C.E. College, Raichur, India 1996 -
2000