WELLINGTON MARCÃO
SAP GRC Security & Authorizations Professional
São Paulo,Brazil
Summary
Over 30 years in IT, with 23+ years focused on SAP, building an extensive expertise in optimizing Security & Controls processes across all SAP modules. Collaborated with leading global firms, working closely with remote colleagues worldwide, focusing on enhancing efficiency and productivity, taking significant roles in SAP projects and support. Expertise on several tasks such as role design and management, access request administration, risk analysis, resolving conflicts and segregation of duties for diverse user groups, and effective superuser management.
Overview
23
23
years of professional experience
Work History
Business Application Supervisor
TARKETT BRASIL REVESTIMENTOS LTDA
Jacareí, Sao Paulo
09.2016 - Current
- Provided timely cost and labor estimates for GRC enhancements and communicated deliverable status to stakeholders.
- Conducted workshops to define and document technical architecture requirements, creating RACI matrix for the implementation of GRC Access Control, Process Control and Risk Management
- Optimized workflow by managing SAP incident queue in line with staff expertise and knowledge level.
- Identified authorization gaps and performed risk assessments to detect potential hazards, mitigating security vulnerabilities, using GRC ARA - Access Risk Analysis and BRM - Business Role Management.
- Coordinated outsourcing activity to achieve operational services and change requests within deadlines.
- Implemented GDPR measures at the Brazilian plant in record time to be compliant with the French HQ.
Business Application Coordinator
GSW SAP CONSULTING, SAP Security
São José dos Campos, Sao Paulo
06.2015 - 09.2016
- Addressed customer issues with compassion and professionalism, ensuring swift, successful resolution.
- Developed strong teams by skilfully recruiting, orienting and training loyal, hard-working employees.
- Upskilled staff through targeted training opportunities, enhancing team capabilities.
- Planned and managed resources and budget to support and deliver objectives.
- Applied expertise in team leadership to address productivity and performance issues, motivating staff to achieve KPIs.
- Conducted audits and risk assessments to achieve regulatory compliance.
SAP Security Technical Leader
EMBRAER - EMPRESA BRASILEIRA DE AERONAVES LTDA
São José dos Campos, Sao Paulo
06.2014 - 05.2015
- Administered a group of over 500 user accounts, creating, maintaining and assigning business roles.
- Managed team of 16 personnel focused on implementing resolutions and updates on SAP GRC.
- Redesigned (manually) several roles, aiming to suit their Authorization Objects to the business security requirements, prior to GRC implementation.
- Created process for privileged access based on group requirements implementing Firefighter IDs through GRC EAM.
- Conducted workshops to customize rule sets outside of GRC for bulk data load, reviewed rules based on business processes to finally run load of rule sets in GRC.
SAP GRC - Security & Controls Administrator
SAMARCO MINING CO
Vitória, Espirito Santo
10.2013 - 04.2014
- Led project team to develop functional specifications related to security and controls needs.
- Redesigned roles and assigned them to the correct users in record time of five months, to undo the security chaos found, since they had granted SAP All to every user, since they did not take care of this during the SAP implementation project.
- Managed and transported SAP request changes, also managing approvals and assuring their prove of effectiveness in Production.
- Managed the creation of all types of user IDs and profiles (dialog, comm and service), for RFCs, employees and external consultants.
- Developed training to identify security gaps to be used by the functional team after implementation, ensuring the continuity of security scheme of the various implemented business processes (OTC, PTP, ATR and ATP)
- Interact with high management to discuss and explain issues affecting users.
SAP GRC Security & Controls Stream Lead
INFOSYS LOADSTONE CONSULTING, AT SYNGENTA AGRIBUSINESS
São Paulo, Sao Paulo
10.2012 - 09.2013
- Provided technical support and guidance in all aspects of SAP Security Design during the project requirements raising phase, assuring that no security gaps would be carried to the implementation phase.
- Led the GRC AC enhancements and customization, including user roles provisioning-ARM, segregation of duties management - ARA and emergency access management-EAM.
- Managed SoD conflicts within the legacy system before loading the rule sets into GRC and provided support to business to analyze and resolve potential risks before and after its implementation.
- Adapted the GRC AC ARA solutions implemented in the European plants to the Brazilian business model, after a deep analysis of congruent points and solved several problems related to the accumulation of tasks resulting from the head count reduction in the functional teams of the Brazilian plant.
Security and Controls Senior Analyst
EXXONMOBIL BUSINESS SERVICE CENTER
Curitiba, Parana
11.2004 - 09.2012
- Designed and implemented access rules to Infotypes for the SAP HCM system, using Structural Authorizations settings to increase control points for sensitive data such as salaries, CDP, etc.
- Actively worked on manually adding specific authorization objects to roles through PFCG, and tested them, before the implementation of GRC AC BRM and implemented it when GRC was finally installed.
- Enhanced the in-house-built system used to automate Roles Access Authorizations flow by the roles' owners, which facilitate the later implementation of GRC AC ARM.
- Led the Security & Controls Stream during the upgrade project 4.6 to ECC6 on the HCM and Upstream systems, been also in charge of the changes to the new Name Convention determined by the group.
- Actively worked on Audit & Compliance Management team evaluating Segregation of Duties conflicts, providing support to business units in reducing SoD conflicts.
Education
Masters of Science - Computers Science
CALIFORNIA STATE UNIVERSITY
Skills
- Risk Assessment and Management
- Internal / External Audits
- Governance, Risk management and Compliance GRC
- User Security Administration CUA
- Authorizations Access Management
- Segregation of Duties SOD
- SAP S/4HANA
- SAP SD, MM and HCM
Accomplishments
- Security & Controls Design and Customization: Effectively oversaw Security & Controls design and customization in multiple
- SAP implementation projects, 4 upgrades, and 2 rollouts
- This included roles architecture, authorization object planning, andalignment with business needs
- GRC Security Implementation: Managed GRC AC, PC, and RM implementation, translating business processes into rolerequirements
- Oversaw the entire process from needs analysis to go-live, playing a vital role in organizing transformativeinitiatives and ensuring seamless integration
- Segregation of Duties Analysis: Proficient in Segregation of Duties analysis, handling mitigation controls and authorization objectconflicts
- Whether in small teams or larger settings, successfully mitigated risks associated with function accumulation
- Sarbanes-Oxley and GDPR: Skilled in conducting audits in accordance with Sarbanes-Oxley (SOX) regulations, including thepreparation of internal scenarios and addressing auditor inquiries to maintain rigorous compliance with regulatory standards
- Additionally, adept at ensuring adherence to data protection regulations such as GDPR and industry-specific securityrequirements
- Customer and Team Relationship Management: Extensive background in cultivating and maintaining relationships with clientsand peers, spanning across national and international domains
- This entails effective communication, leadership, and collaborationabilities, resulting in prosperous project achievements and the development of strong professional networks
- I believe that my comprehensive IT background, coupled with my expertise in SAP R/3 and S4Hana and dedication to processoptimization, make me an ideal candidate for this position
- I am confident in my ability to contribute positively to yourorganization's objectives.
Languages
English
Fluent
Portuguese
Native
Spanish
Fluent
Italian
Intermediate
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Business Application Supervisor
TARKETT BRASIL REVESTIMENTOS LTDA
09.2016 - Current
Business Application Coordinator
GSW SAP CONSULTING, SAP Security
06.2015 - 09.2016
SAP Security Technical Leader
EMBRAER - EMPRESA BRASILEIRA DE AERONAVES LTDA
06.2014 - 05.2015
SAP GRC - Security & Controls Administrator
SAMARCO MINING CO
10.2013 - 04.2014
SAP GRC Security & Controls Stream Lead
INFOSYS LOADSTONE CONSULTING, AT SYNGENTA AGRIBUSINESS
10.2012 - 09.2013
Security and Controls Senior Analyst
EXXONMOBIL BUSINESS SERVICE CENTER
11.2004 - 09.2012
Masters of Science - Computers Science
CALIFORNIA STATE UNIVERSITY
Similar Profiles
Guilherme Augusto Domingues DyonizioGuilherme Augusto Domingues Dyonizio
Material Handler at Caterpillar Brasil LTDAMaterial Handler at Caterpillar Brasil LTDA
JULIANA FISCHETTI DA SILVAJULIANA FISCHETTI DA SILVA
Customer Service Administrator at TOMRA Brasil Soluções em Segregação Ltda.Customer Service Administrator at TOMRA Brasil Soluções em Segregação Ltda.
Mateus Oliveira MoreiraMateus Oliveira Moreira
Financial Assistant at XCMG BRASIL INDUSTRIA LTDAFinancial Assistant at XCMG BRASIL INDUSTRIA LTDA