Download PDF

Casey Marquette

Omnicare Information Security Officer & Senior Director, Information Security at CVS Health


Security Executive with proven global experience establishing information security strategy and direction, as well as developing and delivering comprehensive information security programs to ensure information assets and technologies are adequately protected.

Work History

Sep 2014Present

Senior Director, Information Security

CVS Health

Provide 24x7 protection of business operations by leading a team of 60 at CVS, a Fortune 10 company.  

  • One of a select group of employees recognized by the CVS Health Business Planning Committee for my ability to positively affect the company's future growth and performance.  A 2016 retention award was received.
  • 59% decrease in mean time to remediate vulnerabilities (2014 Average compared to 2015 average) “The speed and depth of the improvement observed for an organization the size of CVS reflects an extremely effective and efficient information security program” Accuvant
  • 3,609% increase in the number of CVS Health security vulnerabilities remediated when comparing 2014 to 2015.
  • 86% reduction in threat containment time (2014 average compared to 2015 average) by innovating and leveraging already procured technology, Symantec white paper written about the process implemented at CVS Health.
  • Developed and operationalized a first of its kind third party real time monitoring and response program.
  • Created and delivered specialized Engineering and Cyber Response Team to quickly identify control gaps and with a sense of urgency deliver the needed security controls.
  • Responsible for successful security integration of acquired companies.
  • Led effort and completed CVS and CVS affiliates first ever advanced threat compromise assessment covering 50,000+ computer systems.
  • 96% decrease in Mean Initial Work Time and 53% decrease in Standard Deviation for security incidents (2014 average compared to 2015 average).
  • 83% decrease in Mean Time to Validate threats resulting in a 660% increase in the number of proactive incidents worked by the CVS Health Security Operations Center.
  • Achieved successful Report on Compliance (ROC) for PCI by leading the security segmentation and two factor authentication effort.
  • Exceeds expectation rating for work in 2014 and 2015.
  • 13.82% positive increase across all 14 employee survey categories from 2014 to 2015.
Sep 2015Present

Information Security Officer

Omnicare, Inc., a wholly owned subsidiary of CVS Health

Responsible for the development and delivery of a comprehensive information security program to ensure information assets and technologies are adequately protected. 

  • Responsible for oversight and coordination of the Governance and Risk Management program including but not limited to the following:
    • Information Security Policy & Standards
    • Information Security Awareness
    • Information Security Risk Management
    • Third Party Security Risk Management
  • Establish and oversee Omnicare's Security Operations and Architecture and Engineering function.
    Jun 2011Sep 2014

    Director, Security Operations Center

    Johnson & Johnson

    Provide 24x7 global protection of business operations by leading a 30 person global team (FTEs and contractors) and managing a security service provider. 

    • Reduced Managed Security Service Provider total cost of ownership 200K year over year while increasing capabilities.
    • Responsible for management of security technologies that provided global network level security, as well as computing system protection.
    • Delivered a global incident response run book by collaborating with security officers representing 260 operating companies.
    • NIST Cybersecurity Framework gap assessment  and strategic plan to address gaps completed and briefed to J&J CTO.
    • Strategy and Leadership Credo champion nominated by IT Leadership Team to improve scores across all of J&J IT Infrastructure Services.
    • Recipient of Global IT Recognition and six J&J Encore awards for security work, business acumen, leading others, and thinking strategically.
    • Nominated by leadership and participated in the J&J Senior Leader Base program. A program targeted towards “high potential” directors or VPs.
    • All years at J&J received a “performance consistently exceeds” rating and the top rating for leadership “demonstrated outstanding leadership”.
    Dec 2012Dec 2013

    Director, Global Command Center

    Johnson & Johnson

    Johnson & Johnson Security Operations and Critical Response Team Global Process Owner. Led a global team responsible for ensuring operational excellence and protecting assets for 260 operating companies in 60 countries.

    • Promoted from Senior Manager to Director.
    • Increased security incidents handled by 250% by integrating Global Security Operations with the Global Command Center.
    • Reduced average monthly mean time to repair (MTTR) for business critical incidents from 5.54 hour average in 2012 to 3.63 in 2013.
    • Reduced Managed Security Services (MSS) response time to security incidents by 62% and increased actionable data by 70%.
    • ISE® Northeast Information Security Project of the Year Award Nominee for build out of global enterprise vulnerability management program.
    • Led the Global IT intern program to attract, develop, and retain talent.
    • Credo champion for J&J Global Operations Center responsible for leading survey focus groups, action plans, and presentation to leadership.
    • Core member of the J&J Crisis Management Team.
    • Implemented pro-active approach to business critical incidents s in April 2013 by creating event to critical incident process resulting in an average of 28% of critical incidents being worked proactively. 
    Jun 2015Present

    Cyber Security Advisory Council

    Montreat College

    Collaborate and review Montreat programs to ensure the curriculum keeps pace with emerging cybersecurity trends and technologies.

    Jan 2005Jun 2011

    Senior Manager, Information Assurance and Forensics


    Managed team responsible for technical investigations, incident response activities, and developing/managing risk assessment programs.

    • Promoted from Manager to Senior Manager.
    • Achieved Medco’s “Top Performer” rating for 2006, 2008, 2009, and 2010.
    • Execution of ISO 27002 assessment resulting in standard compliance.
    • Execution of security risk assessment Program resulting in a reduction of risk by assessing assets against Global Security Standards and Guidelines. 
    • Matured the supplier risk assessment process resulting in the ability to measure IT risk across vendors in a quantifiable and repeatable manner.
    • Served as a subject matter expert in client facing activities.


    Jun 2016June 2016

    CISO FBI Academy

    Federal Bureau of Investigation
    Feb 2008Jun 2009

    Master of Science in Information Security and Assurance

    Norwich University
    Mar 1996Jun 2002

    Bachelor of Science, Criminal Justice

    University of Cincinnati