Company Description:

Bridgesoft is a leading provider of technology, consulting, and information security management solutions. Our focus on Identity Governance strengthens enterprises with IT-powered risk management strategies. We help clients achieve business goals by developing, managing, and implementing solutions with acceptable risks. Known for our customer-centric approach, we drive progressive growth in client satisfaction and revenue. With several years of experience, Bridgesoft is the ideal partner for companies requiring strategic and technological support.

Job Description

We are seeking a highly experienced Information Security Auditor & Standards Lead with deep, hands-on knowledge of global information security standards and best practices. The individual will independently lead security governance, audit, and compliance activities across frameworks such as ISO 27001 and SOC 2, and continuously enhance the organization’s security and compliance maturity.

Responsibilities

Standards Ownership & Expertise:

• Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks
• Interpret security standards and translate requirements into auditable controls
• Ensure controls are designed, implemented, and maintained effectively
• Provide guidance on mandatory requirements versus best practices

Audit & Compliance Management:

• Plan and manage ISO 27001 and SOC audits end-to-end
• Conduct internal audits and ongoing compliance assessments
• Serve as primary point of contact for auditors and certification bodies
• Track audit findings, non-conformities, and corrective actions to closure

Governance, Risk & Documentation:

• Own and maintain the Information Security Management System (ISMS)
• Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA)
• Develop, review, and enforce security policies, standards, and procedures

New Implementations & Security Enablement:

• Provide standards-driven guidance for new systems, applications, and infrastructure
• Review new implementations for compliance alignment
• Advise on control selection, design, and evidence requirements
• Ensure new implementations are audit-ready by design

Advisory & Continuous Improvement:

• Provide compliance guidance to Security, Network, IT, Cloud, and HR teams
• Identify gaps and drive continuous improvement initiatives
• Support management reviews and executive-level reporting

Qualifications

• 5–8 years of experience in Information Security Auditing / GRC
• Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits
• Strong understanding of security principles and control frameworks
• Excellent communication and documentation skills

Years of Experience:

• 5 - 8 Years