Profileimage by Charles Spitz Senior Consultant Accounting, Governance & Information Security from Uvaly

Charles Spitz


Last update: 14.07.2022

Senior Consultant Accounting, Governance & Information Security

Company: Enfina - Security s.r.o.
Graduation: not provided
Hourly-/Daily rates: show
Negotiable for longer project duration and higher remote share.
Languages: German (Limited professional) | English (Native or Bilingual)


2022 05 Profile Charles Spitz Skill EN.pdf


Experienced senior compliance and information security consultant within banking, commerce and in industry.  Expert on front to back office banking and finance systems, which translates to excellent knowledge of the different processes across the organisational structure.  Charles, as well as having extensive project management, change management and auditing experience is also able to work with operational and financial risk management and compliance.  He is also a qualified financial accountant. 
Experience And Specialist Knowledge 
Experienced Information Security Analyst 
  • CISO role at leading international German Bank 
  • End to end process knowledge across banking organisation and structures (from front end to back office) 
Project management 
  • Planning, risk management, budgeting & control and resources 
  • Documentation and reporting 
  • Stakeholder management & communication 
Operational and financial risk management and compliance 
  • Financial & regulatory reporting and operational risk assessments (including change risk) across finance and related business processes 
  • Identification of operational risk types and the provision of mitigation actions and controls 
  • Development of process improvement regarding operational and financial risk 
  • Development of policy compliance for finance and operational risk including SOX 
  • Financial governance, development and implementation 
  • Financial accounting 
Segregation of duties / access & identity management 
  • Analysis, modelling and documentation of typical and privileged authorization processes and their implementation (creation of technical requirements, support of technical implementation, test and final acceptance) 
  • Role analysis and role modelling co-ordinated with target organisation to secure commitment in complex organisation and system environments 
  • Business process-based implementation of functional separation and risk-based resolution of permission conflicts including management of change 

Industry Experience 
  • Banking, finance, investment banking and asset management 
  • Life and pension funds 
  • Public (local government) services 
  • Travel industry 
  • Electrical and industrial engineering 

Project history

01/2019 - 06/2019
Senior Business Analyst ISMS
Bulgarian Consulting Company
  • Creating a concept for ISO27005 Risk Management with special focus on Compliance Risks (Bulgarian law). 

  • Identification of relevant Bulgarian as well as European laws and regulations. 

  • Documenting non-functional requirements to an ISMS. 

  • Creating an approach to ensure the enforcement of requirements arising from law and regulation. 

  • Risk Classification of juristic non-conformities.  

  • Integration of compliance risks into the existing risk repository. 

04/2015 - 12/2018
Senior Business Analyst/Team Leader
International German Investment Bank
  • Responsible for 9 analysts, reporting to the project manager. 

  • Resolved identity / access management issues in critical applications, which included analysis and review of roles, privileges and entitlements within applications 

  • Ensured the review and relevance checks over Segregation of Duties in line with regulatory and business policies and requirements 

  • Provided Information Security compliance for all critical applications for access management of systems to all bank businesses 

  • Ensure that this access is granted on a need to know basis and is regularly recertified by business managers. 

  • Performed analysis for audit and regulatory requirements in all business areas to ensure compliance with the levels of access granted to their applications 

  • Provided assistance to business managers to identify and remediate access issues and control gaps in line with bank’s Information Security policy. 

01/2015 - 03/2015
Project Manager
Lloyds Banking Group
Banks and financial services
  • Facilitated financial reporting, regulatory reporting and operational risk assessments (including change risk) across finance and related business processes 

  • Provided assurance and mitigation for financial reporting risks, regulatory reporting and operational risk types.  

  • Reviewed the assessment and adequacy of related control activities and made recommendations for process improvement 

  • Delivered on a programme of work to support policy compliance for Finance and Operational Risk including SOX. 

  • Provided assurance over the assessment of control issues, including the mitigating actions. 

08/2010 - 07/2014
Senior Consultant and Advisor
Grant Thornton
Banks and financial services

Life and Pensions 

  • Performed independent effectiveness review assessments 

  • Reviewed the current status of processes against IIA standards and best practice 

  • Analytical reviews of audit trail, recording of audit testing, evidencing of audit scopes and reporting 

  • Assessment of procedures for the review of audit reports and related sign-off 

Large Banking Groups 

  • Performed analytical reviews relating to financial governance  

  • Performed process reviews and documented controls associated with client requirements, including evaluating the effectiveness of the design of control and operating effectiveness 

  • Analysis of the level of assurance provided by Governance and Insight within the compliance framework. 

  • Reviewed and assessed compliance requirements in the capacity of providing a second line of defence to the bank 

  • Identifying audit issues for remediation and providing financial risk assurance and oversight over the financial reporting function at hard close and year end.   

  • Scoped project for assessing corporate exposure to credit risk relating to banking products  

Investment Banks and Asset Management 

  • Audit of trading function assessing controls (IT and manual controls) in end to end trading processes 

  • Review of documentation and identifying principal risks in end to end processes  

  • Documented and reviewed end user controls 

  • Testing key controls in operation through sample testing, enquiry and observation 

  • Reviewed process and procedures in place, with relevant SLA, for business continuity and disaster recovery  

  • Preparing detailed audit reports with recommendations

08/2013 - 08/2013
SOX Auditor and Compliance Specialist
  • Performed the annual SOX testing reviews including factual accuracy assessment of processes 

  • Assessed control environment including ITGC, ITAC and IT Dependent controls 

  • Advised stakeholders on remediation requirements and audit issues for follow up 

  • Assisted process owners with enhancement of controls   

  • Performed various reporting requirements to stakeholder for the SOX project 

01/2009 - 07/2010
  • Prepared financial accounts in accordance with generally accepted accounting principles  

  • Provided management with information for monitoring and controlling business risk 

  • Month end reporting, maintaining the fixed asset register and cash forecasting 

  • Clients include start up business, small property company and Anglian Water 

  • Competence development, training and coaching of different resources in different business units 

07/2008 - 12/2008
SOX Quality Assurance Analyst: FRCF Project
Norwich Union
Banks and financial services
  • SOX Quality Assurance Analyst: FRCF Project 

  • Jul 08 – Dec 08 

  • Key Responsibilities and Achievements: 

  • Validated and quality assured financial and risk data for the Financial Reporting Control Framework Project 

  • Ensured controls were robust to satisfy FSA reporting requirements for all end to end processes 

  • Reviewed processes to ensure change management procedures in place 

  • Reviewed Controls in end to end processes including claims and underwriting 

  • Performed reviews over other subsidiary entities for accounting close 

  • Liaised with stakeholders and determined all deliverables for Group 

  • Team leadership of 8-10 SOX Analysts within the central work stream 

  • Consolidated and aligned processes with entity level controls 

  • Significantly reduced levels of financial and operational risk 

02/2007 - 07/2008
Siemens (>10.000 employees)
Industry and mechanical engineering
  • Deputised as compliance manager and reported to CFO 

  • Completed and passed the Intermediate and Advanced/Expert SOX certification  

  • Developed plans for scoping, documentation and testing to cover relevant financial statement assertions  

  • Assessed company level/ entity wide controls for final management assessment and internal certification 

  • Tested logical access controls including passwords, user access reviews for joiners, movers and leavers 

  • Documented and reviewed controls in end to end processes (manual, IT dependent and ITAC)  

  • Reviewed ITGC for logical access controls, disaster recovery and change management requirements in line with corporate change management procedures 

  • Reviewed Delegation of Authority for required authorisation and segregation of duty within the end to end process 

  • Significantly reduced the number of key controls to manage efficiency within the business 

  • Provided levels of assurance to the Chief Executive and CFO to sign entity level certification for SOX 404 

06/2006 - 12/2006
Auditor and Business Analyst
German Bank
Banks and financial services
  • Reduced the Bank’s exposure to risk by devising a change management process for clearing outstanding audit issues 

  • Implemented a solution management process using the Prince 2 methodology 

  • Responsible for identifying high level solutions for both financial and operational risk to comply with FSA requirements 

  • Reviewed Service Level Agreements for compliance 

  • Delivered a series of workshops and presentations to management to ensure smooth transition to BAU with change management of responsibilities for managing risk acceptance at director level 

  • Placed in a core position of interaction between groups of stakeholders 


Time and spatial flexibility

Flexible in Central Europe.

Contact form

Contact details