BrightSphere Investment Group Inc. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on July 16, 2024

BrightSphere Investment Group Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:46:32 EST.

Filings

10-K filed on 2024-02-28

BrightSphere Investment Group Inc. filed a 10-K at 2024-02-28 16:46:32 EST
Accession Number: 0001748824-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk management and strategy We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include response to and an assessment of internal and external threats to the security, confidentiality, integrity and availability of our data and systems along with other material risks to our operations, at least annually or whenever there are material changes to our systems or operations. Our Management Risk Committee (MRC) collaborates with our Head of IT and Chief Information Security Officer (CISO) along with the IT Department to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Our Head of IT and CISO along with the IT Department implement processes and technologies to provide security monitoring and vulnerability management. We have an incident response plan in place with designated roles and responsibilities for responding to and escalating cybersecurity events and incidents. As part of our risk management process, we engage outside providers to conduct periodic penetration testing and vulnerability assessments. We maintain a third-party risk management program that includes vendor due diligence at onboarding, periodic assessments, and continuous risk monitoring. Assessments include reviews of security controls and cybersecurity questionnaires or other technical evaluations. In addition, we maintain a vendor risk register and review risk ratings semi-annually. As of the date of this report, we have not experienced a cybersecurity incident that resulted in a material effect on our business strategy, results of operations, or financial condition. Governance Our Board of Directors provides oversight of the Company’s cybersecurity risk management program. The Audit Committee of our Board of Directors has primary responsibility for oversight of cybersecurity and is briefed on cybersecurity risks quarterly and following any material cybersecurity incidents. Our cybersecurity program is managed by our Head of IT and CISO, who reports to our Chief Executive Officer and has served in this role since 2019. Our Head of IT & CISO has over 20 years of industry experience in information technology and maintains industry certifications such as the ISC2 CISSP. Reporting to the Audit Committee of our Board of Directors quarterly, our Head of IT and CISO may address overall assessment of the Company’s compliance with our cybersecurity policies and procedures, risk management, service provider arrangements, testing results and security incident response and makes recommendations for changes and updates to policies, procedures, and technologies related to cybersecurity and IT risk management. 31
Item 1C. Cybersecurity


Company Information

NameBrightSphere Investment Group Inc.
CIK0001748824
SIC DescriptionInvestment Advice
TickerBSIG - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30