Sweden’s hospitals and healthcare ecosystem sits at the intersection of life-critical services, sensitive personal data, and increasingly connected clinical operations. This makes cybersecurity leadership essential not only for compliance and privacy, but also for patient safety, service continuity, and trust. The leaders featured below reflect a mix of Chief Information Security Officers and senior security professionals helping healthcare and health-adjacent organizations build resilient, well-governed security programs while supporting modernization.
Johan Lundekvam — Chief Information Security Officer, Aurora Innovation
Johan Lundekvam is the Chief Information Security Officer at Aurora Innovation, with a long background at Telia Company where he worked closely with business units and product owners to facilitate risk assessments and risk management processes. His experience includes supporting information security management frameworks, ensuring information security and data protection compliance, conducting internal audits and assisting external audits, advising on legislation and codes of practice, coordinating with group security teams, and driving continuous improvements to policies, procedures, and controls while supporting incident resolution.
Johnny Moraeus — Chief Information Security Officer, Karolinska Universitetssjukhuset
Johnny Moraeus is the Chief Information Security Officer at Karolinska Universitetssjukhuset. He describes himself as a driven, analytical professional who contributes strongly at the operational and tactical levels, with an emphasis on structure, routines, and process implementation. His background includes broad competence across financial business systems, risk and operational risk, and information security, as well as deep experience in IT Service Management, where he is ITIL-certified and has served as an instructor.
Tor Grut — Group Chief Information Security Officer, Ambea
Tor Grut serves as the Group Chief Information Security Officer at Ambea, building on several years of information security coordination experience within the organization. His work reflects a strong governance and risk focus, with experience spanning ISO 27001, GDPR, policy development, risk assessment, and process improvement. Across his roles, he has supported the evolution of structured security practices and documentation-driven security management in a large group environment.
Rickard Rosenberg — Principal Security Engineer and Deputy Chief Information Security Officer, Doctrin
Rickard Rosenberg is a Principal Security Engineer and Deputy Chief Information Security Officer at Doctrin. He brings a strong engineering and delivery background, having led development and engineering management roles prior to focusing on security. His experience includes long-term in-house development ownership across business systems and web platforms, alongside deep hands-on technical work across .NET, DevOps, and modern application environments, experience that supports pragmatic security implementation in a healthcare technology context.
Urban Ekström Nätt — Chief Information Officer and Information Security Manager, Hälsan och Arbetslivet
Urban Ekström Nätt is the Chief Information Officer and Information Security Manager at Hälsan och Arbetslivet. He describes himself as a driven and communicative IT leader focused on translating business needs into effective IT solutions, while also driving change initiatives to move from person-dependent to structure-driven ways of working. His work includes IT operations leadership, information security, and transformation projects aimed at clarifying roles, improving support, and leveraging AI to reduce administrative burden, supported by experience with models and frameworks such as PM3 and ITIL.
Security Leadership in Sweden’s Healthcare Sector
Hospitals and healthcare organizations require cybersecurity leadership that balances operational urgency with governance discipline. Across clinical environments and health-focused companies, these leaders show how security programs are built through risk management, audit readiness, structured processes, and strong collaboration with the business, protecting both service continuity and the sensitive data that healthcare depends on.