K2United is an organization that houses two distinct, national, customer-facing brands tied together by a shared purpose: setting the standard for an extraordinary workplace. Through our brands, K2Share and CareerSafe, we provide advisory services in cyber risk management and online education for workforce readiness.
Our four core values define how we show up every day:
- Respect Others - We lead with respect, building trust and connection.
- Internally Driven - We are relentlessly compelled to accomplish our objectives.
- Collaborative Innovation - We create by listening, sharing, and working together.
- Client Success - We hold our clients' mission as our own.
We believe in people who are accountable, curious, and motivated to make an impact that matters.
Our programs make a meaningful difference. CareerSafe supports more than two million users each year, while K2Share delivers cybersecurity and IT solutions that strengthen federal agencies. As part of our team, you'll help solve complex challenges in a mission-driven, small-business environment that values professional growth, collaboration, and work-life balance.
K2Share is seeking an RMF Controls / ConMon Analyst to support a federal health-sector client. In this role, you will keep authorizations defensible after they are signed: evaluating controls on a rotating cycle, keeping POA&Ms moving to closure, maintaining the enterprise risk picture, and verifying that the evidence behind every authorization stays current across a large portfolio of FISMA Low and Moderate systems.
This position is remote first, with periodic on-site support in the Washington, DC metropolitan area as directed, and is contingent upon contract award.
About You
You are a continuous monitoring professional who understands that an ATO is a starting line, not a finish line. You are rigorous about evidence, disciplined about dates, and fluent in translating control-level detail into portfolio-level risk that leadership can act on.
You are comfortable running recurring processes at scale, spotting drift before auditors do, and coordinating across ISSOs, system owners, and assessors to keep remediation honest and on schedule.
Your Impact
As the RMF Controls / ConMon Analyst, you will sustain the ongoing-authorization posture of the enterprise. Your work will feed executive dashboards, FISMA reporting, and audit responses, and will determine whether accepted risk stays visible, time-boxed, and owned.
In this role, you will:
- Execute ongoing-authorization control evaluations on a rotating quarterly cycle, documenting results, dispositioning each control as satisfied or other-than-satisfied, and injecting findings into the POA&M process.
- Develop and maintain system-level Continuous Monitoring (ConMon) Plans providing ongoing visibility into each system’s security posture.
- Populate and continuously maintain the enterprise Risk Management Register, logging all identified system-level risks with severity, status, and mitigation plans, and preparing the monthly register deliverable.
- Manage and track POA&Ms to timely remediation, enforcing linkage of every weakness to a control, aging findings against remediation clocks, and maintaining milestones, owners, and evidence.
- Support the risk mitigation waiver lifecycle, including standardized intake, documented risk determination and approval authority, maintenance of the Risk Mitigation Waiver Register, annual reassessment of active waivers, escalation of expirations, and recommendations to terminate, modify, or renew based on current risk posture.
- Coordinate and document annual Contingency Plan and Incident Response Plan tests, including test reports with results, lessons learned, and corrective actions.
- Verify artifact freshness across the authorization portfolio and flag stale evidence for refresh before it becomes an audit finding.
- Provide enhanced oversight for High Value Assets, including prioritized monitoring and reporting.
- Prepare continuous monitoring inputs for weekly executive dashboards, the monthly cybersecurity risk profile, and quarterly and annual FISMA reporting.
- Support internal and external assessments and audits, including artifact collection, interview support, and corrective-action tracking for OIG, GAO, and departmental reviews.
- Bachelor’s degree in a related field, or equivalent experience as allowed by company and contract policy.
- Four or more years of experience in federal RMF operations, continuous monitoring, or security control assessment under NIST SP 800-37, 800-53, and 800-53A.
- Demonstrated experience managing POA&Ms at portfolio scale, including aging analysis, milestone tracking, evidence management, and closure validation.
- Experience conducting or supporting control assessments using interview, examine, and test methods, and documenting defensible results.
- Working knowledge of risk registers, risk-acceptance and waiver processes, and NIST SP 800-30 risk assessment methodology.
- Experience with enterprise GRC platforms such as JCAM, CSAM, eMASS, or Xacta.
- Strong analytical writing skills, including the ability to summarize technical risk for executive audiences.
- Ability to meet federal background investigation requirements.
Preferred Qualifications
- Experience with ongoing authorization or Information Security Continuous Monitoring (ISCM) programs and scorecard-driven risk reporting.
- Familiarity with dashboard and data-pipeline tools such as Power BI or Splunk for compliance metrics.
- Experience coordinating contingency plan testing across a large system portfolio.
- Active certification such as CGRC/CAP, CompTIA Security+, CISA, CRISC, or CISSP.
- Prior support to federal civilian agency cybersecurity programs.
Benefits
We're invested in the people who make our success possible. As a K2United employee, you'll enjoy a comprehensive benefits package designed to support your professional and personal well-being, including:
- 401(k) with employer matching
- Low-cost medical coverage for employees and their families
- Paid time off
- Paid leave for jury duty, military service, voting, and other qualifying events
- Wellness stipend, including fitness reimbursement
- Tuition assistance
- Casual work environment
- Technical training and certification support
- Complimentary access to CareerSafe online training courses for employees and their immediate family
Equal Opportunity Employer
K2United is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by applicable law.