Matador Resources Co 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

Matador Resources Co reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 08:01:28 EST.

Filings

10-K filed on 2024-02-27

Matador Resources Co filed an 10-K at 2024-02-27 08:01:28 EST
Accession Number: 0001520006-24-000078

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy The Company recognizes the importance of developing, implementing and maintaining cybersecurity measures to better safeguard our information systems and protect the confidentiality, integrity and availability of our data. Managing Material Risks and Integrated Overall Risk Management The Company has integrated cybersecurity into our broader risk management framework. Our risk management team works closely with our IT department to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. The Company requires the Board and employees to complete cybersecurity training related to the physical security of assets, data privacy and other information security policies and procedures. Engage Third Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, the Company engages with a range of external experts, including cybersecurity consultants in evaluating and testing our risk management systems. Our collaboration with these third parties includes regular audits, threat assessments, penetration tests and consultation on security enhancements. Oversee Third-Party Risk Because we are aware of the risks associated with third-party vendors, service providers and business partners, we have implemented processes to oversee and manage these risks. We conduct initial risk assessments of third-party providers before engagement. These assessments include due diligence reviews of third parties that have access to our networks, confidential information and information systems in order to assess the risks from cybersecurity threats. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties. Risks from Cybersecurity Threats We have not been subject to cybersecurity challenges that have materially impaired our operations or financial standing. 67 Table of Contents Governance The Company is aware of the critical nature of managing risks associated with cybersecurity threats and has established oversight mechanisms at the Board and management levels to ensure effective governance in managing risks associated with cybersecurity threats. Board Oversight The Board has oversight of cybersecurity risks and, specifically, the Audit Committee of the Board is charged with the oversight of the Company s guidelines and policies to govern the process by which risk assessment and risk management are undertaken by management, including with respect to cybersecurity risks. Our Board is composed of members with diverse expertise, including risk management, technology and finance, which experience provides them with the skills needed to oversee cybersecurity risks effectively. Management s Role Managing Risk The Company s IT Committee, which includes senior executives and other members of management, meets regularly to monitor and discuss cybersecurity issues. The Senior Vice President of Information Technology, the Executive Vice President and Chief Accounting Officer ( CAO ) and the Co-Chief Operating Officer ( COO ) play a pivotal role in informing the Board on cybersecurity risks. They provide comprehensive briefings to the Board on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including: current cybersecurity landscape and emerging threats; status of ongoing cybersecurity initiatives and strategies; incident reports and learnings from any cybersecurity events; and compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the Board, Senior Vice President of Information Technology, CAO and COO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on significant developments in the cybersecurity domain, ensuring the Board s oversight is proactive and responsive. The Board actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of the Company. Risk Management Personnel Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the Senior Vice President of Information Technology. With over 35 years of experience in the information technology field, he brings a wealth of expertise to his role. His in-depth knowledge and experience are instrumental in developing and executing our cybersecurity strategies. Our Senior Vice President of Information Technology tests our compliance with standards, remediates known risks and leads our employee training program. Reporting to the Board The Senior Vice President of Information Technology regularly informs the Chief Executive Officer and COO of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing the Company. Furthermore, significant cybersecurity matters and strategic risk management decisions are escalated to the Board, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues. Monitor Cybersecurity Incidents The Senior Vice President of Information Technology monitors the latest developments in cybersecurity, including potential threats and innovative risk management techniques. The Senior Vice President of Information Technology implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the Senior Vice President of Information Technology is equipped with an incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.

Company Information