Senate Bill 2625, introduced Jan. 19, would establish the state CIO as a formal, cabinet-level position in state law, appointed by the governor with Senate approval, and positioned as a statewide policy leader rather than the head of a single agency.
The bill describes the CIO as “the chief policy advisor to the governor on statewide information technology and cyber security issues,” a role that would include overseeing IT modernization efforts, advising on cybersecurity strategy and coordinating technology planning across state government. The CIO would also be required to submit an annual report to the governor detailing statewide IT and cybersecurity initiatives, expenditures and long-term planning.
This represents a departure from how the role functions today. Currently, Craig Orgeron, Mississippi’s CIO, serves as executive director of the Mississippi Department of Information Technology Services (ITS). And the state CIO title is tied to running ITS and delivering IT services, rather than operating as a separate cabinet-level office with independent policy authority.
The bill cleared the Senate Government Structure Committee Jan. 29. If it does become law, the CIO position would be legally separated from the operational hierarchy of ITS and elevated to a distinct executive role reporting directly to the governor.
NATIONAL CONTEXT AND A LONG-RUNNING SHIFT
The idea of elevating the state CIO to cabinet level is not new. As far back as 2013, national research showed states actively debating where technology leadership should sit within government. In the National Association of State Chief Information Officers’ (NASCIO) State CIO Leadership benchmark report published in 2013, the organization found that “approximately 50 percent [of state CIOs]” at that time were considered “a cabinet-level position.” NASCIO surveys since, from 2013 through 2025, have shown a steady shift away from viewing CIOs primarily as infrastructure managers and toward treating them as enterprise leaders responsible for strategy, risk and adaptability.
Nevada, for example, passed SB 431 in 2023, reorganizing its technology leadership by transferring key IT oversight duties into the Office of the Chief Information Officer within the governor’s office, and elevating that office’s strategic role. It’s a move that, much like Mississippi’s legislative proposal, sought to position technology leadership as independent from traditional agency structures.
A NEW DEPARTMENT FOCUSED ON CYBERSECURITY
In addition to expanding the CIO role, Mississippi lawmakers are advancing SB 2636, also introduced Jan. 19. It would establish a Mississippi Department of Cybersecurity dedicated solely to protecting the state’s digital systems and data.
The bill outlines the department’s mission as defending and securing cyberspace, strengthening cyber resilience and helping protect the state’s digital infrastructure. The department would be led by an executive director appointed by the governor and confirmed by the Senate, and that director would be responsible for developing statewide strategies to prevent cyber incidents, detect vulnerabilities and respond to attacks.
SB 2636 authorizes the department to work with state and local agencies and enter into contracts with them to forge stronger cybersecurity; and manage a dedicated cybersecurity fund made up of state appropriations, federal grants and other available funding sources.
It, too, passed the Government Structure Committee Jan. 29; and if enacted, would take effect July 1.
