Each security group has a different set of permissions. The group “Site Owner” gives the user the permissions “Full control” to that subsite. It basically gives the group members all available permissions on that specific subsite. It allows them to create and delete lists and libraries, grant other users permissions, activate site features, create new subsites, etc.
A “Site Collection Administrator” on the other hand, is granted the same permissions as the site owner on every site in the site collection. There is no way to override that on subsite level. This is a very powerful role indeed, and one that should be assigned with care.
The Site Collection Admin roles comes in handy when a site owner has removed all permissions from a subsite, leaving the subsite inaccessible to all users; except the Site Collection Administrator. It is a good security ‘catch all’ role.
Besides that, this role will grant access to “Site Collection Administration” features like Site collection
features, Audit reports, Content type publishing, and so forth. These are accessed separately to other settings features (and in ‘Central Administration’ for On-Premises users).
The term “Administrator” doesn’t refer to a system administrator role, and shouldn’t be confused with classic “Server Admin” roles. It doesn’t grant permissions to execute tasks on servers, neither does it grant access to other site collections or web applications (SharePoint Online offers less control in these areas than On-Premises in any case).