Logo for K2United

Mid-Level RMF Controls / ConMon Analyst

Role overview

Qualifications

  • Bachelor’s degree in a related field, or equivalent experience
  • Four or more years of experience in federal RMF operations
  • Demonstrated experience managing POAMs at portfolio scale
  • Strong analytical writing skills

Responsibilities

  • Execute ongoing-authorization control evaluations on a rotating quarterly cycle
  • Develop and maintain system-level Continuous Monitoring (ConMon) Plans
  • Populate and continuously maintain the enterprise Risk Management Register
  • Manage and track POAMs to timely remediation

Key facts

Other skills

  • Collaboration
  • Detail Oriented

About the company

K2United logo

K2United

IT Services & IT Consulting

Company details

IndustryIT Services & IT Consulting

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Type
Contract
Description

 

K2United is an organization that houses two distinct, national, customer-facing brands tied together by a shared purpose: setting the standard for an extraordinary workplace. Through our brands, K2Share and CareerSafe, we provide advisory services in cyber risk management and online education for workforce readiness.

Our four core values define how we show up every day:

  • Respect Others - We lead with respect, building trust and connection.
  • Internally Driven - We are relentlessly compelled to accomplish our objectives.
  • Collaborative Innovation - We create by listening, sharing, and working together.
  • Client Success - We hold our clients' mission as our own.

We believe in people who are accountable, curious, and motivated to make an impact that matters.


Our programs make a meaningful difference. CareerSafe supports more than two million users each year, while K2Share delivers cybersecurity and IT solutions that strengthen federal agencies. As part of our team, you'll help solve complex challenges in a mission-driven, small-business environment that values professional growth, collaboration, and work-life balance.


K2Share is seeking an RMF Controls / ConMon Analyst to support a federal health-sector client. In this role, you will keep authorizations defensible after they are signed: evaluating controls on a rotating cycle, keeping POA&Ms moving to closure, maintaining the enterprise risk picture, and verifying that the evidence behind every authorization stays current across a large portfolio of FISMA Low and Moderate systems.  


This position is remote first, with periodic on-site support in the Washington, DC metropolitan area as directed, and is contingent upon contract award.  


About You 


You are a continuous monitoring professional who understands that an ATO is a starting line, not a finish line. You are rigorous about evidence, disciplined about dates, and fluent in translating control-level detail into portfolio-level risk that leadership can act on. 


You are comfortable running recurring processes at scale, spotting drift before auditors do, and coordinating across ISSOs, system owners, and assessors to keep remediation honest and on schedule. 


 

Your Impact 


As the RMF Controls / ConMon Analyst, you will sustain the ongoing-authorization posture of the enterprise. Your work will feed executive dashboards, FISMA reporting, and audit responses, and will determine whether accepted risk stays visible, time-boxed, and owned. 


In this role, you will: 

  • Execute ongoing-authorization control evaluations on a rotating quarterly cycle, documenting results, dispositioning each control as satisfied or other-than-satisfied, and injecting findings into the POA&M process. 
  • Develop and maintain system-level Continuous Monitoring (ConMon) Plans providing ongoing visibility into each system’s security posture. 
  • Populate and continuously maintain the enterprise Risk Management Register, logging all identified system-level risks with severity, status, and mitigation plans, and preparing the monthly register deliverable. 
  • Manage and track POA&Ms to timely remediation, enforcing linkage of every weakness to a control, aging findings against remediation clocks, and maintaining milestones, owners, and evidence. 
  • Support the risk mitigation waiver lifecycle, including standardized intake, documented risk determination and approval authority, maintenance of the Risk Mitigation Waiver Register, annual reassessment of active waivers, escalation of expirations, and recommendations to terminate, modify, or renew based on current risk posture. 
  • Coordinate and document annual Contingency Plan and Incident Response Plan tests, including test reports with results, lessons learned, and corrective actions. 
  • Verify artifact freshness across the authorization portfolio and flag stale evidence for refresh before it becomes an audit finding. 
  • Provide enhanced oversight for High Value Assets, including prioritized monitoring and reporting. 
  • Prepare continuous monitoring inputs for weekly executive dashboards, the monthly cybersecurity risk profile, and quarterly and annual FISMA reporting. 
  • Support internal and external assessments and audits, including artifact collection, interview support, and corrective-action tracking for OIG, GAO, and departmental reviews. 
Requirements

  

  • Bachelor’s degree in a related field, or equivalent experience as allowed by company and contract policy. 
  • Four or more years of experience in federal RMF operations, continuous monitoring, or security control assessment under NIST SP 800-37, 800-53, and 800-53A. 
  • Demonstrated experience managing POA&Ms at portfolio scale, including aging analysis, milestone tracking, evidence management, and closure validation. 
  • Experience conducting or supporting control assessments using interview, examine, and test methods, and documenting defensible results. 
  • Working knowledge of risk registers, risk-acceptance and waiver processes, and NIST SP 800-30 risk assessment methodology. 
  • Experience with enterprise GRC platforms such as JCAM, CSAM, eMASS, or Xacta. 
  • Strong analytical writing skills, including the ability to summarize technical risk for executive audiences. 
  • Ability to meet federal background investigation requirements. 

 

Preferred Qualifications 

  • Experience with ongoing authorization or Information Security Continuous Monitoring (ISCM) programs and scorecard-driven risk reporting. 
  • Familiarity with dashboard and data-pipeline tools such as Power BI or Splunk for compliance metrics. 
  • Experience coordinating contingency plan testing across a large system portfolio. 
  • Active certification such as CGRC/CAP, CompTIA Security+, CISA, CRISC, or CISSP. 
  • Prior support to federal civilian agency cybersecurity programs. 


Benefits


We're invested in the people who make our success possible. As a K2United employee, you'll enjoy a comprehensive benefits package designed to support your professional and personal well-being, including:

  • 401(k) with employer matching
  • Low-cost medical coverage for employees and their families
  • Paid time off
  • Paid leave for jury duty, military service, voting, and other qualifying events
  • Wellness stipend, including fitness reimbursement
  • Tuition assistance
  • Casual work environment
  • Technical training and certification support
  • Complimentary access to CareerSafe online training courses for employees and their immediate family

Equal Opportunity Employer


K2United is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by applicable law.

Salary Description
$75,000 - $90,000

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at K2United

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.