Having been through both, I much prefer the "rigid" ISO 27001 as the SOC2 audits seem to be based on how well you vibed with the auditor and the auditors competency more than anything. The things they are auditing seem overly broad and open to interpretation, and the auditors descriptions of your controls can easily be twisted.