A security analyst is responsible for ensuring the collection, processing, preservation, analysis and presentation of evidence in support of vulnerability mitigation and information security incident investigations. The security analyst also responds to computer security incidents in line with internal protocols. Advice and guidance will be provided to staff for handling information security incidents. The security analyst will work closely with security specialists to ensure that appropriate controls and standards are adhered to allow appropriate access to information and prevent malicious attacks.
It is recognised that for effective service delivery to the customer, the organisation needs to create a balance between the need to protect information security, with the need to have access and information exchange to facilitate service delivery to their clients. A sound appreciation of the environment and sensitivity of information is central to this role. The security analyst will also work with the policy officer in developing policies that that provide users with guidelines that assist in ensuring information is stored and accessed in a safe way.
A security analyst exhibits a combination of capabilities from the Skills Framework for the Information Age (SFIA) and from the Leadership competencies for Queensland.
Within the SFIA profile, the security analyst has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Refer to the framework for descriptions of the seven levels of responsibility and accountability.
SFIA skill code
SFIA skill level of responsibility
SFIA skills level descriptor
Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Ensures that incidents are handled according to agreed procedures. Investigates escalated incidents to responsible service owners and seeks resolution. Facilitates recovery, following resolution of incidents. Ensures that resolved incidents are properly documented and closed. Analyses causes of incidents and informs service owners in order to minimise probability of recurrence and contribute to service improvement. Analyses metrics and reports on performance of incident management process.
Conducts investigations to correctly gather, analyse and present the totality of findings including digital evidence to both business and legal audiences. Collates conclusions and recommendations and presents forensics findings to stakeholders. Contributes to the development of policies, standards and guidelines.
Leadership competencies for Queensland describes what highly effective, everyday leadership looks like in the sector. In simple, action-oriented language, it provides a common understanding of the foundations for success across all roles. The profile describes three performance dimensions (vision, results and accountability) and 11 leadership competencies required against five leadership streams.
Leadership streams are not connected to a level or classification, but rather reflect the balance between leadership and technical skills required of an individual. Individuals can consider the value proposition of roles rather than the traditional lens of hierarchical structures or classification levels. The five leadership streams are:
- Individual contributor (Leads self and does not supervise others)
- Team leader (leads a team and typically reports to a program leader)
- Program leader (leads team leaders and/or multiple areas of work)
- Executive (leads program leaders or other executives)
- Chief executive (leads the organisation).
When developing a role description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology or information systems is required for this role.