Tyeniese Hence Senior Consultant – SAP Security and Risk Analysis
 Top Secret Security Clearance (TS/SCI)
Mitchellville, MD  [Send email to request phone number] 83-9036, [Send email using form at bottom]

Summary
Result Driven senior consultant with 12 years of extensive experience in all
phases of software development life cycle. 9 years of SAP experience. Proven
ability to analyze, design, implement, and provide production support to many
diverse clients in the public and private sector.  Services provided: Systems
Implementation, Security Administration, Technical Writing, Training, Training
Development, Audits/Risk Analyst and Remediation, and Testing.  Recognized as
self-motivated, proactive, enthusiastic, organized and dependable; a team
builder, team player, and team leader.  Constantly demonstrating leadership,
project management, and excellent communication skills. 

Areas of Expertise
(9 years SAP experience)
 
•	Role Based Security/Authorizations (PFCG)
•	User Administration
•	Change Control 
•	Role Re-designs
•	Sensitive T-codes & Authorizations
•	System/Business Analyst
•	Support for upgrades, new system go-lives & post go-lives
•	SOX/SOD Management (GRC/ VIRSA tools)
•	Mitigating/Compensating Control Management
•	Security Analysis/Reviews/Upgrade Assessments
•	System Monitoring
 

Technical

      Netweaver Components: R/3, ECC 6.0, HR, FI, CRM, SRM, MM, BW, XI/PI, MDM
      Tools:  CUA, VIRSA/GRC, IDM, HP Quality Center
      Lifecycles:  Security = 2-3, Training/Testing = 3-4

Professional Experience

SAP America – Senior Security Consultant                                        
                                       2006 –2009                                
                                                                                
                                
Designed, documented, implemented security & authorization profiles to ensure a
secure SAP system while allowing end users access to complete their tasks &
responsibilities for numerous private and public customers worldwide. 

•	Ability to support a phased roll-out; support end users and project team in
live environments, while supporting on-going implementation and cut-over
activities.
•	Developed SAP Authorization Concept for client, to protect transactions,
programs, and services in SAP systems from unauthorized access
•	Diagnosed user authorization problems (via SU53), eliminating access issues
within system.  
•	Pioneered control workshops for project team and development of control design
documentations, configuration, testing & implementations strategy.
•	Reviewed security design and provided guidance on sensitive transactions
access & segregation of duties, reducing audit deficiencies.
•	Performed periodic system and user account reviews, increasing client
awareness of unnecessary system access as well as audit compliance.
•	Developed and delivered knowledge transfer sessions, increasing customers
return on investment
•	Provided production support to end users and technical teams



Ernst & Young – IT Security Audit Manager                                       
                                   2005 – 2006
Responsible for managing Information Technology (IT) SOX Compliance activities
related to compliance strategic processes, including design, analysis and
implementation in all IT areas identified.
•	Performed segregation of duties analysis of system users based on reviews of
transactional access. 
•	Independently met with multiple areas of the business interactively, to create
security roles according to a designed strategy that prevented the introduction
of Sarbanes Oxley compliance violations.
•	Performed unit testing on newly designed roles, reducing user access errors 
•	Conducted user based integration test, increasing user confidence around
access and quality control.
•	Served as Go-Live support, reassuring client that new roles would increase
productivity and adhere to SOX compliance.  
•	Evaluated the remediation procedures to confirm that the issues discovered
during the initial security review were remediated
•	Utilized clients home grown tools as well as Virsa products to successfully
identify clients SOD’s
•	Setup meetings with business areas to discuss SOD findings
•	Assigned business leads to all conflicts for remediation, in order to reduce
number of SOD’s
•	Worked as a liaison between audit and business teams to resolve all SOD
conflicts/risks, ensuring complete understanding between teams.  
•	Facilitated meetings to create compensating controls for every risk that was
not mitigated, this in turn ensured SOX compliancy across clients SAP System.  

Unisys Corp. – SAP Security Administrator (Independent)                         
                             2004-2005
Developed, and maintained the appropriate access/security controls.  Developed
and maintained related information security policies, procedures and SOP’s where
appropriate, while restructuring the customers change management process. 

•	Analyzed, developed /configured, tested and maintained SAP accounts, profiles
and authorizations.
•	Facilitated new user access/change request as needed, improving system
security
•	Created and documented user access procedures, minimizing audit issues. 
•	Provided security infrastructure & end user support in DEV, QA, and PROD
environments.     
•	Performed security reviews of the SAP systems and participated in audit and
compliance activities.
•	Understood business processes and participated in Security-related design
decisions.  Focusing on building and maintaining SAP user roles in compliance
with established policies, following system life cycle methodologies.    
•	Performed knowledge transfer/training to client team members, increasing their
knowledge of security. 

IBM  -  Instructional Design/Coordinator                                        
                                   2001 – 2004
Designed, developed and delivered instructional led and eLearning training for
the State of PA on SAP.  Supervised a traveling staff of 10+ trainers while
coordinating all training efforts for the US Military on multiple DoD contracts. 


•	Developed end-user training materials for HR, Payroll, Travel Management, BW,
General Ledger, Fixed Assets, and Cash Management
•	Created the HR curriculum including the determination of course content,
sequence, media and delivery. 
•	Provided ongoing application support including configuration, specialized
training, data loads, and training client maintenance. 
•	Coordinated Train the Trainer activities, improving customer training teams
knowledge and skills.
•	Supervised trainers providing knowledge of Composite Health Care System (CHCS
I and II) and Provider Graphical User Interface (PGUI) system in Military
Treatment Facility setting.
•	Created all training schedules and equipment shipping and delivery for each
site prior to training teams arrival, this alone improved the quality of training
and provided consistent customer satisfaction.
•	Coordinated training & development activities on a daily basis, increasing
productivity and decreasing project downtime.   
•	Conducted and Managed US Military site surveys, ensuring proper installation
of systems, which saved customer time and improved IBM’s corporate image.

Computer Science Corp. - SAP Tester/Security                                    
                                   1999 – 2001
Designed, documented, and executed unit, integration and regression test. 
Recorded test case results, made changes and resolved errors. Responsible for the
security in the QA environment.  

•	Created and executed test cases of varying complexity which includes the
analysis of functional design documents 
•	Provided detailed issue documentation and test cases to satisfy requirements
for proof of testing
•	Analyzed and documented test output, managing resulting defects through
re-testing cycles.
•	Created, edited, and maintained all HR user id's and profiles using SU01
function and/or SAP Profile Generator. 
•	Responsible for troubleshooting problems based on SU53 reports. 
•	Acted as a liaison between Human Resources, SAP Project Teams, and BASIS Group
in gathering and communicating user profile requirements. 
•	Performed Security Profile Audits at client sites to ensure proper use of user
profiles.  
•	Responsible for all 4.6 Security Profile testing.  


Client Base
      Companies – SAP America, Ernst & Young, Unisys, IBM, CSC 
        Public Clients – County of Marin, USAMMA (Ft. Detrick), City of Ottawa,
GSA,
                                   CoPA (State of PA), DoD contracts
        Private Clients – Cemex, Under Armor, Shell, Mars, EDS, IBM, GM

EDUCATION, CERTIFICATION, TRAINING

Longwood University, Farmville, VA 1996  BS – Business Administration,
Concentration:  MIS 
SAP Training:  ADM-Authorization Concept, Secure SAP System Management, SAP Web
AS
                           Admin, SAP Web AS Java
                          GRC-Compliance Calibrator, GRC – Access Control, GRC –
Access Enforcer  
                          SAPEP-Portal Fundamentals
                          TZNWIM – SAP NW Identity Management 

Certifications: CISA (in progress)