Cybersecurity Committee Charter
MOLINA HEALTHCARE, INC.
Cybersecurity Committee Charter
The Cybersecurity Committee (the “Committee”) is an advisory and oversight committee of the Board of Directors of Molina Healthcare, Inc. (the “Board”). The Committee’s primary duties and responsibilities shall include but not be limited to the following:
- Enhancing the Board’s understanding and oversight of the systems (i.e., policies, controls and procedures) that management has put in place to (i) identify, manage and mitigate risks related to cybersecurity, privacy, and disaster recovery; (ii) respond to incidents with respect thereto; and (iii) protect unauthorized access to critical infrastructure assets.
- Performing such other tasks related to the oversight of the Company’s cybersecurity functions as the Board may delegate to the Committee from time to time.
COMPOSITION AND QUALIFICATIONS
The Committee shall be comprised of two or more Directors, as determined from time to time by the Board. Members of the Committee shall be appointed by the Board upon the recommendation of the Corporate Governance and Nominating Committee. The Board shall designate one of the members of the Committee as its chairperson.
RESPONSIBILITIES AND DUTIES
The Committee’s duties and responsibilities shall include, without limitation, the following:
- Meet at least semi-annually with the Company’s Chief Information Security Officer and Chief Risk Officer to discuss cybersecurity risks, activities, and developments.
- Work with senior management to understand the Company’s cybersecurity risks, including the potential likelihood, frequency, and severity of cyberattacks and data breaches.
- Discuss the Company’s cybersecurity policies as to risk assessment and risk management, including the review of the guidelines and policies established by the Company to assess, monitor, and mitigate the Company’s significant cybersecurity risk exposures.
- Oversee activities related to cyber risks, such as reviewing adequacy of the cyber risk budget, assessing security programs and top-level policies; assessing roles, responsibilities, and reporting relationships for privacy and security issues; and ensuring development and adequacy of an incident response plan and adequacy of resources to respond to a breach.
- Review significant cybersecurity investments and expenditures and make recommendations, where appropriate.
- Receive, as and when appropriate, reports, and recommendations from management regarding, among other things, cybersecurity breaches and cybersecurity risks.
- Make such recommendations to the Board and management with respect to any of the above and other matters as the Committee deems necessary or appropriate.
The Committee shall meet at least two times annually or more frequently if circumstances warrant, at such times and places as the Committee determines. At least one meeting each year shall be conducted in person. A majority of the members of the Committee shall constitute a quorum. An executive session, attended by the members of the Committee in attendance, shall generally be held following each meeting.
The chairperson of the Committee shall report the recommendations, deliberations, and actions of the Committee at the meetings of the Board and on such other additional occasions as deemed appropriate by the chairperson.
The Committee shall have the authority to retain or obtain the advice of one or more consultants, independent legal counsel, or other advisers. The Committee shall be directly responsible for the appointment, compensation, retention, and oversight of the work of any such advisers retained by the Committee. In addition, the Company shall provide appropriate funding, as determined by the Committee, for the payment of reasonable compensation to such advisers retained by the Committee.
The Committee’s responsibilities and powers as delegated by the Board are set forth in this Charter. The Committee relies to a significant extent on the information and advice provided by management and independent advisors.
- Financial Expert
- Independent Director