A security specialist is responsible for ensuring that the information an organisation gathers, stores and utilises is only available to those people who need access to that information. Information security specialists are broadly responsible for information, confidentiality, integrity and availability.
Confidentiality ensures that information is not disclosed to unauthorised individuals or organisations. Confidentiality can be breached should someone manage to 'hack' into a system, or if a user is working on a laptop and allows someone to read the information on the screen. The security specialist will work with the network manager to ensure that appropriate controls are in place to restrict access to information. By having appropriate controls, the organisation ensures that the integrity of the data is not compromised. The organisation needs to create a balance between the need to protect information security, with the need to have open access and information exchange to facilitate service delivery to their clients. Information needs to be made available whenever staff require it.
The security specialist will also work with the policy officer in developing policies that that provide users with guidelines that assist in ensuring information is stored and accessed in a safe way.
A security specialist exhibits capabilities in line with the Skills Framework for the Information Age (SFIA) and the Queensland Public Service Workforce Capability Success Profile.
Within the SFIA profile, the security specialist has level 5 capabilities, i.e. ensures and advises on the skills outlined below.
Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes milestones and has a significant role in the assignment of tasks and/or responsibilities.
Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments.
Performs an extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Understands the relationship between own specialism and wider customer/organisational requirements.
Advises on the available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally. Demonstrates leadership. Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Mentors colleagues. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.
SFIA Skill Code
SFIA Skill Level of Responsibility
SFIA Skills Level Descriptor
Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Interprets information assurance and security policies and applies these in order to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Uses testing to support information assurance. Contributes to the development of policies, standards and guidelines.
Queensland Government roles align with the Queensland Public Service Workforce Capability Success Profile.
The success profile is a sector wide, one-government approach to the leadership behaviours expected of all public sector employees to support high performing workplaces. The profile describes three performance dimensions (vision, results and accountability) and 13 leadership competencies required against four role types:
- Individual contributor (manages self)
- Team leader (manages individuals)
- Program manager (manages multiple teams/projects)
- Executive (manages program managers)
When developing a Role Description, identify the role type and then focus on the most important attributes and create a balance between SFIA skills and leadership skills.
A degree level qualification in information technology or information systems is required for this role.
 The Skills Framework for the Information Age (SFIA) provides a common language that integrates with an organisation’s way of working, to improve capability and resource planning, resource deployment and performance management. This role profile quotes extensively from the SFIA, under licence from the SFIA Foundation. Information about the SFIA can be found at http://www.sfia-online.org/en
 The Queensland Public Service Workforce Capability Success Profile plays a key role in translating the government’s ‘talent management requirements’ into clear behavioural terms, while at the same time delivering organisational change and growth. The success profile is being utilised to align sector-wide talent management strategies, including workforce planning, talent acquisition, leadership development, capability development, performance management, career management and succession planning. See http://www.psc.qld.gov.au/includes/assets/PSC_Workforce_Capability_Success_Profile.pdf