ConnectOne Bancorp, Inc. 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

ConnectOne Bancorp, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 16:02:10 EST.

Filings

10-K filed on 2024-02-23

ConnectOne Bancorp, Inc. filed an 10-K at 2024-02-23 16:02:10 EST
Accession Number: 0001437749-24-005370

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management, Strategy and Governance Cybersecurity is a material part of ConnectOne s business. As a financial institution offering products through multiple digital delivery channels, cybersecurity incidents could have a material effect on the Company, its results of operations and its reputation, although to date the Company has not experienced any cybersecurity incident which has had a material effect on the Company s business strategy, results of operations or financial condition. See Item 1A- Risk Factors - We cannot predict how changes in technology will impact our business; increased use of technology may expose us to service interruptions or breaches in security. Cybersecurity risk is initially overseen at ConnectOne by the management IT Committee (the ITC ). The members of this committee include, as co-chairs, the Chief Compliance Officer and the Chief Technology Officer. Additional members are our Information Security Officer, Information Technology ( IT ) Manager, Chief Risk Officer, Chairman & Chief Executive Officer, Chief Strategic Operations Officer, Chief Digital Officer and Chief Brand and Innovation Officer. Tarak Patel, Information Security Officer - Mr. Patel has facilitated the management of information security programs at financial institutions for over 17 years. Sharif Alexandre, Chief Technology Officer - Mr. Alexandre has over 20 years industry experience including managing Information Technology and Software Development teams at organizations ranging from technology startups to Fortune 500 companies. He recently oversaw IT operations and currently leads the Software Development and Data Management teams at the Bank. Laura Criscione, Chief Compliance Officer - Ms. Criscione oversees the company s Compliance and Information Security. Ms. Criscione has overseen Compliance and IT Operations throughout her more than 30-year career in financial institutions. Dale Dwaileebe, IT Manager - Mr. Dwaileebe has over 20 years of IT experience, is a current member of Infragard, and holds multiple industry recognized certifications. Michael O Malley, Chief Risk Officer Mr. O Malley oversees entity-wide risk management, including cybersecurity related risk. Dana Zeller, Chief Strategic Operations Officer Ms. Zeller s career has been primarily in bank operations, in which she has participated in end-to-end implementations and upgrades of core banking technology, from selecting a vendor to managing implementations, to leading enhancement and efficiency initiatives throughout the life of the application. Ali Matera, Chief Digital Officer Ms. Matera is a technology subject matter expert with over 13 years of IT leadership and over 18 years of financial service experience. In her career she has been responsible for technology/digital strategy, enterprise program management, data analytics and IT service management at other financial institutions. In addition to the members above, Frank Sorrentino III, Chairman & Chief Executive Officer and Siya Vansia, Chief Brand & Innovation Officer are also members of the ITC due to their roles in overseeing entity-wide management. -31- Table of Contents In order to ensure that cybersecurity risk management is integrated into the Company s overall risk management plans, systems and processes, members of the ITC, along with other lines of business heads, report to the management Enterprise Risk Management Committee (the ERMC ), which in turn reports to the Board Audit and Risk Committee quarterly. The ERMC consists of the Company s Chief Risk Officer, Chairman & CEO, President, Chief Financial Officer, Treasurer, Chief Compliance Officer, Chief Technology Officer, Chief Strategic Operations Officer and Chief Credit Officer. In addition, the Company s Chief Technology Officer attends Company Board of Directors meetings and provides an information technology (“IT”) report at each meeting. The Company s cybersecurity risk mitigation program involves a combination of internal resources and the use of third parties. The Company s internal IT team performs monthly vulnerability scanning and performs an annual risk assessment based on the National Institute of Standards and Technology Cybersecurity Framework. The results are reported to the ITC. The Company s IT and compliance staff also review potential cybersecurity threats associated with the Company s third-party vendors, including performing a review of and obtaining a System of Organization Controls report from all vendors rated as high risk by the Company s internal vendor management program. The Company also has an internal Incident Response Plan and Team, which is charged with overseeing the Company s response to any cybersecurity incident. The team performs a table-top exercise at least annually to prepare to respond in the event of any actual cybersecurity incident. In addition to these internal resources, the Company uses a third-party vendor to undertake annual penetration and vulnerability testing, with the results reported to the ITC. Finally, the Company s cybersecurity compliance program is audited by the Bank s outsourced internal auditor. The Company also maintains insurance which may provide coverage for expenses and certain losses incurred in connection with a cybersecurity incident. -32- Table of Contents

Company Information