Granite Point Mortgage Trust Inc. 10-K Cybersecurity GRC - 2024-03-01

Page last updated on April 11, 2024

Granite Point Mortgage Trust Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 16:06:33 EST.

Filings

10-K filed on 2024-03-01

Granite Point Mortgage Trust Inc. filed an 10-K at 2024-03-01 16:06:33 EST
Accession Number: 0001703644-24-000032

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to our cybersecurity policies, processes and practices, which are integrated into our overall risk management program. In partnership with our designed outsourced technology provider, we have implemented extensive processes and controls to assess, manage and protect against material risks from cybersecurity threats, including the following: a managed detection and response platform that is monitored at all times by members of our third-party technology provider s Security Operations Center team; periodic penetration testing and vulnerability scans; quarterly cybersecurity training and phishing email exercises for all employees and officers; vendor cybersecurity diligence; cybersecurity insurance; and a cybersecurity Incident Response Plan that includes procedures for responding to cybersecurity incidents. To date, cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we believe are not reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Refer to Risk Factors Risks Related to our Company and Structure Operational risks, including the risk of cyberattacks, may disrupt our business, resulting in loss or limited growth in Item 1A of this Annual Report on Form 10-K for an additional description of our cybersecurity risk and the potential related impacts. Governance Pursuant to its charter, the Audit Committee of our board of directors oversees our risk management program, which focuses on the most significant risks we face, including cybersecurity risks. Audit Committee meetings include discussions of specific risk areas, and our Chief Compliance Officer, or our CCO, regularly reports to the Audit Committee on cybersecurity risks we face, as well as the status of measures undertaken by the Company to manage those risks. Pursuant to our Incident Response Plan, the chair of the Audit Committee will be notified in the event of a cybersecurity incident meeting a specified severity level. In addition, all members of our board of directors, including members of the Audit Committee, participate in quarterly training on cybersecurity threats, including those facing the Company. 34 Table of Contents Our CCO and our Chief Financial Officer, or our CFO, work collaboratively with senior members of our outsourced technology firm to comprise our Cybersecurity Team. Our Cybersecurity Team has primary responsibility for overseeing, implementing and managing our processes and controls to assess, identify and manage material risks from cybersecurity threats, including those described above in Risk Management and Strategy . Our Incident Response Team, in coordination with external advisors, is responsible for responding to and managing cybersecurity incidents pursuant to our Incident Response Plan. Our Incident Response Team includes our Cybersecurity Team and our Chief Executive Officer, along with other Company personnel as appropriate based on the nature of the incident. The members of our Cybersecurity Team have various levels of experience in information technology and cybersecurity matters. Our third-party technology firm is a global information technology and cybersecurity provider with a seasoned executive team possessing decades of experience and various cybersecurity certifications, such as Certified Information Systems Security Professional certification. Our CCO and CFO each has extensive experience managing risks at the Company, including risks arising from cybersecurity threats. Our CCO also holds a CERT Certificate in Cybersecurity Oversight issued from the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the National Association of Corporate Directors.

Company Information