Information Security Auditor & Standards Lead

Company Description: Bridgesoft is a global leader in technology, and information security management solutions, dedicated to empowering enterprises through robust IT and risk management strategies. Our expertise lies in delivering efficient Identity Governance solutions to help clients achieve their business objectives while maintaining acceptable risk levels. With a strong focus on innovation and customer satisfaction, we continuously strive to provide maximum ROI for our clients. Backed by years of experience and partnerships with highly reputed enterprises, Bridgesoft is the trusted partner for businesses seeking strategic and technological support.

Job Description:

We are seeking a highly experienced Information Security Auditor & Standards Lead with deep, hands-on knowledge of global information security standards and best practices. The individual will independently lead security governance, audit, and compliance activities across frameworks such as ISO 27001 and SOC 2, and continuously enhance the organization’s security and compliance maturity.

Responsibilities:

Standards Ownership & Expertise: Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks Interpret security standards and translate requirements into auditable controls Ensure controls are designed, implemented, and maintained effectively Provide guidance on mandatory requirements versus best practices

Audit & Compliance Management: Plan and manage ISO 27001 and SOC audits end-to-end Conduct internal audits and ongoing compliance assessments Serve as primary point of contact for auditors and certification bodies Track audit findings, non-conformities, and corrective actions to closure

Governance, Risk & Documentation: Own and maintain the Information Security Management System (ISMS) Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA) Develop, review, and enforce security policies, standards, and procedures

New Implementations & Security Enablement: Provide standards-driven guidance for new systems, applications, and infrastructure Review new implementations for compliance alignment Advise on control selection, design, and evidence requirements Ensure new implementations are audit-ready by design

Advisory & Continuous Improvement: Provide compliance guidance to Security, Network, IT, Cloud, and HR teams Identify gaps and drive continuous improvement initiatives Support management reviews and executive-level reporting

Qualifications:

5–8 years of experience in Information Security Auditing / GRC Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits Strong understanding of security principles and control frameworks Excellent communication and documentation skills