Yep! The errata pipeline is exactly the same. More information on the exact pipeline is being documented for the public, as well as the associated code.
The long story short is that @mustafa has composed a beautiful piece of software which is able to synchronize errata information from RH which enables things like dnf update --security and other commands to work.
The actual build process is the same for any package update–security, bug, or otherwise. Once we receive notification (generally via automation and/or the message bus) that a package is updated, it is debranded if necessary, and rebuilt. There are times where the releng team needs to work to fix some package build issues, and there are some growing pains especially around dotnet and some other packages where we have to custom-debrand each time until we can become officially supported in the upstream projects… but those are on their way!
We aim to have most updates turned around and promoted to our Tier 0 mirror for synchronization around the world within 24-48 hours of release–though this is not “technically” an SLA, as it’s more of a best-effort 
Edit to add: You can also check out https://errata.rockylinux.org ! Any features/etc you might want please feel free to open a bug or comment here if there’s not a place for it. We’ve got RSS feeds and (tangentially) email announce lists in the pipeline.