The position of Statewide Chief Information Security Officer is established within the Office. The Secretary shall appoint a Statewide Chief Information Security Officer who shall serve at the pleasure of the Secretary. The Statewide Chief Information Security Officer shall report to and be under the supervision of the Secretary. The Statewide Chief Information Security Officer shall exhibit a background and experience in information security, information technology, or risk management, or exhibit other appropriate expertise required to fulfill the duties of the Statewide Chief Information Security Officer. If the Statewide Chief Information Security Officer is unable or unavailable to perform the duties and responsibilities under Section 5-25 , all powers and authority granted to the Statewide Chief Information Security Officer may be exercised by the Secretary or his or her designee.
20 ILCS 1375/5-20