N.H. Rev. Stat. Ann. § 21-R:3
I. The commissioner of the department of information technology shall be appointed by the governor, with the advice and consent of the council, and shall serve for a term of 4 years. The commissioner shall be academically and technically qualified to hold the position, and shall be known as the chief information officer. A vacancy shall be filled for the remainder of the unexpired term in the same manner as the original appointment.
I-a. The commissioner of the department of information technology shall nominate for appointment by the governor, with the consent of the executive council, a deputy commissioner of the department of information technology, who shall serve for a term of 4 years and shall be qualified to hold that position by reason of education and experience. The deputy commissioner shall perform such duties as may be assigned by the commissioner, which may include, but not be limited to, the authority and power with approval of the commissioner to direct and supervise the operation and administration of any division of the department.
I-b. The commissioner shall appoint a chief information security officer, who shall be qualified to hold that position by reason of education and experience. The chief information security officer shall perform such duties described in RSA 21-R:4-a and as may be assigned by the commissioner, which may include, but not be limited to, the authority and power with approval of the commissioner to direct the formulation and implementation of cybersecurity and information security strategy, direction, policy, procedures, and standards across the executive branch of the state government.
Source. 2008, 335:1, eff. Sept. 5, 2008. 2014, 327:77, eff. Jan. 1, 2018. 2018, 81:1, eff. May 25, 2018. 2023, 135:1, 2, eff. Aug. 29, 2023. 2025, 141:323, eff. July 1, 2025.