Open to opportunities

Yedah Camay

@yedahcamay

IT security and GRC professional with 8+ years in compliance auditing, third-party risk, and enterprise risk management.

Philippines

Message

What I'm looking for

I’m looking for a security and GRC role where I can own third-party risk assessments, strengthen ISO-aligned controls, and use evidence-based auditing to reduce enterprise risk—collaborating with cross-functional teams and leadership to sustain compliant outcomes.

I’m an IT Security AnalystIII with 8+ years of experience leading information security, compliance auditing, third-party risk management, and governance, risk, and compliance (GRC) across multinational organizations. At SealedAir, I lead third-party security assessments, maintain the enterprise IT risk register, and partner with cross-functional stakeholders to strengthen organizational security posture and risk management practices.

I focus on turning control expectations into measurable outcomes. I conduct security and compliance assessments aligned with ISO27001/27002, SOC2, and regulatory frameworks such as FTC, GDPR, FCRA, and HIPAA—identifying control gaps, evaluating IT controls, assessing vendor risks, and recommending remediation strategies to improve security and regulatory compliance.

In my role as an Information Security Compliance Senior Auditor at Reed Elsevier, I performed information security assessments and internal testing aligned with ISO27002-2013 for FTC compliance. I executed test plans, analyzed IT controls (including user access, logs, and configurations), documented findings to evaluate operational, security, and regulatory risks, and collaborated with control owners through interviews and reviews of applications, networks, SDLC, and compliance frameworks.

I’m also experienced integrating risk and compliance into the way teams deliver technology. I worked with internal audit management to integrate continuous auditing technologies into IT projects, identified control gaps, recommended process improvements, and communicated findings to senior leadership. I bring a disciplined, evidence-based approach—and certifications including CISA and CISM—to help organizations reduce risk, improve controls, and sustain compliance.

Experience

Work history, roles, and key accomplishments

Current

IT Security Analyst III

Current

SealedAir Corporation

May 2025 - Present (1 year 1 month)

Led third-party security assessments to evaluate vendors and mitigate external risks. Maintained and updated the enterprise IT risk register and collaborated with cross-functional stakeholders to strengthen organizational security and risk management.

Security Assessments IT Risk Management IT Security Governance GRC ISO 27001 27002 SOC 2 Vendor Review Risk Register

Security Compliance Senior Auditor

Reed Elsevier Philippines

Sep 2023 - May 2025 (1 year 8 months)

Conducted information security assessments and control testing aligned to ISO 27002-2013 for FTC compliance. Executed test plans, analyzed IT controls, identified control gaps, and recommended process improvements to senior leadership.

ISO 27002 Controls Testing FTC Compliance Continuous Auditing

Vendor Information Security Analyst II

Convergys

Jan 2020 - Sep 2023 (3 years 8 months)

Identified and mitigated risks in vendor engagements through security assessments and due diligence. Obtained ISO 27001 certificates and SOC 2 Type II reports from vendors and communicated potential security risks for remediation.

Vendor Assessment Third Party Risk Management Risk Assessment Due Diligence Risk Communication

Consumer Advocacy Representative

Convergys

May 2017 - Jan 2020 (2 years 8 months)

Managed consumer-initiated disclosure and dispute requests to support fair and transparent processes. Promoted consumer protection through accurate handling and consistent documentation of requests.

Case Management Consumer Protection Process Adherence

Customer Service Associate

Convergys

Jan 2015 - May 2017 (2 years 4 months)

Handled consumer-initiated disclosure and dispute requests while promoting transparent and fair customer processes. Ensured consumer protection by following established request-handling procedures.

Customer Service Case Documentation Data Entry Process Adherence

Business Process Associate

Manulife Business Processing Services

Nov 2011 - Dec 2014 (3 years 1 month)

Created and set up new cases in a database and updated client information to support ongoing operations. Served as a subject-matter expert for processing procedures and coordinated bimonthly calibration sessions to align team processes.

Database Case Setup Client Data Management Process documentation Subject Matter Expertise Quality Calibration Coordination Operational Workflow Execution