Protiviti Contact

Protiviti Contact

Chris Aramburu

Associate Director


Chris Aramburu is an Associate Director in the Enterprise Application Solutions (EAS) practice out of Protiviti’s Atlanta office. He has extensive experience in executing and leading SAP related projects including SAP security implementations and redesigns for ECC, a variety of S/4HANA environments, Central Finance and Fiori. In addition to implementations and security redesigns, Chris has experience in SAP security role remediation, GRC Access Control 10.0 / 10.1 implementations, SAP segregation of duties / sensitive access remediation, and SAP configurable controls assessments. He also has experience in a wide variety of projects including ITGC assessments, SOX compliance, business continuity management, process automation, and custom VBA development. His clients have been both domestic and multinational organizations spanning multiple industry sectors.


Chris has been responsible for leading the security team during an S/4HANA 1709 & Central Finance implementation. This included designing and implementing a global segregation of duties (SoD) conflict free security role design for S/4 1709, Fiori 2.0, Central Finance, and SLT. The global design included a Fiori only single-point entry for business users including over 1,000 Fiori applications. In addition, Chris’ team was responsible for removing access to core finance functionality from the ECC environment’s user base as additional users move to the new S/4 solution. 

Chris has performed and assisted on multiple global role redesign projects in SAP’s ECC 6.0 and S/4HANA environments. These engagements include conducting global workshops to define business requirements, designing and building task-based SoD conflict-free roles, performing unit testing, facilitating UAT, mapping of users to new roles, creating SAP eCATTs to facilitate user and role creation process, and supporting the go-live and hypercare periods. Chris was also responsible for assessing and designing back-end security for S/4HANA Fiori applications.

Chris has performed multiple SAP GRC Access Controls 10.0 / 10.1 Implementations. These projects included configuring, testing, and delivery of the Emergency Access Management (EAM), Access Request Management (ARM), and Access Risk Analysis (ARA) modules. Additionally, Chris has facilitated numerous workshops to customize and define the SoD rulesets to align with the organization’s risk universe, identify compliant mitigating controls, support testing efforts, and facilitate knowledge transfer sessions. Chris has also performed extensive analysis and testing to update existing GRC rulesets to incorporate new S/4HANA functionality and risks.

Chris has also performed the testing of IT General Controls (ITGC) during SOX (Sarbanes-Oxley) and J-SOX audits for multiple clients. He was responsible for managing and executing the testing of key controls within areas such as Change Management, Computer Operations, Security Administration, Data Management, and SDLC. The testing performed involved interactions with several key financial applications including SAP, Great Plains, MAS 500, etc.