Surbhi Mishra

IT professional with 13+ years of experience developing and implementing security solutions in fast-paced environments. Skilled in SAP Security and GRC with proven history of delivering exceptional risk management support.

• Received 10K award money for Top performer award.
• Received Spot award for saving 20k+ funds in license renewal.
• Received Excellence award and 5K prize money as recognition.
• Received 'Best of IBM' Award for exceptional performance in IBM.
• ITIL Foundation Certified.

• Banking
• FMCG

• SAP ECC
• GRC 12, 10.0 & 5.3
• SAP HR
• SRM 7
• BW 3.5
• BI 7.3
• SAP EP

• GRC AC 12.0, 10, 5.3 (ARA, EAM)
• MS Office (Excel, Word, PowerPoint)
• MS Visio
• MS Project
• Windows 2000 / XP / 7 / 8

• SAP Security and GRC and Sox audit management, 04/2021, Present

Configured several GRC configurations connectors for ARA and EAM functionality including SAP S4Hana and BW4/HANA system. Configured Fiori rule sets in accordance with auditors recommendations. Performed several clean-up activities in alignment with business for security re-design. Worked on configuring GRC access workflow request for secret data roles in S4 Hana. Worked on SAC security for role implementation. Worked with IAM teams to sync SAP request workflow for seven production environments with Request portal (Barclays tool), Worked on BRID migration project where 2k+ user login account were migrated from windows login name to BRIDs. SPOC for RFT level SOx audits (auditor: KPMG, BDO IT), worked with Central team for approvals and scope for audit, coordinated with several teams across Finance tower to work on controls and gather evidences, relevancy of controls, worked on inefficiencies and escalations for end-to-end closure. Presented audit data to management and kept numbers within threshold.

• SAP GRC Support and License Management, 07/2017, 03/2021

Experienced in post implementation configurations and Support of SAP GRC Access Control 10.0 module -Access Risk Analysis (ARA), Emergency Access Management (EAM). Experience in ARA (GRC 10.0) tool for SOD Analysis, Experience in EAM (GRC 10.0) tool for Emergency access management with Firefighter owner/controller configuration and firefighter id assignment. Hands-on experience on GRC Rule set creation/modification/upload/download and SOD clean up. Have a good planning experience working with the compliance team, SOX group for implementing business Mitigating Controls., Firsthand experience with Coupa (procurement tool for Barclays). Worked on raising requisitions and handling all approvals. Communicating PO to vendors and working with vendors for invoice review. Managed end to end software license renewal for group RFT including 60+ application renewals. Negotiated with vendors for better deals for renewals and handling budget allocated to RTB for renewals. Saved 20K+ pound over a period of 6 months.

• SAP HR & SRM Support, 03/2014, 06/2017

Providing L2 technical support for SAP HR, SRM, BI & SAP EP security. Managing end to end UAM toolset. (An Automation tool developed by client to maintain complete user management in HR system). Completed major HR remediation project and achieved 0 Critical violations. Implemented FF concept and created various documents for functional team for using FF tool. Involved in daily and weekly projects with project managers and client leads. Working on internal system audits and health checks, to comply with the audit standards of PwC. Involved in various country specific roll-outs for HR and SRM 7 security & authorization work. Creating various manuals and housekeeping security tasks.

• ECC Support, 01/2010, 02/2013

Security profile maintenance across SAP system landscape based on business rules. User maintenance across all SAP landscape via SU01 and SU10. Creating roles and position via PFCG for providing authorization to user within their scope. Updating transactions via SU24 for maintaining standard values of authorization object. Utilizing system trace (ST01) and SU53 to analyze and fix Problems related to authorization. Transport Management using TMS worklist for Dev to QA to PRD, Also doing Transport Production Build - Weekly as well as Monthly which includes Non-Routine Transport Requests. Running PFUD for updating User Master Records on daily basis in all Systems. Providing Temporary Access, Emergency Access & Configuration of ID's based on Requests. Closed coordination with functional team related to role based transaction authorization verification. Coordination with Business lead for the business critical requests, approvals. Queue manager (New Scale) allocating Tasks in offshore team members, Mentoring team members and organizing Training within the team member to upscale the performance.