Tatiana Quenum
Monroeville,PA
Summary
As a Security Analyst my profound knowledge in IT security measures ensure that the appropriate operational security posture is maintained for assigned IT systems in accordance with NIST, FISMA, OMB and industry best practices.I provide expert consultation across a wide range of cross-functional areas of IT security services as well as provide project planning, guidance and technical expertise in the following areas: program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A).
Overview
9
9
years of professional experience
1
1
Certification
Work History
Information Assurance Analyst
Barings
09.2022 - 05.2024
- Review and update System Security Plans (SSP) and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800-18 and industry best security practices.
- Review and update System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M).
- Review and update procedural controls relating to Management, Operational and Technical Controls for the Organization.
- Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
- Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture.Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
- Carried continuous monitoring after authorization to operate(ATO) to ensure continuous compliance with the security requirements.
- Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.
- Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.
Information Security Analyst
RISGROUP
03.2017 - 08.2022
- Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M).
- Assisted System Owners and ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
- Perform Vulnerability Assessment. Made sure that risks are assessed, evaluated and proper actions had been taken to limit their impact on the information and information Systems.
- Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
- Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the NIST Guidelines.
IT Auditor
Ally Financial Inc.
01.2015 - 02.2017
- Performed information system audits to manage internal controls and assess risks.
- Determined which processes would improve internal controls and operating efficiency for company.
- Gathered requirements from stakeholders regarding new technologies they wish to implement into their environment.
- Evaluated the effectiveness of existing internal control mechanisms in order to provide assurance that information is secure and reliable.
- Participated in meetings with senior management team members in order discuss overall objectives relating to IT audits.
- Conducted independent reviews of IT systems, applications, networks, databases and other infrastructure components.
- Provided technical advice on best practices for maintaining secure IT systems as well as strategies for mitigating risks associated with them.
Education
BBA - Business Administration And Management
LAKESIDE UNIVERSITY COLLEGE
06-2014
Skills
- Mobile Security
- Threat Intelligence
- Encryption Technologies
- Security policy development
- Virtualization Security
- Digital Forensics
- Identity and Access Management
- Business Continuity
- Compliance Monitoring
- Network Security
- Disaster Recovery Planning
Certification
- Comptia Security+
Timeline
Information Assurance Analyst
Barings
09.2022 - 05.2024
Information Security Analyst
RISGROUP
03.2017 - 08.2022
IT Auditor
Ally Financial Inc.
01.2015 - 02.2017
BBA - Business Administration And Management
LAKESIDE UNIVERSITY COLLEGE
Similar Profiles
Jennifer JohnsonJennifer Johnson
Associate Director at Barings LLCAssociate Director at Barings LLC
Brian FitzgeraldBrian Fitzgerald
Director Data Management at Barings LLCDirector Data Management at Barings LLC
MATTHEW HAWKINSMATTHEW HAWKINS
Director of Benefits at Barings LLCDirector of Benefits at Barings LLC
Jessica KulwickiJessica Kulwicki
Pharmacy Manager at Rite AidPharmacy Manager at Rite Aid
Matt FawcettMatt Fawcett
Webmaster at Lee-Thompson Fawcett Co.Webmaster at Lee-Thompson Fawcett Co.