Information Security Auditor & Standards Lead

We are seeking a highly experienced Information Security Auditor & Standards Lead with deep, hands-on knowledge of global information security standards and best practices. The individual will independently lead security governance, audit, and compliance activities across frameworks such as ISO 27001 and SOC 2, and continuously enhance the organization’s security and compliance maturity. Responsibilities: Standards Ownership & Expertise: Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks Interpret security standards and translate requirements into auditable controls Ensure controls are designed, implemented, and maintained effectively Provide guidance on mandatory requirements versus best practices Audit & Compliance Management: Plan and manage ISO 27001 and SOC audits end-to-end Conduct internal audits and ongoing compliance assessments Serve as primary point of contact for auditors and certification bodies Track audit findings, non-conformities, and corrective actions to closure Governance, Risk & Documentation: Own and maintain the Information Security Management System (ISMS) Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA) Develop, review, and enforce security policies, standards, and procedures New Implementations & Security Enablement: Provide standards-driven guidance for new systems, applications, and infrastructure Review new implementations for compliance alignment Advise on control selection, design, and evidence requirements Ensure new implementations are audit-ready by design Advisory & Continuous Improvement: Provide compliance guidance to Security, Network, IT, Cloud, and HR teams Identify gaps and drive continuous improvement initiatives Support management reviews and executive-level reporting Qualifications: 5–8 years of experience in Information Security Auditing / GRC Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits Strong understanding of security principles and control frameworks Excellent communication and documentation skills Years of Exp: 5 - 8 Years Employment Type: Permanent Application Form This Job is Filled Bridgesoft is a leading provider of technology, consulting, and information security management solutions. Bridgesoft's products and services cover a range of areas from physical and logical access and identity management to security risks and threats.

Standards Ownership & Expertise: Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks Interpret security standards and translate requirements into auditable controls Ensure controls are designed, implemented, and maintained effectively Provide guidance on mandatory requirements versus best practices Audit & Compliance Management: Plan and manage ISO 27001 and SOC audits end-to-end Conduct internal audits and ongoing compliance assessments Serve as primary point of contact for auditors and certification bodies Track audit findings, non-conformities, and corrective actions to closure Governance, Risk & Documentation: Own and maintain the Information Security Management System (ISMS) Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA) Develop, review, and enforce security policies, standards, and procedures New Implementations & Security Enablement: Provide standards-driven guidance for new systems, applications, and infrastructure Review new implementations for compliance alignment Advise on control selection, design, and evidence requirements Ensure new implementations are audit-ready by design Advisory & Continuous Improvement: Provide compliance guidance to Security, Network, IT, Cloud, and HR teams Identify gaps and drive continuous improvement initiatives Support management reviews and executive-level reporting

5–8 years of experience in Information Security Auditing / GRC Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits Strong understanding of security principles and control frameworks Excellent communication and documentation skills