Finland’s financial services sector spans retail banking, asset management, insurance, municipal finance, fintech services, and public-sector financial operators. The environment is highly regulated, deeply digital, and increasingly interconnected across the Nordic region. The leaders below stand out for blending governance, operational depth, and regulatory discipline in institutions where resilience and trust are business-critical.
Erno Pellinen – Chief Information Security Officer, Jay Solutions
Erno Pellinen brings more than two decades of experience across banking and telecommunications, with deep expertise in PCI DSS, ISO 27001, COBIT, ITIL, and national Finnish security standards. Having served as a PCI Qualified Security Assessor and led multinational compliance programs in major European financial institutions, he combines technical execution with executive advisory capability. His background spans auditing, risk management, cloud security controls, and data integrity, positioning him as a compliance-focused security leader capable of operating across both technical and governance layers of financial services.
Eero Heikkinen – Chief Information Security Officer, HPK Palvelut Oy
Eero Heikkinen brings more than 15 years of experience in information and communication technology projects, with strong specialization in identity and access management. His background includes long-term systems and security roles in public-sector organizations before moving into a Chief Information Security Officer role. With a foundation in infrastructure, IAM development, and operational systems analysis, his profile reflects a technically grounded CISO focused on structured cybersecurity development and steady capability building within service-oriented financial environments.
Esa Mamia – Chief Information Security Officer and Data Protection Officer, Sarastia Oy
Esa Mamia combines Chief Information Security Officer and Data Protection Officer responsibilities, signaling a strong governance-driven leadership model. Over the past decade, he has built and led Information Security Management Systems, driven ISO 27001 and ISO 27701 initiatives, and strengthened privacy and risk management programs. His background includes consulting, entrepreneurship, and business continuity planning, reinforcing a holistic perspective. In financial services contexts where compliance, certification audits, and employee awareness are central, this blend of structure and culture-building is particularly impactful.
Henri Heinonen – Director, Head of Information Security and Chief Information Security Officer, Aktia
Henri Heinonen leads information security within Aktia as part of the Chief Information Officer office and information technology management team. His career progression from system specialist and infrastructure leadership roles into Chief Information Security Officer responsibilities reflects deep institutional knowledge and technical fluency. With experience spanning application platforms, network operations, and security governance, he represents a CISO who understands both the operational foundations of financial technology and the strategic oversight required in a regulated banking environment.
Teemu Ylhäisi – Chief Information Security Officer, OP Financial Group
Teemu Ylhäisi operates at one of Finland’s largest financial groups, with prior experience also leading corporate security and anti-financial crime functions. His scope has included cyber security, anti-money laundering, sanctions screening, fraud prevention, and broader corporate security. With a background in global enterprise security and PCI consulting, he brings large-scale governance and operational discipline into a cooperative banking structure. His profile reflects integrated security leadership where cybersecurity, compliance, and financial crime prevention converge.
Vesa Tupala – Head of Information Security and Group Chief Information Security Officer, Mandatum
Vesa Tupala’s career bridges information security, data governance, operational risk management, and privacy leadership. Having served in multiple Chief Information Security Officer and Chief Privacy Officer roles across large Finnish organizations, he brings strategic maturity to group-level security governance. His experience spans architecture design, risk management, and executive-level negotiation, critical capabilities in asset management and financial services firms navigating regulatory complexity and cross-border operations.
Risto Sundquist – Chief Information Security Officer, Evli
Risto Sundquist combines security leadership with experience in internal audit, data protection, and financial management. Before becoming Chief Information Security Officer at Evli, he served as Chief Audit Executive and Data Protection Officer, giving him a strong assurance and governance orientation. His background includes expertise in continuity design, outsourcing oversight, asset management systems, and GDPR compliance. In an asset management context, this audit-informed approach strengthens accountability, regulatory alignment, and long-term operational resilience.
Building Resilient Financial Services in a Digital-First Economy
Finland’s financial services sector depends on stable infrastructure, strong governance, and proactive risk management. The leaders featured here represent institutions ranging from cooperative banking groups to asset managers and financial service providers. What connects them is a disciplined approach to compliance, integrated risk oversight, and measurable security maturity. In a market where digital innovation and regulatory expectations advance in parallel, these CISOs and security leaders are shaping the resilience of Finland’s broader financial ecosystem.