A security architect is responsible for the security countermeasures of one or more systems, applications, components, or centres. The typical role-specific responsibilities of a security architect are to review the security requirement and develop the security architecture of the application(s), service centre(s), data centre(s) and ensure that security services are implemented as protection services, such as authentication and authorisation, detection services, such as monitoring and auditing, and response services, such as incident response and forensics. A security architect is responsible for developing the security mechanisms in the software architecture and ensuring the integrity of the architectures with regard to security.
A security architect is responsible for assisting management in enforcing approved policies, procedures, standards and guidelines. The security architect will work closely with key stakeholders from the organisation as well as technical architects, solutions architects, and security specialists.
A security architect exhibits capabilities in line with the Skills Framework for the Information Age (SFIA) and the Queensland Public Service Workforce Capability Success Profile.
Within the SFIA profile, the security architect has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes milestones and has a significant role in the assignment of tasks and/or responsibilities.
Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments.
Performs an extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Understands the relationship between own specialism and wider customer/organisational requirements.
Advises on the available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally. Demonstrates leadership. Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Mentors colleagues. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.
SFIA Skill Code
SFIA Skill Level of Responsibility
SFIA Skills Level Descriptor
Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution. Identifies, evaluates and recommends options, implementing if required. Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements. Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.
Emerging technology monitoring
Monitors the market to gain knowledge and understanding of currently emerging technologies. Identifies new and emerging hardware and software technologies and products based on own area of expertise, assesses their relevance and potential value to the organisation, contributes to briefings of staff and management.
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Queensland Government roles align with the Queensland Public Service Workforce Capability Success Profile.
The success profile is a sector wide, one-government approach to the leadership behaviours expected of all public sector employees to support high performing workplaces. The profile describes three performance dimensions (vision, results and accountability) and 13 leadership competencies required against four role types:
- Individual contributor (manages self)
- Team leader (manages individuals)
- Program manager (manages multiple teams/projects)
- Executive (manages program managers)
When developing a Role Description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology is required for this role. A significant amount of technical skill may be acquired through industry experience, however a degree level qualification is considered to be the usual entry point to a career as a security architect.
CISSP certification is desired, with any of the following qualifications would be beneficial - Checkpoint Certified Security Administrator (CCSA) or Expert (CCSE), Cisco Certified Security Professional (CCSP), or other major vendor sponsored security certifications.
 The Skills Framework for the Information Age (SFIA) provides a common language that integrates with an organisation’s way of working, to improve capability and resource planning, resource deployment and performance management. This role profile quotes extensively from the SFIA, under licence from the SFIA Foundation. Information about the SFIA can be found at http://www.sfia-online.org/en
 The Queensland Public Service Workforce Capability Success Profile plays a key role in translating the government’s ‘talent management requirements’ into clear behavioural terms, while at the same time delivering organisational change and growth. The success profile is being utilised to align sector-wide talent management strategies, including workforce planning, talent acquisition, leadership development, capability development, performance management, career management and succession planning. See http://www.psc.qld.gov.au/includes/assets/PSC_Workforce_Capability_Success_Profile.pdf