We are seeking a highly experienced Information Security Auditor & Standards Lead with deep, hands-on knowledge of global information security standards and best practices. The individual will independently lead security governance, audit, and compliance activities across frameworks such as ISO 27001 and SOC 2, and continuously enhance the organization’s security and compliance maturity.
Responsibilities:
Standards Ownership & Expertise:
Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks
Interpret security standards and translate requirements into auditable controls
Ensure controls are designed, implemented, and maintained effectively
Provide guidance on mandatory requirements versus best practices
Audit & Compliance Management:
Plan and manage ISO 27001 and SOC audits end-to-end
Conduct internal audits and ongoing compliance assessments
Serve as primary point of contact for auditors and certification bodies
Track audit findings, non-conformities, and corrective actions to closure
Governance, Risk & Documentation:
Own and maintain the Information Security Management System (ISMS)
Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA)
Develop, review, and enforce security policies, standards, and procedures
New Implementations & Security Enablement:
Provide standards-driven guidance for new systems, applications, and infrastructure
Review new implementations for compliance alignment
Advise on control selection, design, and evidence requirements
Ensure new implementations are audit-ready by design
Advisory & Continuous Improvement:
Provide compliance guidance to Security, Network, IT, Cloud, and HR teams
Identify gaps and drive continuous improvement initiatives
Support management reviews and executive-level reporting
Qualifications:
5–8 years of experience in Information Security Auditing / GRC
Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits
Strong understanding of security principles and control frameworks
Excellent communication and documentation skills
Years of Exp:
5 - 8 Years
Employment Type:
Permanent
Application Form
Bridgesoft is a leading provider of technology, consulting, and information security management solutions. Bridgesoft's products and services cover a range of areas from physical and logical access and identity management to security risks and threats.
