As cyber threats evolve, Oslo’s top Chief Information Security Officers (CISOs) are shaping how businesses and public institutions safeguard their digital assets. From shipping and transportation to finance, energy, and education, these leaders are steering organizations through complex regulatory landscapes, fostering innovation, resilience, and security awareness. Here’s a closer look at 20 CISOs making a meaningful impact in Oslo.
Thor Engebrigtsen — Chief Information Security Officer, Color Line
Thor Engebrigtsen is a strategic and accomplished CISO with extensive experience leading secure digital transformations across highly regulated industries. At Color Line, Norway’s largest shipping line for international passengers and goods, he oversees digital transformation initiatives, public cloud strategy, and enterprise-wide IT security governance. Thor has directed key initiatives, including the deployment of Identity & Access Management (IAM) solutions, ISO 27001 implementation, and cyber insurance strategy. A proactive leader, he heads the IT Security and GRC teams, manages emergency IT processes, and actively contributes to international IT leadership and security forums. His ability to bridge business objectives with security imperatives has strengthened both operational resilience and innovation across the organization.
Adil Shaikh — Chief Information Security Officer, Vy
Adil Shaikh brings a forward-thinking approach to Vy, Norway’s leading transportation operator, where he drives cybersecurity strategy and governance. Since joining in 2023, he has focused on enhancing the company’s security posture while ensuring safe and compliant digital transformation. His experience in risk management, threat mitigation, and organizational leadership positions him as a key driver of secure innovation in the transportation sector, while building a culture that empowers employees to take ownership of cybersecurity responsibilities.
Tom Remberg — Chief Information Security Officer, Bane NOR
Tom Remberg is a seasoned CISO leading strategic security initiatives at Bane NOR, Norway’s national railway infrastructure company. He sets global security requirements, manages the Security function, and advises business stakeholders on protecting critical assets. With prior roles as Group CISO at Intertek and VP Head of Security Governance at Telenor, Tom combines technical expertise with business insight, ensuring that security initiatives support organizational agility. He is recognized for aligning information security with business strategies, managing complex risk landscapes, and strengthening Identity and Access Management (IAM) capabilities.
Preben Gustavsen — CISO, VP Cyber Security, Aker Solutions
Preben Gustavsen blends technological expertise with business insight to help organizations achieve effective risk management, compliance, and internal control. At Aker Solutions, he focuses on translating theoretical frameworks into practical security and governance solutions, designing business processes and technical systems that meet regulatory requirements while minimizing costs. Preben’s leadership style emphasizes collaboration and practical problem-solving, enabling teams to implement robust cybersecurity measures that are both actionable and aligned with organizational objectives.
Asbjørn Reglund Thorsen — Chief Information Security Officer, Sikt
Asbjørn Thorsen brings over 20 years of experience in cybersecurity, risk management, and IT leadership to Sikt, the Norwegian Agency for Shared Services in Education and Research. He works closely with top management, technical teams, and external stakeholders to turn security from theory into practical solutions. Asbjørn strengthens security architecture, enhances incident response capabilities, and drives security awareness across technical and non-technical roles. He also proactively addresses emerging threats related to cloud, supply chain, and AI-driven attacks, ensuring that Sikt’s national knowledge infrastructure remains resilient.
Johnny Berntsen — Chief Information Security Officer, TET Digital AS
Johnny Berntsen has over 35 years of experience managing IT operations, security, and risk in complex projects. At TET Digital AS, he leads initiatives that ensure information security while creating frameworks where employees thrive and exceed expectations. Johnny is known for his ability to navigate organizational complexity, balance technical solutions with human factors, and deliver critical projects on time and on budget. His leadership focuses on fostering team engagement and operational excellence, building sustainable security practices across the organization.
Svein Waage — Partner & CISO, Gritera
Svein Waage is a seasoned security professional with over 15 years of experience protecting organizations’ most valuable assets from sophisticated threats. At Gritera, he specializes in implementing ISMS frameworks, conducting maturity assessments and audits, raising cybersecurity awareness, and advising on regulatory requirements including NIS2, DORA, and GDPR. Svein has extensive experience developing security management systems for banking, finance, and public sector clients. He is recognized for creating resilient security cultures, strengthening organizational defenses, and enabling business continuity through practical and compliant security strategies.
John Trygve Staff — Chief Information Security Officer, Sopra Steria
John Staff is an experienced leader in Information Risk and Security Governance, overseeing cybersecurity strategy at Sopra Steria. He drives maturity assessments, gap analysis, and risk management programs while ensuring compliance with ISO 27001, NIS2, DORA, and other frameworks. John fosters a democratic, collaborative approach to problem-solving, enabling teams to achieve high performance without micromanagement. His focus on business-aligned security, combined with coaching and mentoring, helps embed security awareness across all organizational levels.
Aleksander Hausmann — Chief Information Security Officer, Diffia
Aleksander Hausmann leads information security, privacy, and medical device regulation at Diffia. He ensures regulatory compliance while aligning security initiatives with strategic organizational goals. Aleksander emphasizes practical, risk-based solutions that protect sensitive data and critical operations. His experience in healthcare IT enables him to manage complex compliance requirements while fostering a security-conscious culture among employees and stakeholders.
Rune Carlsen — Chief Information Security Officer, KLP
Rune Carlsen brings 30 years of IT and cybersecurity expertise to KLP, one of Norway’s leading insurance groups. He specializes in security frameworks, risk management, and threat mitigation, while building awareness and competence across teams. Rune’s leadership blends technology and business acumen, focusing on embedding security into strategic decision-making, governance, and daily operations. He is recognized for his ability to implement robust, compliant, and cost-effective security strategies.
Kari-Anne Larmerud — VP Corporate Information Management & Security, Statkraft
Kari-Anne Larmerud oversees corporate information management and security at Statkraft, the leading Norwegian renewable energy company. She integrates security into operations and governance, ensures regulatory compliance, and supports digital transformation initiatives. Kari-Anne emphasizes security awareness across the organization, fostering a culture where security is a shared responsibility and a driver of operational efficiency and resilience.
Eirik Thormodsrud — Director of IT & Information Security / CISO, Møller Mobility Group
Eirik Thormodsrud specializes in information security, penetration testing, risk analysis, and IT audit. As CISO at Møller Mobility Group, he strengthens cybersecurity posture across infrastructure, operations, and processes. Eirik is recognized for his ability to translate technical security measures into business value, enhancing organizational resilience, and fostering a proactive security culture among employees.
Fanny Sunde — Chief Information Security Officer, Multiconsult
Fanny Sunde leads Multiconsult’s information security efforts across personnel, physical, and digital domains. She develops the company’s security management system, ensures compliance with regulatory and contractual requirements, and cultivates a culture of security awareness. Fanny’s leadership emphasizes proactive risk management, training, and practical governance measures that enable employees to understand and address security risks in their daily work.
Espen Haagenrud — Chief Information Security Officer, TOMRA
Espen Haagenrud focuses on creating a security-aware culture, emphasizing that cybersecurity involves every individual in the organization. At TOMRA, he strengthens resilience against both simple and sophisticated threats, guiding teams to understand risks and mitigation strategies. Espen combines technical expertise with communication skills to ensure employees at all levels are engaged and accountable for security practices.
Marianne Hove Solberg — Chief Information Security Officer, SpareBank 1 SMN
Marianne Hove Solberg directs information security strategy at SpareBank 1 SMN, developing policies, programs, and culture initiatives to embed security into daily operations. Previously CISO at Hemit HF, she has extensive experience in the healthcare and financial sectors, managing compliance with laws and standards, fostering security awareness, and ensuring robust governance practices. Marianne emphasizes bridging technical and business perspectives to strengthen resilience and organizational trust.
Leading Oslo’s Cybersecurity Frontier
These CISOs are not only safeguarding their organizations; they are defining the future of cybersecurity in Oslo. By combining technical expertise, strategic foresight, and leadership that inspires cultural change, they turn complex regulatory and operational challenges into opportunities for resilience, innovation, and secure growth. In an increasingly digital world, these leaders are the ones to watch.