Management consulting in Norway sits at a high-trust intersection: firms handle sensitive client data, advise on transformations, and often operate across borders and regulated industries. That means security leaders in this sector aren’t only defending their own environments—they’re setting expectations for governance, privacy, resilience, and “how good looks” for clients. The leaders below stand out for combining strong cybersecurity fundamentals with board-ready communication, people leadership, and practical delivery inside complex organizations.
Kristin Ekornes Strøm — Chief Information Security Officer, Deloitte Nordic
Kristin Ekornes Strøm is a strategic, people-centric CISO with more than two decades of IT experience and a track record of leading security across five Nordic countries. In a cross-border consulting environment, that requires more than policy—she’s built and nurtured a cross-Nordic team and positioned security as a business enabler that supports resilience and agility. Her leadership focus is clearly human-centered: championing inclusion, developing talent, and creating an environment where teams can grow while delivering consistent, high-quality security outcomes at scale.
Kristian Kise Haugland — Chief Information Security Officer, BDO Norge
Kristian Kise Haugland brings an unusually strong human-factors and communication lens to security leadership—grounded in philosophy, epistemology, psychology, change management, and forensics. In an interim CISO role at BDO Norge, he’s tasked with establishing information security GRC within Quality and Risk Management—exactly the kind of work that determines whether security becomes “paper compliance” or a decision-making tool leaders actually use. His background as a safety investigator and DPO, plus experience translating complex issues for the public, signals a leader who prioritizes risk clarity: assessments that tell organizations what they need to know, not what they want to hear.
Roar Martinsen — Chief Information Security Officer, PwC Norway
Roar Martinsen represents long-horizon operational security leadership inside a major professional services firm. With decades at PwC Norway and a long-running remit spanning IT management, architecture, infrastructure (LAN/WAN/WLAN), operations, and IT security, he brings deep continuity—an advantage in consulting environments where business models evolve quickly but security fundamentals must remain stable. His profile reflects a “run it well” orientation: building resilient infrastructure and security practices that can support large internal operations while meeting the expectations that come with advising clients on risk.
Audun Strøm — Chief Information Security Officer, Gritera
Audun Strøm combines consulting delivery with modern risk specialization—especially third-party risk management (TPRM), governance, compliance, and operational resilience. As part-time CISO at Gritera and a consultant with experience in financial-sector risk work (including developing and managing third-party risk frameworks), he reflects a key consulting-industry trend: security leaders who can operationalize standards (ISO 27001, ISO 22301, SOC 2, NIST) into working processes and tooling (including ServiceNow). His background in building practical risk models and embedding regulatory requirements into day-to-day operations is particularly relevant for consulting firms that rely heavily on suppliers, partners, and subcontractors.
Tommy Harjo — Director Cybersecurity, KPMG Norway
Tommy Harjo brings deep operational security leadership from Norwegian government administration into a major consulting context. As Director Cybersecurity at KPMG Norway, his prior roles—leading IT operations and IT security sections across the Norwegian Digitalisation Agency (Digdir) and its predecessor organizations—signal strong experience in structured governance, continuity planning, and standards-driven security management. With strengths across ISO 27001, ISO 22301, enterprise architecture, ITIL, and Microsoft/Linux environments, he is well-positioned to drive cybersecurity programs that balance reliability, compliance, and scalable operations—skills that translate directly from public-sector rigor to consulting delivery.
The Consulting Security Leaders Shaping Norway’s Advisory Landscape
Consulting firms influence how entire industries treat cyber risk—through their own security posture and through the frameworks, controls, and culture they bring to client work. The leaders featured here reflect what the market increasingly demands: strong GRC foundations, board-level communication, people-first leadership, and practical operating models that can scale across regions and client environments. In a trust-based industry, these security leaders help ensure that “advice” is backed by credible, resilient practice.