(a) There is hereby established the position of executive branch chief information security officer. The CISO shall be in the unclassified service under the Kansas civil service act, shall be appointed by the governor and shall receive compensation in an amount fixed by the governor.

(b) The CISO shall:

(1) Report to the executive branch chief information technology officer;

(2) serve as the state‘s CISO;

(3) serve as the executive branch chief cybersecurity strategist and authority on policies, compliance, procedures, guidance and technologies impacting executive branch cybersecurity programs;

(4) ensure Kansas information security office resources assigned or provided to executive branch agencies are in compliance with applicable laws and rules and regulations;

(5) coordinate cybersecurity efforts between executive branch agencies;

(6) provide guidance to executive branch agencies when compromise of personal information or computer resources has occurred or is likely to occur as the result of an identified high-risk vulnerability or threat;

(7) set cybersecurity policy and standards for executive branch agencies; and

(8) perform such other functions and duties as provided by law and as directed by the executive chief information technology officer.