A security analyst is responsible for ensuring the collection, processing, preservation, analysis and presentation of evidence in support of vulnerability mitigation and information security incident investigations. The security analyst also responds to computer security incidents in line with internal protocols. Advice and guidance will be provided to staff for handling information security incidents.The security analyst will work closely with security specialists to ensure that appropriate controls and standards are adhered to allow appropriate access to information, and prevent malicious attacks.
It is recognised that for effective service delivery to the customer, the organisation needs to create a balance between the need to protect information security, with the need to have access and information exchange to facilitate service delivery to their clients. A sound appreciation of the environment and sensitivity of information is central to this role.The security analyst will also work with the policy officer in developing policies that that provide users with guidelines that assist in ensuring information is stored and accessed in a safe way.
A security analyst exhibits capabilities in line with the Skills Framework for the Information Age (SFIA) and the Queensland Public Service Workforce Capability Success Profile.
Within the SFIA profile, the security analyst has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes milestones and has a significant role in the assignment of tasks and/or responsibilities.
Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments.
Performs an extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Understands the relationship between own specialism and wider customer/organisational requirements.
Advises on the available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally. Demonstrates leadership. Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Mentors colleagues. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.
|SFIA skill||SFIA Skill Code||SFIA Skill Level of Responsibility||SFIA Skills Level Descriptor|
Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Ensures that incidents are handled according to agreed procedures. Investigates escalated incidents to responsible service owners and seeks resolution. Facilitates recovery, following resolution of incidents. Ensures that resolved incidents are properly documented and closed. Analyses causes of incidents, and informs service owners in order to minimise probability of recurrence, and contribute to service improvement. Analyses metrics and reports on performance of incident management process.
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Conducts investigations to correctly gather, analyse and present digital evidence to both business and legal audiences. Collates conclusions and recommendations and presents forensics findings to stakeholders. Contributes to the developments of policies, standards and guidelines.
Queensland Government roles align with the Queensland Public Service Workforce Capability Success Profile.
The success profile is a sector wide, one-government approach to the leadership behaviours expected of all public sector employees to support high performing workplaces. The profile describes three performance dimensions (vision, results and accountability) and 13 leadership competencies required against four role types:
- Individual contributor (manages self)
- Team leader (manages individuals)
- Program manager (manages multiple teams/projects)
- Executive (manages program managers)
When developing a Role Description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology is required for this role. A significant amount of technical skill may be acquired through industry experience, however, a degree level qualification is considered to be the usual entry point to a career as a security analyst.
Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Manager (CISM) with a working knowledge of ISO27000 is desirable.
- The Skills Framework for the Information Age (SFIA) provides a common language that integrates with an organisation’s way of working, to improve capability and resource planning, resource deployment and performance management. This role profile quotes extensively from the SFIA, under licence from the SFIA Foundation. Information about the SFIA can be found at http://www.sfia-online.org/en
- The Queensland Public Service Workforce Capability Success Profile plays a key role in translating the government’s ‘talent management requirements’ into clear behavioural terms, while at the same time delivering organisational change and growth. The success profile is being utilised to align sector-wide talent management strategies, including workforce planning, talent acquisition, leadership development, capability development, performance management, career management and succession planning. See http://www.psc.qld.gov.au/includes/assets/PSC_Workforce_Capability_Success_Profile.pdf