Mark Beres Email and Phone Number

• Build, mature and lead first in class Enterprise Risk Management and Business Continuity Management programs, aligned with best practices like ISO, deployed globally across the enterprise in 5 different continents, 21 critical locations with over 100 senior leaders• Partner with senior managers and process owners in groups such as Supply Chain, IT, HR, and others throughout the organization to identify and anticipate operational risks, develop mitigation strategies and prepare business continuity plans• Determine and monitor the risk appetite of the organization and further educate the organization as a whole on our risk tolerance• Oversee the execution of the Business Continuity Management System, aligned with the ISO 22301 standard, across the organization, including the coordination of Business Impact Analysis, Risk Assessments, Mitigation Strategies, Internal Audits and Management Review, and leading Business Continuity Scenario and Table Top Exercises across the business• Collaborate with other business leaders to quickly grasp business issues and develop sustainable solutions that address root cause• Lead three functional teams internally, developing people and programs, leading functional program management, communications, and providing risk fundamental training to the organization• Oversee Enterprise Risk Management and Business Continuity Management metrics developed to support our risk report and dashboard provided to the Executive leadership team and Board of Directors to demonstrate fulfillment of their vision for risk management and execution of multiple projects simultaneously

• Provide independent oversight and effective challenge of Information Technology and Operations risk-related policies, procedures, processes, controls, risk ratings, risk reporting, and risk initiatives.• Facilitate annual review of the ERM Framework and Risk Appetite Framework with the first line, developing measurable risk appetite and tolerance levels resulting in enhanced reporting metrics.• Collaborate with executive leadership in an advisory role and provide an ERM perspective and influence on key strategic decisions for the technology organization.• Led alignment of enterprise-wide risk register to COBIT for technology risks.• Challenge first line risk statement identification and facilitate assessment of risks within the enterprise risk register.• Created and maintain an automated process to capture, analyze, determine root cause and track response to key risk events across the enterprise.• Lead or participate in cross-departmental working groups or workshops related to ERM’s Scenario Analysis Program and emerging risk identification.• Lead efforts to develop a risk mitigation process, to determine the level of risk associated to findings and acceptable risk reduction or treatment strategy (mitigate, accept, avoid or transfer).• Provide knowledge and guidance of current and proposed laws, rules, and regulations related to risks and controls, and remain abreast of emerging trends and best practices in risk management.

• Managed IT Audit team in the 2014 SOX and SOC-1 assessments of CNA’s IT systems and processes. Led team in evaluating management’s control assertions and assessing the effectiveness of CNA’s IT control environment. • Led IT audit and risk assessments by developing audit scope, risks, project timeline, analysis requirements, budget, and resources for IT and Operational Audits.• Managed relationships with external audit team (D&T), Managed Service Providers (MSPs), internal audit co-sourcing resources (E&Y), IT Security and Control functions in the fulfillment of annual control requirements.

• Managed Internal Audit (IA) team in the 2014 SOX assessment of Navistar’s IT systems and processes. Led team in identifying and mapping risks to management’s controls and assessing the effectiveness of Navistar’s IT controls. • Managed IT compliance functions for maintaining IT control narratives, issue remediation, risk management, and creation of new IT procedures. • Led optimization of the Internal Audit ‘People Initiative;’ responsible for developing and managing internal audit’s recruiting strategy, employee competency models, mentor model, and IA organizational chart.

• Managed 3 staff in the 2013 SOX assessment of Navistar’s IT systems and processes. External audit’s reliance on internal audit’s IT SOX assessment created $500k in annual audit cost savings.• Led entity data risk assessment and system implementation audits by developing audit scope, risks, project timeline, analysis requirements, budget, and resources for IT and Operational Audits. • Presented annual SOX findings and recommendations to IT leadership and tracked IT risk mitigation and remediation processes.

• Led project management of IT and Operational audits by developing IT audit scope, project timeline, budget and reporting requirements for Fortune 500 clients.• Managed IT procedures to address the design, implementation and operating effectiveness of a client’s IT environment and to confirm client compliance with local, state, and federal regulations and loan covenants for clients• Developed IT Internal Control testing strategies that address IT risks to determine the alignment of client systems to leading industry practices

• Performed SAP Security Assessment for a large Consumer Products company - evaluated role design, segregation of duties and data access, leading to redesign of the client’s SAP role structure, which yielded future cost savings of more than $250k for the client• Assessed clients’ IT control environment through the evaluation of design, implementation and operating effectiveness of controls addressing IT risks and operational, industry and compliance requirements