Cybersecurity Governance

The Company’s Board considers cybersecurity risk as part of its risk oversight function and considers cybersecurity and IT risks as key strategic risks of the Company. The Board oversees management’s implementation of the Company’s cybersecurity risk management program, receiving at least annual updates from management (including our Chief Information Officer) on cybersecurity risks, including briefings on the Company’s cyber risk management program and cybersecurity incidents, and reviewing cybersecurity topics impacting companies with management and external experts.

The Company’s Chief Information Officer leads the IT and cybersecurity functions and has primary responsibility for leading the Company’s overall cybersecurity risk management program, supervising both internal cybersecurity personnel and external cybersecurity service providers. The Company’s cybersecurity function is responsible for assessing and managing material risks from cybersecurity threats, as well as informing management about and monitoring the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers and alerts and reports produced by security tools deployed in the IT environment.

The Company’s Chief Information Officer and Vice President of IT security and Compliance have significant experience in managing and leading information systems and deploying cybersecurity technologies and have extensive cybersecurity training and knowledge. The Company’s Vice President of IT security and Compliance has several industry certifications, including CISSP (Certified Information Security System Professional), CCSP (Certified Cloud Security Professional) and CCSK (Certificate of Cloud Security Knowledge). The Company’s Chief Information Officer reports to the Chief Executive Officer, and the Company’s Vice President of IT Security and Compliance reports to the Company’s Chief Information Officer.