Meanwhile, the state’s cybersecurity governance was centralized earlier this year under the State Cybersecurity Office (SCSO), a change established by the Arkansas Cybersecurity Act of 2025. The legislation, in combination with a June executive order, aims to streamline cybersecurity oversight, improve risk management and enhance response coordination across state agencies. The state’s chief information security officer, Gary Vance, oversees the office.
“This centralized office is responsible for coordinating all cybersecurity efforts across state government — streamlining oversight, setting statewide cyber governance standards, and ensuring consistent compliance with both state and federal regulations,” Communications Manager Jeremy May wrote in an email to Government Technology.
May added that SCSO is “proactively partnering with agencies to monitor risks, strengthen incident response and integrate cybersecurity best practices into everyday operations.” The cybersecurity act also grants the Department of Shared Administrative Services (SAS) secretary final sign-off on cooperative purchasing agreements and other significant technology procurements.
“This change ensures large-scale investments — such as cloud, cybersecurity or staffing — align with statewide strategy and security standards,” May said. “Agencies and vendors should expect streamlined oversight, with added checkpoints focused on strategic alignment, cybersecurity and compliance. The Office of State Technology will provide guidance to support smoother, more efficient procurement without added delays.”
The newly named OST reports to SAS, formerly called the Arkansas Department of Transformation and Shared Services (TSS). TSS was established in 2019 as part of former Gov. Asa Hutchinson’s effort to consolidate more than 42 state agencies into 15 departments. However, Secretary Leslie Fisken said in a department news post that a new name would be “more representative of what the department does.”
Act 412 of 2025, which codified the OST name change, also reaffirmed the roles of chief data officer and chief privacy officer, clarifying that the positions must be held by separate individuals. Arkansas has both roles currently filled, by Robert McGough and Jennifer Davis, respectively. The state’s chief technology officer is Jay Harton.
