Upcoming Events

Webinar: How customers are using SAP GRC software and

Winterhawk services for GDPR Compliance

Date: Friday, October 12, 2018

Time: 10:00 AM BST

Duration: 1 hour

Register here: https://webinars.on24.com/SAPEMEANorth/SAPWinterhawkGDPR



Winterhawk and SAP would like to invite you to a webinar on how customers are using SAP Process Control to manage their GDPR governance frameworks, supporting both Data Protection Officers and Internal Compliance teams.

Most SAP customers have completed GDPR projects across data management, process review and technology implementation, but there is still work to be done. Our customers have had great success turning to SAP GRC to manage their ongoing GDPR governance and reducing the cost of compliance.

Winterhawk CTO Cavan will be joined by Neil and Michael, both Directors at SAP Centres of Excellence, to understand what customers are doing regarding GDPR and what challenges they are still trying to overcome, why customers are turning to SAP Process Control to manage GDPR processes and controls, and how Winterhawk customers have benefitted from our innovative Data Privacy and Protection governance content framework for SAP Process Control.

Find out more in the webinar which will cover:

  • Customer challenges and trends towards GDPR as we head towards the end of 2018
  • Why customers are turning to SAP GRC
  • Overview of SAP Process Control for GDPR
  • Case Study and benefits of a customer using SAP Process Control for GDPR
  • Demonstration of SAP Process Control with Winterhawk’s GDPR governance framework content



Cavan Arrowsmith

As the Chief Technology Officer at Winterhawk (EMEA & Asia Pacific) , Cavan is responsible for executing product and service strategies, research and development labs, marketing and business development across the EMEA and APAC regions.

For more than ten years, Cavan has worked across several industries, helping to shape organisations’ Governance, Risk and Compliance (GRC) and Data Protection strategies in a variety of roles. Holding a degree in Computer Networks and Security, Cavan joined Winterhawk from SAP where he consulted with organisations on implementing GRC roadmaps. He strives to simplify GRC and make it more accessible for companies grappling with the challenges of implementation and cultural change.

Dr. Neil Patrick

Dr. Neil Patrick is a Director at SAP’s Centre of Excellence for GRC & Security covering EMEA South. He has over 13 years of experience in Governance, Risk Management and Compliance (GRC) & Security fields. During this time he has been a managing consultant, run professional services delivery teams in EMEA and USA, conducted customer business requirements sessions around the world, and business development initiatives. Neil has presented core GRC and Security thought leadership sessions in strategic customer-facing engagements, conferences and briefing sessions.

Specialist topics include enterprise risk management, cybersecurity and data privacy including GDPR (Global Data Protection Regulation). He has been helping SAP customers and partners understand the impact of these topics on their businesses, and providing guidance on how SAP can help in this journey towards meeting the challenges of the modern business.

Michael Heckner

Michael Heckner is currently a Senior Director at SAP’s Centre of Excellence for GRC solutions for EMEA North. He has over 20 years of experience in enterprise business solutions. During his career, he has repeatedly explored how software can help address complex business requirements. For more than 10 years, Michael has worked with many global organisations to chart their course to corporate governance, enterprise risk management and internal control, compliance and audit management – both in the Americas and in Europe.

Previous Events


Best Practice Application of SAP Audit Management

in 15 minutes



SAP’s Audit Management software system has an easy to use user interface, is mobile compatible and can integrate with an existing Risk and Controls platform. Find out more in our upcoming webinar, when we’ll also cover:

  • How to easily migrate existing audit data such as risks, controls, audit items, work programs, procedures, etc.,
  • Hints and tips on planning and preparing for audits quickly, and
  • How Winterhawk customers are benefitting from using SAP Audit Management

When: Friday 27th July
Time: 2:00 – 2:15 pm BST



SAP Licensing




How to use SAP Process Control to manage your GDPR governance program

in 15 minutes

Date: Friday 29th June 2018
Event type: Webinar
Venue: From your desk or mobile
Time: 14:00 – 14:15

Email info@winterhawkconsulting.eu to register.

Do you have an effective, ongoing governance platform for processes and controls relating to the GDPR for your organisation and all subsidiaries?

Are you looking to adopt a tried and tested, best practice GDPR governance framework model already deployed across organisations in and outside the EU?

Winterhawk has developed a GDPR framework consisting of 13 processes and over 140 controls and activities, suitable for rapid deployment on the SAP Process Control solution.

With many organisations having already undertaken large scale GDPR programs pre-25th May to get their houses in order, it’s time to ensure that the new processes, controls and policies are governed and monitored for issues in order for effective remediation to be tracked and monitored. Without a governance framework, it’s easy to lose track of issues raised and lose vital evidence to supply to audit teams and regulators when requested.

SAP Process Control and Winterhawk’s GDPR framework aid the rapid deployment of the processes and controls that every organisation should have implemented to comply with the GDPR, promoting ownership and accountability, and enforcing the remediation of issues.

There is further benefit to leveraging SAP Process Control as it also provides a framework for managing Financial, IT, HR and many other processes and controls for a number of different regulations and standards (SOX, FDA, ISO 27001, Cobit 5 etc.), as well as the ability to automate controls.


Who will benefit from attending this webinar?

This session will be relevant to Heads of Compliance, Risk Officers, Data Protection Officers, GDPR Program owners, CIOs and Auditors.




Roundtable event

Winterhawk invites you to a morning of networking with like-minded professionals, on Thursday the 7th of June, in London’s iconic Institute of Directors building.

This is not a sales-led event. The morning will have plenty of breaks and discussions with your peers about:
• Best Practice and roles in Internal Audit, SAP Security and Access
Governance teams with the GDPR
• Identifying new risks and mitigating controls – Do’s and Don’ts
• Understanding what is coming in the SAP GRC Roadmap
• Reducing the SAP data-related risks through archiving

Join us the 7th of June from 9am to 12pm at the Institute of Directors premises, 116 Pall Mall, London (located minutes from Trafalgar Square & Piccadilly Circus). Places are limited, so don’t wait to reserve your seat at the




Working Towards GDPR Compliance with SAP Assets

Date: 10/01/2018

Event type: Webinar

Venue: From Your Desk or Mobile

Time: 13:30 – 14:30

General Data Protection Regulation (GDPR) is a set of regulations by which the European Commission intends to strengthen and unify data protection for individuals’ personal data. It comes into effect on 25th May, 2018.

SAP has the unique advantage of best of breed solutions when used together to provide a comprehensive platform that will help organisations demonstrate GDPR compliance: for both SAP and non-SAP systems.

In this 1 hour webinar from the comfort of your desk, we will address Governance, Compliance, Risk and Data Management solutions, which will assist with fulfilling your GDPR strategy which has been put into place by your assigned data protection officer.

Who will benefit from attending this webinar?

Though not a technical event, SAP IT teams who need to fulfil the business GDPR compliance strategy will find this event a great way to ascertain what SAP solutions will help plan and meet GDPR compliance.

If this date doesn’t suit your diary, contact us to learn more about how SAP solutions can assist you on your journey towards GDPR compliance.



Cybersecurity in an SAP world: What you can do in the next 30 days to protect yourself

Wednesday, November 29, 2017
10:45 AM – 11:45 AM


Hear Bill Oliver, Partner – Business Development & Operations, Winterhawk Americas dive into hacking methods most commonly used to gain access to SAP systems, examine the impact of a breach, and find out what you can do — right now — to insulate against an ever-changing landscape of threats.

Attend this session to:

  • Understand the history of hacking SAP systems and learn how hackers are getting into SAP systems
  • Understand what SAP and SAP customers are doing to adjust to a modern threat environment
  • Find out what you can do in the next 30, 60, and 90 days to help prevent a breach, including an overview of tools that are currently on the market, such as SAP Enterprise Threat Detection

To visit the SAP Insider website for further conference details, click here.



Cyber Security As it Relates to SAP

To better understand how you can prepare your organisation to handle a sophisticated cyber attack, join Winterhawk America’s SAP security experts at 13:30 EST/18:30 GMT on Wednesday 1st February, to discuss trends in SAP cyber security, including:

  • A brief history of SAP breaches – how they’ve been carried out and impacts on the companies affected,
  • What you can do in the next 30 days to protect your SAP Systems, and
  • A brief demo of ERPScan, an SAP Certified Solution for SAP Penetration Testing.

Click here to register: This Event is Closed


Are you up to date?

A typical organisation loses 5% of revenue each year to fraud, corresponding to annual costs exceeding $3.5 trillion worldwide.

In 2011, the DETICA Report stated that £27 billion was the estimated cost of cyber-crime in the UK.

By 2015, the British insurance company Lloyd’s estimated that cyber-attacks cost businesses as much as $400 billion a year, which included direct damage plus post-attack disruption to the normal course of business.

Only 1 in 10 organisations are confident they have adequate tools, technologies and processes to manage current compliance, risk and security obligations, let alone future challenges.

Amid rising pressures to deliver value while adapting quickly to change, companies need to act swiftly, yet still protect themselves from fraud and cyber-attacks.

Cyber, Fraud & Data Protection, in the era of Digital Transformation

Winterhawk Consulting • Established • Experienced • Efficient

A unique opportunity to hear insight from industry experts across a range of sectors

Topics include:

· Combating and Exposing Fraud – How to protect your brand

· The Evolution of Cloud Computing

· The Internet of Things – Benefits and pitfalls

· Showcasing the latest in Fraud Management & Enterprise Threat Detection

· How to Build a GRC Business Case – Quantifying a Return on Investment

· Laws, Regulations and Trends (including Liability and Penalties) in General Data Protection Regulation (GDPR)

Who Should Attend:

Primarily individuals working in large-medium sized organisations in the following type roles

· Audit, Security, Compliance, Fraud, Risk Directors
· Information Security and other Senior Executives (CISO, CIO etc)
· Seeking a better understanding of GRC, Cyber-Attacks, Fraud and Threats
· Those considering a Cloud strategy
· Those looking to integrate their Governance, Risk and Compliance departments

(Please note, places are limited, this event is not suitable for independent IT consultants or consulting firms)

Registration deadline is 19 October 2016

Parts of this event will be recorded for promotional and educational purposes. Attending this event confirms your agreement to appear in possible broadcasts of the event on various public media platforms.

This event is closed, but you can register your interest for future events by completing the form below.

Keep me informed


0815-0900 Registration

0900-0910 Introduction Chris Johnston (10min)

0910-0950 Technology Trends Jan Ziskasen (40mins)

0950-1020 How to Assess Compliance & Remain Compliant Frank Staelens (30mins) 

Break 20 min

1040-1110 Fraud & Cyber Detection and Prevention by SAP Dr. Neil Patrick (30 min)

1110-1140 Combating Fraud & Building a GRC Business Case Andrew Sawyer & Frank Staelens (30 min)

1140-1200 The Evolution of Cloud Computing Lorenzo Squellati (20 min)

Lunch 45 min

1245-1315 Protecting your Organisation – Its Brand, Data & Assets Charles Braswell (30 min)

1315-1345 Understanding GDPR Paul Hammersley, EPI-USE Labs (30 min)

Break 15 min

1400-1440 Liability & Penalties in GDPR – EU Dirk De Maeseneer (40 min)

1440-1520 Post Brexit – UK Legal Perspectives Mark Gleeson (40 min)

1520 Close, Coffee, Networking 

Speakers & Bio


Jan Ziskasen
Faroese Telecom

Jan is an accomplished Technology Executive whose experience across large-scale systems and technology transformations and operations has taken him around the world. Jan’s overarching leadership philosophy is to transform people’s lives.

He has recently returned to Europe after several years serving as the CTO at Kraft Foods in the United States. Jan holds a number of global board positions. In his current role as CEO of Faroese Telecom, his vision is to create the best connected country in the world.

dirkdemaeseneer Dirk De Maeseneer
Litiguard (Belgium)

Dirk is a leading business litigator in Belgium. He specialises in the areas of fraud, counterfeiting, environmental and other forms of white-collar crime. In addition to long-term expertise in liability, commercial and corporate litigation and criminal law.

He also advises on risk insurance management matters in due diligence procedures. He assists and represents clients in a wide range of often complex and cross-border litigation and ADR matters, and is a member of the Anti-Fraud Network.

frank_staelensFrank Staelens
Partner Risk Analytics
Moore Stephens (Belgium)

Frank’s experience includes leading third party forensic practices, serving as the Managing Director of a predictive analytics boutique firm, a compliance officer of a tier 1 bank, and working in law enforcement as a police officer with the Serious Fraud Office in Belgium.

He has developed both third party compliance and fraud risk predictive solutions for the European Commission. Frank is a Certified Fraud Examiner, a Registered Forensic Auditor, and is also the President of the European Institute of Fraud Auditors.


Chris Johnston
Vice President of Sales EMEA (GRC)

Chris was one of the first people to be certified as a GRC Professional by the OCEG and is frequently asked to speak at domain events.

He believes that well-managed GRC is becoming less of an ‘option’ for companies and that it is becoming accepted as a sound strategic decision. Chris has responsibility at SAP for growing the GRC business in Europe, Middle East and Africa. He is focused on helping organisations optimise their processes, policies and practices by leveraging SAP Solutions.


Mark Gleeson
Browne Jacobson LLP

Mark most recently led the UK data privacy practice at the international law firm Squire Patton Boggs. He has advised a number of clients on the impact to their organisations of the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS).

He is an expert panel member for DataGuidance, the global on-line data privacy compliance resource and is a member of the editorial board of the Journal of Data Protection and Privacy. He specialises in data protection, privacy, cyber-security and freedom of information and has held a number of senior in-house data protection roles.

lorenzosquellatiLorenzo Squellati
Senior Director
Velocity Technology Solutions

Lorenzo has a broad range of experience in IT Operations, Infrastructure Management and professional services through an extensive career within the SAP Ecosystem.

He is currently the head of Cloud Services for Europe Middle East and Africa at Velocity Technology Solutions, having previously worked for SAP America within its hosting team, as well as AT&T. Lorenzo has an innate ability to communicate at all levels on the value of moving enterprise applications to the Cloud, and on how that data can and needs to be safely processed and protected.


Dr. Neil Patrick
Director GRC Centre of Excellence EMEA

Neil is passionate about GRC and Security. He has been a managing consultant, has run professional services delivery teams in the UK and USA, and conducted requirements and business analysis sessions around the world.

Neil’s depth of knowledge makes him a regular presenter at events, conferences and briefing sessions. Linking SAP Analytics/GRC global vision into EMEA execution plans, engaging and working closely with regional and local teams.


Andrew Sawyer
Director of Analytics EMEA
Winterhawk Consulting LTD

Andrew is an experienced and passionate professional whose extensive SAP background includes GRC and Security, Basis, Data Management and a breadth of wider and successful SAP Project Implementations.

Prior to joining Winterhawk, he led Mondelez International’s (formally Kraft Foods / Cadburys) SAP Security Project and Governance teams. Andrew is currently responsible for the development of new sector specific and cross-industry Fraud Management content.


Charles Braswell
Managing Partner Americas
Winterhawk Consulting LLC

Charles has a wealth of experience implementing and upgrading financial and compliance software products, deploying SAP, and designing comprehensive custom control monitoring solutions.

Prior to founding Winterhawk Americas, Charles was the Partner in charge of the GRC practice at Sunera LLC in the United States, and also delivered risk-based SAP services for the South East Region of KPMG’s Information Risk Management practice.

paulhammersleyPaul Hammersley
Vice President Landscape and Data Services

In his role at EPI-USE Labs, which includes landscape optimisations, Paul has led a significant number of data management anonymisation projects and SAP migrations across the globe.

His outstanding technical knowledge and data management expertise provide an added depth to his presentations. In his fifteen years of working with SAP applications, he has also helped customers design and refine their enterprise landscapes.

Synopsis of talks


Chris Johnston – Introduction

Chris will be kicking-off the event with his views on today’s landscape of Fraud and Cyber-Attacks.

  • Trends that are dramatically reshaping the economy
  • Digital Transformation – Consequences of the Mega Trends
  • Enterprise Risk v Rewards

Jan Ziskasen – Technology Trends

Jan has lived and breathed technology over several decades and across multiple continents.

  • A journey through the evolution of technology, from the beginning of the computers age, to the present day and beyond.
  • Expect some lively and highly interactive elements!

Frank Staelens – How to Asses Compliance & Remain Compliant

More regulations, more strong regulators, more regulated countries and more regulated sectors. Over a 30 years career in risk, compliance and forensic audits, Frank has seen most things.

  • Technology drivers
  • Remaining compliant, in today’s complex business environments
  • Remaining compliant, in tomorrow’s complex business environments!

Dr. Neil Patrick – Fraud & Cyber Detection and Prevention by SAP

With ever-increasing instances of cyber-crime being reported, Neil will be showcasing the very latest detection strategies and capabilities from SAP Fraud Management.

  • Fraud Types
  • Complacency, Trends
  • Vertical Specialisations
  • Detection Strategies
  • Adaptive Learning

Andrew Sawyer & Frank Staelens – Combatting Fraud & Building a GRC Business Case

Andrew and Frank will be discussing the many challenges around detection of both Fraud and Cyber Attacks.

  • Looking at Fraud detection patterns
  • Real time payment monitoring
  • How organisations can build a robust business case for GRC solutions with quantifiable ROI 

Lorenzo Squellati – The Evolution of Cloud Computing

Cloud is a relatively new term, or is it? Lorenzo will share his thoughts, highlighting both benefits and pitfalls of companies moving “to the cloud.”

Roadmap to the Cloud

  • How do we chose between Private, Public and Hybrid Cloud?
  • When is the best time to move to the Cloud?
  • Sharing Case Studies

Andrew Sawyer & Charles Braswell – Protecting your organisation – its Brand, Data & Assets

What’s been the tangible impact to organisations who have been hacked or lost data? Andrew & Charles will provide both European and American perspectives.

What are the Building Blocks to successful Governance, to safeguarding your systems and your company’s reputation?

  • Are your systems protected from outside attacks?
  • What more could you do?

Paul Hammersley – Understanding GDPR

Businesses have less than two years to prepare for the changes that will come with the introduction of GDPR. Paul will be setting the scene for the afternoon’s focus on GDPR.

  • GDPR background
  • How it came about
  • Timing and requirements
  • How can organisations best prepare?

Dirk De Maeseneer – Liability & Penalties in GDPR

Hackers stole information associated with at least 500 million Yahoo user accounts. This data breach is the largest discovered in the history of the Internet, yet it was only publicly disclosed by Yahoo two years after the fact. In recent weeks, TalkTalk has been fined by the ICO for security failings, allowing a cyber-attacker to access customer data “with ease”.

  • Dirk will be providing a European perspective on GDPR and the latest new headlines.
  • Looking in-depth at the reporting of data losses and the potential for fines.

Mark Gleeson – Post Brexit – UK Legal Perspectives

Brexit has happened; well, it seems it’s going to happen, but quite when – we’ll have to wait and see. Mark will consider the implications for UK-based organisations from a GDPR perspective, those with and without international business.

  • Has Brexit actually changed anything ?
  • Can we all breathe a sigh of relief?



Moore Stephens
150 Aldersgate St

For other enquires
send us an e-mail here.