A security specialist is responsible for ensuring that the information an organisation gathers, stores and utilises is only available to those people who need access to that information. Information security specialists are broadly responsible for information, confidentiality, integrity and availability.
Confidentiality ensures that information is not disclosed to unauthorised individuals or organisations. Confidentiality can be breached should someone manage to 'hack' into a system, or if a user is working on a laptop and allows someone to read the information on the screen. The security specialist will work with the network manager to ensure that appropriate controls are in place to restrict access to information. By having appropriate controls, the organisation ensures that the integrity of the data is not compromised. The organisation needs to create a balance between the need to protect information security, with the need to have open access and information exchange to facilitate service delivery to their clients. Information needs to be made available whenever staff require it.
The security specialist will also work with the policy officer in developing policies that that provide users with guidelines that assist in ensuring information is stored and accessed in a safe way.
A security specialist exhibits a combination of capabilities from the Skills Framework for the Information Age (SFIA) and the Leadership competencies for Queensland.
Within the SFIA profile, the security specialist has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Refer to the framework for descriptions of the seven levels of responsibility and accountability.
SFIA skill code
SFIA skill level of responsibility
SFIA skills level descriptor
Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Interprets information assurance and security policies and applies these in order to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Uses testing to support information assurance. Contributes to the development of policies, standards and guidelines.
Leadership competencies for Queensland describes what highly effective, everyday leadership looks like in the sector. In simple, action-oriented language, it provides a common understanding of the foundations for success across all roles. The profile describes three performance dimensions (vision, results and accountability) and 11 leadership competencies required against five leadership streams.
Leadership streams are not connected to a level or classification, but rather reflect the balance between leadership and technical skills required of an individual. Individuals can consider the value proposition of roles rather than the traditional lens of hierarchical structures or classification levels. The five leadership streams are:
- Individual contributor (Leads self and does not supervise others)
- Team leader (leads a team and typically reports to a program leader)
- Program leader (leads team leaders and/or multiple areas of work)
- Executive (leads program leaders or other executives)
- Chief executive (leads the organisation).
When developing a role description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology or information systems is required for this role.