There's no way to accurately answer your question on how security compares to general IT because it varies from company to company. The spectrum encompasses everything from it being the responsibility of one guy (along with everything else) to having multi-person teams responsible for specific realms within the greater security construct; e.g., ID/PS teams, firewall teams, DLP teams, eDiscovery and forensics teams, etc. ad nauseam. I'd say the general rule is that the larger company, the larger the disbursement of teams and personnel. As part of that, you could expect to be more "hands-on" across more technologies with smaller teams and organizations than with the larger companies; again, it varies from company to company.
My department is not as diluted as other large organizations and we have collapsed many areas into an "Engineering and Architecture" group but we do have several other more focused teams. Our E&A group is focused on managing and supporting the Security team's infrastructure, providing overall enterprise architectural guidance, active defense technology control (firewalls, ID/PS, web security appliances, etc.), control certification and verification, and project consultation. It works for us because our overall IT group is security-focused and have adopted the "security is everyone's responsibility" mantra; our CIO made sure of that. Other organizations may not have that mentality thus creating a scenario where Security has to hover over the other administrators dictating how and when to turn knobs and pull levers; if they have that ability. I've seen many companies where the security group has no "teeth" whatsoever and is there purely as a token.
There are comparably-sized companies right down the road from us who have the diluted model I mentioned above. Based on their business model and practices, that works better for them.