Jeff Reeves

Jeff has over 30 years’ experience with implementing, auditing, and improving SAP and cybersecurity and control environments. Jeff worked with Arthur Andersen and Ernst & Young, implementing and assessing SAP implementations.  In 2003, Jeff started jabIT Solutions with two colleagues and developed three SAP auditing products: Assure Controls, Assure Security and Assure Integrity.  These products facilitate the review of SAP configurable controls and security.  In June 2005, the Assure products were purchased by Protiviti.  Jeff became a director within Protiviti.  Since working with Protiviti, Jeff has been involved with hundreds of SAP projects and cybersecurity engagements, including third-party cyber risk management.

Major projects and accomplishments

• Jeff managed an Internal Audit function within a Victorian Government statutory authority for over five years.
• Jeff led the team across Asia Pacific to implement SAP GRC and redesign security roles to address key segregation of duties weaknesses. Key activities included interviewing key business leads/role owners to discuss business requirements, removing unused transactions through transaction usage analysis, moving transactions to emergency roles or firefighters, and identifying/documenting configuration and process-based mitigating controls.
• He has led security re-redesign workshops, facilitating security architecture discussions and assisting with role design and development.
• Jeff worked with the Australian National Audit Office and developed the SAP Better Practice guides for security and controls.
• He has provided technical support for numerous SAP security and control implementations and reviews across the global Protiviti network. This role has enabled Jeff to gain significant technical expertise in SAP security and configuration elements.
• Jeff maintains the global Protiviti SAP segregation of duties and sensitive access leading practice rulesets.
• He has led multiple implementations of SAP Access Control, including customisation/configuration of segregation of duties/sensitive access rulesets.
• Jeff is responsible for developing and maintaining Protiviti’s SAP security and controls intellectual property held within the Assure tools, including S/4 Hana and Fiori.
• He has managed SoD remediation and role re-design projects.
• Jeff was involved with managing a third-party cybersecurity function.

Areas of expertise

• SAP security and controls implementation and assessment
• SAP GRC implementations
• Supply chain cybersecurity
• Assurance advisory

Industry expertise

• Government
• Automotive
• Mining

Education

• Bachelor of Business, Accounting
• CPA
• Graduate Diploma in Information Systems

Professional memberships and certifications

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)