A security architect is responsible for the security countermeasures of one or more systems, applications, components or centres. The typical role-specific responsibilities of a security architect are to review the security requirement and develop the security architecture of the application(s), service centre(s), data centre(s) and ensure that security services are implemented as protection services, such as authentication and authorisation, detection services, such as monitoring and auditing, and response services, such as incident response and forensics. A security architect is responsible for developing the security mechanisms in the software architecture and ensuring the integrity of the architectures with regard to security.
A security architect is responsible for assisting management in enforcing approved policies, procedures, standards and guidelines. The security architect will work closely with key stakeholders from the organisation as well as technical architects, solutions architects, and security specialists.
A security architect exhibits a combination of capabilities from the Skills Framework for the Information Age (SFIA) and from the Leadership competencies for Queensland.
Within the SFIA profile, the security architect has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Refer to the framework for descriptions of the seven levels of responsibility and accountability.
SFIA skill code
SFIA skill level of responsibility
SFIA skills level descriptor
|Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.|
|Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.|
|Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution. Identifies, evaluates and recommends options, implementing if required. Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements. Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.|
Emerging technology monitoring
|Monitors the external environment to gather intelligence on emerging technologies. Assesses and documents the impacts, threats and opportunities to the organisation. Creates reports and technology roadmaps and shares knowledge and insights with others.|
Leadership competencies for Queensland describes what highly effective, everyday leadership looks like in the sector. In simple, action-oriented language, it provides a common understanding of the foundations for success across all roles. The profile describes three performance dimensions (vision, results and accountability) and 11 leadership competencies required against five leadership streams.
Leadership streams are not connected to a level or classification, but rather reflect the balance between leadership and technical skills required of an individual. Individuals can consider the value proposition of roles rather than the traditional lens of hierarchical structures or classification levels. The five leadership streams are:
- Individual contributor (Leads self and does not supervise others)
- Team leader (leads a team and typically reports to a program leader)
- Program leader (leads team leaders and/or multiple areas of work)
- Executive (leads program leaders or other executives)
- Chief executive (leads the organisation).
When developing a role description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology is required for this role. A significant amount of technical skill may be acquired through industry experience; however, a degree level qualification is considered to be the usual entry point to a career as a security architect.