A security architect is responsible for the security countermeasures of one or more systems, applications, components or centres. The typical role-specific responsibilities of a security architect are to review the security requirement and develop the security architecture of the application(s), service centre(s), data centre(s) and ensure that security services are implemented as protection services, such as authentication and authorisation, detection services, such as monitoring and auditing, and response services, such as incident response and forensics. A security architect is responsible for developing the security mechanisms in the software architecture and ensuring the integrity of the architectures with regard to security.
A security architect is responsible for assisting management in enforcing approved policies, procedures, standards and guidelines. The security architect will work closely with key stakeholders from the organisation as well as technical architects, solutions architects, and security specialists.
A security architect exhibits a combination of capabilities from the Skills Framework for the Information Age (SFIA) and from the Queensland Public Service Leadership competencies for Queensland Framework.
Within the SFIA profile, the security architect has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Refer to the framework for descriptions of the seven levels of responsibility and accountability.
SFIA skill code
SFIA skill level of responsibility
SFIA skills level descriptor
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates
major breaches of security and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security
are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution. Identifies, evaluates and recommends options, implementing if required. Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements.
Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.
Emerging technology monitoring
Monitors the external environment to gather intelligence on emerging technologies. Assesses and documents the impacts, threats and opportunities to the organisation. Creates reports and technology roadmaps and shares knowledge and insights with others.
Queensland Government roles align with the Leadership competencies for Queensland.
Leadership competencies for Queensland describes what highly effective, everyday leadership looks like in the sector. In simple, action-oriented language, it provides a common understanding of the foundations for success across all roles. The profile describes three performance dimensions (vision, results and accountability) and 11 leadership competencies required against five leadership streams.
Leadership streams are not connected to a level or classification, but rather reflect the balance between leadership and technical skills required of an individual. Individuals can consider the ‘value proposition’ of roles rather than the traditional lens of hierarchical structures or classification levels. The five leadership streams are:
- Individual contributor (Leads self and does not supervise others)
- Team leader (leads a team and typically reports to a program leader)
- Program leader (leads team leaders and/or multiple areas of work)
- Executive (leads program leaders or other executives)
- Chief executive (leads the organisation).
When developing a role description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology is required for this role. A significant amount of technical skill may be acquired through industry experience; however, a degree level qualification is considered to be the usual entry point to a career as a security architect.
 The Skills Framework for the Information Age (SFIA) provides a common language that integrates with an organisation’s way of working, to improve capability and resource planning, resource deployment and performance management. This role profile quotes extensively from the SFIA, under licence from the SFIA Foundation. Information about the SFIA can be found at http://www.sfia-online.org/en
 The Leadership competencies for Queensland framework plays a key role in translating the government’s ‘talent management requirements’ into clear behavioural terms. The competencies can be utilised in talent management strategies, including workforce planning, talent acquisition, leadership development, capability development, performance management, career management and succession planning. The competences can be accessed here Leadership competencies for Queensland