Logo for K2United

Mid-Level Information System Security Officer (ISSO) / System Owner Support

Role overview

Qualifications

  • Bachelor's degree in a related field or equivalent experience
  • Four or more years of experience as an ISSO or supporting RMF authorization package development
  • Hands-on experience developing System Security Plans (SSPs) and other required documentation
  • Strong written communication and technical documentation skills

Responsibilities

  • Develop and maintain RMF authorization artifacts and foundational system documentation
  • Assist system owners with security control scoping and tailoring
  • Support development of Interconnection Security Agreements and authorization documentation
  • Coordinate and document annual contingency and incident response testing

About the company

K2United logo

K2United

IT Services & IT Consulting

Company details

IndustryIT Services & IT Consulting

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Type
Contract
Description

 

K2United is an organization that houses two distinct, national, customer-facing brands tied together by a shared purpose: setting the standard for an extraordinary workplace. Through our brands, K2Share and CareerSafe, we provide advisory services in cyber risk management and online education for workforce readiness.


Our four core values define how we show up every day:

  • Respect Others - We lead with respect, building trust and connection.
  • Internally Driven - We are relentlessly compelled to accomplish our objectives.
  • Collaborative Innovation - We create by listening, sharing, and working together.
  • Client Success - We hold our clients' mission as our own.

We believe in people who are accountable, curious, and motivated to make an impact that matters.


Our programs make a meaningful difference. CareerSafe supports more than two million users each year, while K2Share delivers cybersecurity and IT solutions that strengthen federal agencies. As part of our team, you'll help solve complex challenges in a mission-driven, small-business environment that values professional growth, collaboration, and work-life balance.


K2Share is seeking an Information System Security Officer (ISSO) to support a federal health-sector client. In this role, you will serve as a trusted security advisor to system owners, business owners, and technical teams, helping guide systems through the Risk Management Framework (RMF) and supporting their Authority to Operate (ATO) throughout the system lifecycle.


You will develop and maintain authorization documentation, continuous monitoring strategies, contingency planning, and security guidance while helping ensure client systems remain compliant with federal cybersecurity requirements. This role supports authorization package development while maintaining appropriate independence from formal Security Control Assessment (SCA) and Final Assessment Report (SAR) validation activities for the same systems.


About You


You are an experienced cybersecurity professional who enjoys helping organizations successfully navigate the Risk Management Framework while balancing mission objectives and security requirements. You understand that effective RMF implementation requires more than documentation. It requires collaboration, sound technical judgment, and the ability to translate complex security requirements into practical guidance.


You are comfortable working directly with system owners, engineers, privacy professionals, and leadership to develop authorization packages, continuous monitoring strategies, and security documentation that withstands rigorous review. You communicate clearly, stay organized across multiple systems, and take ownership of helping programs achieve and maintain compliance.


You thrive in an environment where you can combine technical expertise with consulting, mentorship, and process improvement to strengthen an organization's overall cybersecurity posture.


Your Impact


As the Information System Security Officer, you will help guide client systems through every phase of the RMF and ATO lifecycle. Your expertise will support secure system design, authorization, continuous monitoring, and operational readiness while serving as a key resource for system owners and stakeholders.


In this role, you will:

  • Develop and maintain RMF authorization artifacts, including the System Security Plan (SSP), Business Impact Analysis (BIA), FIPS 199 categorization, Privacy Threshold and Privacy Impact Assessments (PTA/PIA), Configuration Management Plan (CMP), and e-Authentication documentation.
  • Create foundational system documentation, including Boundary Scope Memorandums (BSM), System Architecture diagrams, and Authorization Boundary and Network Diagrams (ABND).
  • Assist system owners with security control scoping, tailoring, inheritance, and identification of applicable overlays, including the client's AI Overlay where applicable.
  • Apply the NIST AI Risk Management Framework (AI RMF 1.0) and relevant OMB guidance for systems incorporating Artificial Intelligence or Machine Learning capabilities.
  • Support development of Interconnection Security Agreements (ISAs), Memorandums of Understanding (MOUs), and other authorization documentation.
  • Validate technical evidence, including configuration artifacts, scan reports, and system documentation, to ensure compliance with NIST SP 800-53 Rev. 5 prior to authorization package submission.
  • Develop and maintain system-level Contingency Plans (CP), Incident Response Plans (IRP), and Continuous Monitoring (ConMon) Plans.
  • Coordinate and document annual contingency and incident response testing, including corrective actions and follow-up activities.
  • Develop and deliver annual contingency planning and incident response training for system personnel.
  • Maintain RMF templates, SDLC security artifacts, cloud assessment playbooks, process guides, and SharePoint security content, including the Educational Materials and Checklists library with annual updates. 
  • Facilitate RMF training sessions, office hours, and user guidance while identifying opportunities to improve authorization processes, such as streamlined Authority to Use (ATU) pathways.
  • Serve as the primary security advisor to system owners, stakeholders, and the client Privacy Coordinator throughout the RMF and ATO lifecycle.
  • Review FedRAMP Cloud Service Provider packages, support secure cloud deployments, assist with system decommissioning, and help resolve discrepancies within enterprise GRC tools.
Requirements

 

  • Bachelor's degree in a related field, or equivalent experience as allowed by company and contract policy.
  • Four or more years of experience serving as an ISSO or supporting RMF authorization package development within a federal environment.
  • Hands-on experience developing System Security Plans (SSPs), Business Impact Analyses (BIAs), FIPS 199 categorizations, Privacy Threshold and Privacy Impact Assessments (PTA/PIA), and Configuration Management Plans.
  • Working knowledge of NIST SP 800-37 (RMF), NIST SP 800-53 Rev. 5, NIST SP 800-18, and FISMA.
  • Experience developing, maintaining, and testing system-level Contingency Plans and Incident Response Plans.
  • Strong written communication, stakeholder engagement, and technical documentation skills.
  • Ability to meet federal background investigation requirements.

Preferred Qualifications

  • Active certification such as CISSP, CGRC/CAP, CISM, or CompTIA Security+.
  • Experience using GRC and authorization platforms such as eMASS, CSAM, Xacta, or JCAM.
  • Experience supporting FedRAMP authorizations and cloud environments in AWS and/or Azure.
  • Familiarity with the NIST AI Risk Management Framework (AI RMF 1.0).
  • Prior support to federal civilian agency cybersecurity programs.

Benefits


We're invested in the people who make our success possible. As a K2United employee, you'll enjoy a comprehensive benefits package designed to support your professional and personal well-being, including:

  • 401(k) with employer matching
  • Low-cost medical coverage for employees and their families
  • Paid time off
  • Paid leave for jury duty, military service, voting, and other qualifying events
  • Wellness stipend, including fitness reimbursement
  • Tuition assistance
  • Casual work environment
  • Technical training and certification support
  • Complimentary access to CareerSafe online training courses for employees and their immediate family

Equal Opportunity Employer

K2United is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by applicable law.

Salary Description
$80,000 - $105,000

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Information Security Analyst Related jobs

Other jobs at K2United

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.