(a) In this section, “state information security program” means the policies, standards, procedures, elements, structure, strategies, objectives, plans, metrics, reports, services, and resources that establish the information resources security function for this state.
(b) The executive director, using existing funds, shall employ a chief information security officer.

(c) The chief information security officer shall oversee cybersecurity matters for this state including:
(1) implementing the duties described by § 2054.059;
(2) responding to reports received under Section 2054.1125;
(3) developing a statewide information security framework;
(4) overseeing the development of statewide information security policies and standards;
(5) collaborating with state agencies, local governmental entities, and other entities operating or exercising control over state information systems or state-controlled data to strengthen this state’s cybersecurity and information security policies, standards, and guidelines;
(6) overseeing the implementation of the policies, standards, and guidelines developed under Subdivisions (3) and (4);
(7) providing information security leadership, strategic direction, and coordination for the state information security program;
(8) providing strategic direction to:
(A) the network security center established under § 2059.101; and
(B) statewide technology centers operated under Subchapter L; and
(9) overseeing the preparation and submission of the report described by § 2054.0591.