FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Mid-Level RMF Controls, ConMon Analyst
K2UnitedRMF Controls / ConMon Analyst supporting federal health-sector client remotely with periodic on-site support in Washington, DC area. Ensuring ongoing authorization posture and managing cybersecurity risk assessments and reports.
Posted 7/17/2026contractMaryland • 🇺🇸 United StatesMid-LevelSenior💰 $75,000 - $90,000 per yearWebsite
Core Competencies
Role fitCore Competencies
Use this summary to align your resume positioning with the role.
Demonstrates expertise in federal Risk Management Framework (RMF) operations, continuous monitoring, and security control assessments, with a strong focus on managing Plans of Action and Milestones (POA&Ms) and risk registers. Proficient in analytical writing for executive reporting and maintaining compliance with NIST standards.
Highest-signal resume keywords
Federal RMF OperationsContinuous MonitoringPlans of Action and Milestones (POA&Ms) ManagementNIST SP 800-37, 800-53, 800-53AEnterprise GRC Platforms
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
Risk Assessment MethodologyControl AssessmentRisk Register ManagementEvidence ManagementMilestone Tracking
Soft Skills
Analytical WritingCommunication Skills
Tools & Technologies
JCAMCSAMEMASSXacta
Industry Keywords
Cybersecurity Risk ProfileFISMA ReportingRisk Mitigation WaiverIncident Response PlanContingency Plan
Tech Stack
Tools & technologiesCyber Security
About the role
Key responsibilities & impact- Execute ongoing-authorization control evaluations on a rotating quarterly cycle, documenting results, dispositioning each control as satisfied or other-than-satisfied, and injecting findings into the POA&M process.
- Develop and maintain system-level Continuous Monitoring (ConMon) Plans providing ongoing visibility into each system’s security posture.
- Populate and continuously maintain the enterprise Risk Management Register, logging all identified system-level risks with severity, status, and mitigation plans, and preparing the monthly register deliverable.
- Manage and track POA&Ms to timely remediation, enforcing linkage of every weakness to a control, aging findings against remediation clocks, and maintaining milestones, owners, and evidence.
- Support the risk mitigation waiver lifecycle, including standardized intake, documented risk determination and approval authority, maintenance of the Risk Mitigation Waiver Register, annual reassessment of active waivers, escalation of expirations, and recommendations to terminate, modify, or renew based on current risk posture.
- Coordinate and document annual Contingency Plan and Incident Response Plan tests, including test reports with results, lessons learned, and corrective actions.
- Verify artifact freshness across the authorization portfolio and flag stale evidence for refresh before it becomes an audit finding.
- Provide enhanced oversight for High Value Assets, including prioritized monitoring and reporting.
- Prepare continuous monitoring inputs for weekly executive dashboards, the monthly cybersecurity risk profile, and quarterly and annual FISMA reporting.
- Support internal and external assessments and audits, including artifact collection, interview support, and corrective-action tracking for OIG, GAO, and departmental reviews.
Requirements
What you’ll need- Bachelor’s degree in a related field, or equivalent experience as allowed by company and contract policy.
- Four or more years of experience in federal RMF operations, continuous monitoring, or security control assessment under NIST SP 800-37, 800-53, and 800-53A.
- Demonstrated experience managing POA&Ms at portfolio scale, including aging analysis, milestone tracking, evidence management, and closure validation.
- Experience conducting or supporting control assessments using interview, examine, and test methods, and documenting defensible results.
- Working knowledge of risk registers, risk-acceptance and waiver processes, and NIST SP 800-30 risk assessment methodology.
- Experience with enterprise GRC platforms such as JCAM, CSAM, eMASS, or Xacta.
- Strong analytical writing skills, including the ability to summarize technical risk for executive audiences.
- Ability to meet federal background investigation requirements.
Benefits
Comp & perks- 401(k) with employer matching
- Low-cost medical coverage for employees and their families
- Paid time off
- Paid leave for jury duty, military service, voting, and other qualifying events
- Wellness stipend, including fitness reimbursement
- Tuition assistance
- Casual work environment
- Technical training and certification support
- Complimentary access to CareerSafe online training courses for employees and their immediate family