Sign in

Sap Security

Bayside, New York, United States
May 22, 2018

Contact this candidate


Fahri Batur


SAP GRC Authorization Security Consultant

US Citizen


•14 years of experience in SAP –Security Authorizations, AC – Access Controls, NW – Portal Administration, PC-RM – Process Controls and Risk Management.

•For various industries, both national and international, Fahri brings his versatile experience in while applying his vast knowledge in the areas of:

• (Conceptual) Governance, Risk Management & Compliance Frameworks,

•Complex SAP projects and related risks/controls impact for organizations,

•Business processes and activities (incl. translation to SAP solutions),

•Design and implementation of Continuous Controls Monitoring solutions for SAP environments.

SAP Experience – Summary

–Security Consultancy

–Access Controls Consultancy

–GRC Process Controls & Risk Management Consultancy

–Technology Consultancy

–Portal Consultancy

–Interface design for banks, customers, vendors and third party intra-company software

–Security end user training at customer sites

–SAP GRC and Security related reporting

Professional Experience & Certificates


Graduated from Baylor University, Texas, USA with MIS major

Business Administration Degree

Certified as Technology Consultant SAP Netweaver – SAP Security

Ernst Young Istanbul,Turkey Dec2017-Feb2018

SAP Security Manager

SAP solution design and implementation @THY

SAP authorisation design, implementation and reviews @THY

GRC and SOX reviews

ATG Consultancy Istanbul, Turkey Nov 2016-Nov2017

SAP/GRC Consultant

(Remote Project)

MİTAŞ Enerji ve Madeni İnşaat İşleri Türk A.Ş.

At the moment, we are working on new authorization concept for the following areas: MM (Material Management), PP (Production Planning), SD (Sales Distribution), PS (Project Management), FI (Financial Accounting)

Creating naming convention according to GRC logic.

Develop a business case to support their investment in SAP GRC.

Prepare an SAP GRC implementation roadmap.

ATG Consultancy Istanbul, Turkey Nov 2014 – Nov 2016

SAP/GRC Consultant

Worked on Hana Security, SAP Data Center solutions including VMware with Solution Manager Solutions.

Implementing HANA Database security analytic authorization

Created customized roles in native HANA database (DB) for Developers, Modelers, Technical Administrators, Power users, and end users.

Experience controlling and restricting access for HANA DB objects based on package, system privilege, Object Privileges and Analytic privileges.

Also, creating schema level access control on HANA DB.

Petroleum Development Oman L.L.C May 2014 - Nov 2014

Muscat, OMAN

SAP/GRC Consultant

PDO was looking for a GRC (Governance, Risk, and Compliance) tool to manage, monitor and enforce Segregation of Duties in its SAP systems centrally, covering all of PDO’s relevant business processes to fully align it with PDO’s Financial Control Manual (FCM) for SAP SAPpHIRE and SAP Mustaqbal.

PDO’s GRC tool which was inherited from Shell Blueprint was no longer current nor operable. It was also customized with segregation of duty rules for Shell’s global business processes, which were not PDO specific.

The SAP GRC application needed to be PDO specific in order for PDO to manage, monitor and enforce segregation of duties across the enterprise centrally in real time.

PDO for GRC AC - Questionnaire or Requirement Gathering v2

Automating critical processes in FCC therefore saving time, money and effort.

Customization and implementation of the GRC 10.1 (Access Control) with PDO specific business processes in alignment and monitoring of FCM controls have been key priorities in the FD 2014 Business Plan to replace Shell business processes.

Petroleum Development Oman L.L.C SAP Global Rule Book GRC 10.1 Sign off

Alignment of the existing Shell ruleset (which covers SAP Mustaqbal) with the FCM and decommissioning the existing GRC 5.3 system. Designing and implementing PDO-specific segregation of duty rules using existing rule set and FCM (Financial Control Manual) for SAP Mustaqbal systems to be configured to PDO specification.

Access Risk Analysis, Risk analysis, detection, and remediation solution for access and authorisation controls

Requirements gathering for Segregation of Duties management via the Access Risk Analysis (ARA) module. Tease out all the detail we will need to write the Blueprint and configure your solution

The installation and activation of SAP GRC 10.1 of AC Access Risk Analysis (ARA) component. Configuration of GRC 10.1 AC ARA to SAP backend systems, including importing the existing GRC 5.3 Shell rulesets for reference only. Designing and implementing company-specific segregation of duty rules in GRC 10.1 Access Control, fully aligned within their SAP systems.

Emergency Access Management, Privileged user access control solution, Superuser Management

Activation and implementation of Emergency Access Management (EAM formerly called FF) in Access Control. Provides enhanced control over the provision of powerful access. Detective control enables users to be provided with enhanced access in a safer way than before. Monitor what the user does when logged on with enhanced access

Business Role Management, Role definition and management

Enforce your role building methodology. Online approval of role maintenance requests prior to change being made. Enforced SoD check during the role maintenance process thus preventing introduction of role level SoDs.

Houses role master data used by the ARM module for building joiner and mover requests.

Access Request Management, Compliant provisioning solution

Activation and implementation Access Request Management (ARM formerly called CUP) in Access Control. Access Request Management Users, Out-of-the-box Workflow Processes, Out-of-the-box Notification Templates, Out-of-the-box Access Risk Analysis, Workflow Overview, Exception Handling: detours/rerouting, Automated user provisioning

Integrc, Dubai,UAE Aug 2013 – Feb 2014

SAP/GRC Consultant

SAP GRC 10 Access Control installations

SAP Governance, Risk and Compliance (GRC) Consultant at Integrc

Highly proficient client focused SAP Security & GRC consultant with over 10 years’ experience of design, application and support of SAP Security Systems. Have had very strong knowledge of SAP Security and Authorizations with experience gained while implementing various full range Middle Eastern project life cycles at a wide range of global organizations.

In recent years, the focus has been placed on supporting and delivering the design and implementation of SAP GRC solutions.

NLNG, Nigeria LNG Limited (Integrc) Aug 2013 -Oct 2013

Oil & Energy company, Bonny Island (Nigeria)

SAP/GRC Consultant

Design of the authorisation concept for ECC (FI, CO, MM, HCM and PS), BI (BW and BO), BPC, SRM, CLM, PPM, SAP GRC Access Control 10.0 and SAP GRC Process Control 10.0 using SAP Solution Manager.

Strata ( an affiliate of Boeing Areospace Company) Nov 2013 – Feb 2014


Al Ain, UAE

SAP/GRC Consultant

An advanced composite aerostructures manufacturing facility based in Al Ain, that produces high quality component aircraft products for original equipment manufacturers.

Implementation of SAP GRC Access Controls Modules: ARA, EAM, BRM and ARM using HR Triggers

SAP roles assigned to the HCM org structure for ‘indirect assignment’

Expert training provided for the internal Strata resources to enable STRATA to execute an operational process post go live

SAP Business roles rebuilt using Integrc catalogue of systems roles in line with SOD and critical accesses ruleset

Saudi Electric Company, Dammam, Saudi Arabia July 2012- Sept 2012

SEC SAP Authorizations

•Responsible for production support from a project management perspective and promote collaboration and professional harmony to be maintained among the related teams.

•Provide guidance to apply production support best practices and deliver service levels to all IT departments and respective business lines.

•Guide teams in issue management, problem management, root-cause analysis and resolution.

•Ensure compliance requirements by revising and enforcing policies and procedures.

Elsys Company, Istanbul, Turkey Oct. 2011- May 2012

SAP Consultant

•SAP Access Controls Application Security and Segregation of Duties

•SAP Automated Application Controls Designed Professional and Enhancement according to SAP technical architecture and system landscape design

•SAP Implementation by defined business goals/Project Risk Management

•SAP GRC Implementations and continuous improvement with SAP GRC 10.0

•Support the Process Lead in building functional and technical solutions to support design requirements in continuous monitoring functionalities in PC 10.0.

Saudi Electric Company, Dammam, Saudi Arabia July 2009- July 2011

SEC SAP Authorizations

•Direct participation throughout the Logistics implementation life cycle; from conceptualization while establishing the initial design parameters through implementation, configuration, testing and support

•Strong and proven ability on achieving module interaction, and solid understanding of how SRM integrates with other SAP modules

•Ability to assume leadership responsibility for all phases of an Logistics implementation including project preparation, requirements gathering and analysis, Business Blueprint, realization/configuration, Go-Live and post-production support under multiple deadlines

Eczacibasi Bilisim, Istanbul, Turkey Oct. 2008 – Dec. 2008

Infrastructure Services Support Specialist

•Full SAP System Landscape Installation

•Homogeneous/Heterogeneous System Copy, & Migration

•Customer Relationship Management (CRM) Administration (TREX, IPC, J2EE)

•SAP Portal & PI Administration; SAP Portal Content Administration

Vodafone, Istanbul, Turkey Aug. 2007 – Jan. 2008

SAP Basis Administrator, IT Infrastructure

•Set up SAP Audit Information System (AIS) and conduct Security Audit Logs to insure that existing authorization concepts at Vodafone meet the SOX compliance.

•Implement the Cobit and the Sarbanes-Oxley Act under SAP operations

•R3 Basis Admin with business process analysis

•Openview and Bizrights analysis to help identify Segregation of Duties.

Saudi Aramco, Dhahran, Saudi Arabia Sept 2004- Mar 2007

SAP Consultant, Enterprise Computing Security Services Division

•mySAP Portal Administrator

•r/3 authorization system, access control, role management, authentication, user management and user permissions(authorizations) at the business process level

•Part of the Unix security team

•Administration of SAP Web Application Servers

•Portal application development with Web Dynpro, web application development

•Enterprise Portal Security (SSL, Network Security, Single Sign On)

•Strong knowledge of SAP NetWeaver Architectures & portal technology

•Team player and training co-workers daily administrative activities

SAP AG mySAP Enterprise Portal

Professional Experience & Certificates – Detail

SAP Security Technology Consultant SAP Netweaver SAP security

Personal Information

Education Business Administration, Baylor University, Waco, Texas USA

Nationality Turkish, American

City İstanbul

Languages English(Mother-tongue) Turkish (Fluent) French (Intermediate)

SAPGRC Security & GRC Specialists Internal Audits SAP Training SAP for Auditors Controls Review Access Control Process Control Risk Management Control Framework Authorisations GRC Reporting & Dashboards GRC Support Mobile GRC

Contact this candidate