Antonina K. McAvoy, CISA, CISM, QSA, PCIP

Antonina McAvoy specializes in cybersecurity, as well as data protection and privacy. She has over a decade of experience leading and performing a wide spectrum of cybersecurity reviews (i.e. NIST, COBIT, CIS, PCI, GDPR, ISO Standards), SOX 404 business control mapping and Information Technology General Control (ITGC) assessments, AICPA SOC reporting (SOC 1, 2, 3, SOC for Cybersecurity, and SOC for Supply Chain reporting), HIPAA compliance audits, HITRUST CSF readiness assessments, FFIEC ITGC examinations, Department of Defense (DoD) System Security Plans (SSP) and Plan of Action & Milestones (POA&M), DoD DFARS and CMMC readiness assessments (CMMC provisional assessor candidate), outsourced IT internal audits, and internal control assessment services.

Antonina has strong technical skills and is instrumental in performing complex data mapping exercises to identify where key data resides in an organization’s environment, assessing the design and operating effectiveness of control environments, as well as identifying control gaps and weak cybersecurity settings. Ms. McAvoy is highly skilled in analyzing the root cause and impact of IT issues through gaining a deep understanding of an organization’s operations. She is well versed in translating IT risks, recommending business solutions, and advising organizations on designing strategies to create and improve sustainable data protection and enterprise-wide risk prevention programs.

Antonina grew up in a family of accountants, with her parents serving as CFOs. Antonina followed suit with a degree in Accounting, but initially discovered her interest in information technology during her first post-college position when she was presented with the opportunity to work on an IT audit. Her experience since then has led Antonina to assist organizations across various industries, as well as both small mom-and-pop businesses to large global organizations where Antonina coordinated the information technology audits across both geographic and language barriers for multiple key international locations. She has found her passion by combining her love for networking with applying the technical knowledge she gained from helping companies identify control gaps and security weaknesses. Her innate ability to connect with people allows her to effectively communicate weaknesses identified and make strong recommendations to management to help improve their cyber-environment.

A decade has passed since she first started assisting companies with their IT environments, yet the fear of cybersecurity preparedness by boards and upper management has only increased as high-profile cyber-attacks become more common and the need for digital trust intensifies. It is Antonina’s mission to help companies strengthen their business and cyber-resilience to reduce the risk of a cyber-incident occurring that could have a significant financial, operational, legal and reputational impact.

Prior to joining PBMares in 2018, Ms. McAvoy worked with other accounting firms, including a five-year tenure in the Information Systems Assurance group of the fifth largest accounting firm in the world, and a three-year tenure with the Risk Assurance group of a prestigious “Big Four” accounting firm.

PROFESSIONAL ASSOCIATIONS:

• American Institute of Certified Public Accountants (AICPA)
• ISACA (formerly the Information Systems Audit and Control Association)
• Risk Management Association (RMA) Carolinas and Virginias (CAVA) Board Member
• Junior League of Virginia Beach
• Hampton Roads Chamber of Commerce

EDUCATION:

• Master of Science in Cybersecurity with a concentration in Cyber Operations from Utica College
• Bachelor of Science in Business Management with a concentration in Accounting from Babson College
• Associate of Science in Business Administration with a concentration in Accounting from Massachusetts Bay Community College

PUBLICATIONS:

Pursuing a master’s degree was a lifelong academic goal of Antonina’s, which culminated in her first publication The Secret to Mastering the Defense Federal Acquisitions Regulation Supplement Cybersecurity Requirements (ProQuest No 27672340).

CERTIFICATIONS:

• Certified Information Systems Auditor (CISA) by ISACA
• Certified Information Security Manager (CISM) by ISACA
• Qualified Security Assessor (QSA) by PCI Security Standards Council
• Payment Card Industry Professional (PCIP) by PCI Security Standards Council
• Cybersecurity Advisory Services Certificate by AICPA
• Cyber Operations Certificate by the Center of Academic Excellence in Cyber Defense Education on behalf of Utica College, the National Security Agency, the United States Department of Homeland Security and the National IA Education and Training Programs