Portfolio & Professional Profile

Marco Valadez

Compliance Operations & Technology Enablement Leader — designing the systems, platforms, and operating models that make enterprise compliance scale.

Discipline GRC · TPRM · Platform Governance
Experience 9+ years · Global enterprises & Fortune 500
Based In Greater Los Angeles, CA
Status Open to Manager & Director-level roles
View Experience Get in Touch
— Profile No. 01 —
Marco Valadez
M et V
Est. 2016 Los Angeles

"Good governance is invisible when it works — and visible the moment it doesn't."

01 — About

A profile in governance.

Nine years spent at the intersection of compliance, technology, and operations — designing the systems that make risk programs run and scale.

Compliance operations and technology enablement leader with 9+ years of experience designing, operationalizing, and scaling enterprise risk, compliance, and third-party governance programs across global technology, financial services, and regulated industries.

Proven business owner of enterprise compliance platforms — ServiceNow IRM/TPRM, RSA Archer, Resilinc, and ProcessUnity — with a track record of translating regulatory requirements into system logic, workflow design, and measurable operational outcomes. Demonstrated success leading cross-functional transformation across Legal, Enterprise Technology, Procurement, Supply Chain, and business stakeholders in ambiguous, multi-regulatory environments.

Strengths include platform governance, workflow modernization, data governance and KPI design, automation and AI enablement strategy, business case development, and building high-performing teams in politically complex environments.

02 — Experience

Selected engagements.

A decade spent inside the governance machinery of the world's largest organizations — from prepaid card issuers to global cloud infrastructure.

Feb 2026 — Apr 2026
MOST RECENT
Control Risks
Group
Control Risks Group
Third-Party Resilience Program Manager — Client: Microsoft CO+I
Remote
Led design and operationalization of Microsoft's CO+I Third-Party Resilience Program, enabling compliance operations and technology-driven risk oversight across a global supplier ecosystem supporting datacenter construction and delivery.
  • Business owner for Resilinc risk intelligence stack; defined system requirements and integrated supplier event monitoring into executive reporting.
  • Built SRA and SCV assessment frameworks across 44 Tier 1 critical suppliers.
  • Automated monthly reporting via Python & Resilinc API — reduced cycle time from 60–90 minutes to 15–20.
Apr 2025 — Nov 2025
Global
Payments
Global Payments
Senior Program Manager, Risk Review & TPRM
Remote · Contract
Engaged to lead enterprise redesign of the Risk Review and TPRM programs following multiple acquisitions. Owned end-to-end ServiceNow IRM implementation and the target-state operating model.
  • Partnered with McKinsey to design DARE decision-rights framework across 8 risk stripes.
  • Reduced review cycle inconsistencies by ~40% and manual risk tracking by ~50%.
  • Delivered full business case, 36-week roadmap, and stakeholder packet securing executive alignment.
Jun 2023 — Apr 2025
City National
Bank
City National Bank
Risk Program Manager, Data & Analytics
Los Angeles, CA
Program owner for CNB's Data Retention & Destruction Program — the bank's largest data governance initiative — with responsibility for audit, regulatory, and risk oversight across the application portfolio.
  • Achieved 97% compliance across 97 applications; reduced over-retained data by 78%.
  • Reduced overall compliance risk by 40% through standardized practices.
  • Primary divisional liaison to internal & external auditors.
Jan 2019 — Nov 2022
Ernst &
Young
Ernst & Young
Senior Risk Consultant, Third-Party Risk Advisory
Greater Los Angeles
Advised Fortune 500 clients — Uber, Santander Bank, Kaiser Permanente — on third-party risk operating models, platform implementations, and audit-ready compliance workflows.
  • Reduced residual third-party risk exposure by 20–30% across Fortune 500 engagements.
  • Improved audit efficiency by 30% for Santander Bank via custom TPRM procedure design.
  • Supported ISO 27001 & SOC 2 readiness across multiple client engagements.
Feb 2016 — Nov 2018
Green Dot
Corporation
Green Dot Corporation
Third-Party Risk Management Analyst
Pasadena, CA
Supported the enterprise TPRM program for one of the world's largest prepaid card providers — high-volume vendor risk operations, automation, and executive reporting.
  • Performed 800+ vendor risk assessments annually.
  • Streamlined third-party onboarding from one week to two days via RSA Archer workflow automation.
  • Reduced high-risk vendor exposure by 40% through improved dashboards and scorecards.
03 — Results

Outcomes that compound.

Compliance programs are judged by what they prevent and what they enable. A few representative numbers.

97%
Compliance Achieved
Across 97 applications through CNB's Data Retention & Destruction Program — reducing over-retention by 78%.
Reporting Acceleration
Python + Resilinc API automation reduced Microsoft CO+I monthly cycle time from 60–90 min to 15–20 min.
40%
Cycle Inconsistency Reduced
Target-state operating model & DARE framework across 8 risk stripes at Global Payments.
30%
Risk Mitigation
Reduced potential risk at Uber through structured third-party assessments & mitigation strategies.
04 — Expertise

Capabilities & toolkit.

Where strategy meets system — the disciplines and platforms that turn compliance intent into operational reality.

Strategic Capabilities

  • Compliance Operations & Technology Enablement 01
  • Platform Business Ownership & Governance 02
  • Operating Model Design & Implementation 03
  • Workflow Modernization & Process Engineering 04
  • Data Governance & Analytics Enablement 05
  • KPI / KRI Dashboard Design 06
  • Automation & AI Integration Strategy 07
  • Business Case Development & ROI Modeling 08
  • Enterprise Transformation & Change Implementation 09

Technical & Functional

  • ServiceNow IRM / TPRM 01
  • RSA Archer · Resilinc · ProcessUnity 02
  • Python · Jupyter · API Integrations 03
  • Third-Party Risk Management (TPRM) 04
  • Supply Chain Risk & Resilience 05
  • IT Application Controls & ITGC 06
  • Regulatory & Audit Readiness 07
  • Cross-Functional Leadership & Stakeholder Mgmt 08
  • Executive Reporting & Structured Presentations 09
Frameworks & Regulatory Fluency
COSO ERM ISO 31000 ISO 27001 ISO 37301 NIST CSF SOX 404 PCI-DSS GDPR CCPA IIA Three Lines COBIT HRDD Awareness UFLPA EUDR CSDDD
05 — Voices

What colleagues say.

Selected reflections from peers and senior leaders across banking, consulting, and nonprofit partnerships.

"

Marco has consistently demonstrated exceptional skill and dedication in his risk management role. He was instrumental in our Data Retention and Destruction program, achieving 97% compliance, 40% risk reduction, and identifying 78% over-retention of data. His deep understanding of governance, risk, and compliance has significantly contributed to our organization's success.

Mickel Rossi
Business Analyst · City National Bank
"

Marco was a valuable member of the EY team. While his aptitude for technology, governance, and risk matters is limitless, Marco's ability to build effective and highly collaborative relationships makes him stand out. Marco has a hunger to learn and a desire to serve. He would be a vital asset for any organization lucky to have him.

Scott Skinner
Director of Strategy · EY-Parthenon
"

Working with Marco on several joint projects for clients like the YMCA of Monrovia, Green Dot Corporation, and USC has been an outstanding experience. His professionalism, thoughtful vision, and spirit of partnership have been pivotal to our successful outcomes. His expertise in project management has consistently delivered results that exceed client expectations.

Rodney T. Marshall
Owner · Marshall Projects & Consulting
06 — Personal

A few questions.

What sits behind the work — and the person behind the programs.

Why did you choose this profession?
I chose risk and compliance because it fits how I think. I have an inquisitive mind, and this field rewards the habit of exploring every possibility that could affect people, their data, and their institutions. It is advocacy work, translated into systems.
What is your greatest accomplishment?
Becoming a first-generation college student. I barely graduated high school, spent years in remedial math and English, and eventually earned a full-ride scholarship to USC — graduating with two degrees, a minor, honors, and multiple awards for academic excellence, community service, and leadership.
What are your long-term goals?
Business school, a Director-level role in risk or compliance operations, and a longer arc toward Chief Risk Officer — building programs that are scalable, human, and audit-ready from the first line of code.
What are you passionate about outside of work?
Learning, personal and professional development, and uplifting underserved communities. Outside of that — volunteering, cycling, and training.
Who are your main influences?
Tom Edzel (mentor), Dale Carnegie, Jim Rohn, Deepak Chopra, Napoleon Hill, John C. Maxwell — and my father, Jose Valadez, above all.
Do you live by a particular motto?
"Education is an ornament in prosperity and a refuge in adversity." — Aristotle
— 07 Contact —

Let's start a conversation.

Open to Manager and Director-level conversations in compliance operations, third-party risk, and enablement leadership.

Email
marco.a.valadez@gmail.com
Phone
(323) 356-1482
LinkedIn
linkedin.com/in/marcovaladez