Norway’s banking sector runs on trust, availability, and regulatory discipline. As institutions modernize core platforms, expand cloud adoption, and harden resilience under frameworks like DORA, cybersecurity leadership has become inseparable from business continuity and executive decision-making. The leaders below represent a cross-section of Norway’s banking landscape, from regional banks to large financial groups, each focused on reducing risk while enabling secure growth.
Per Espen Langøy — Chief Information Security Officer, Sparebanken Møre
Per Espen Langøy brings a practical security leadership profile shaped by long-term work in complex, operational environments. Before stepping into the CISO role at Sparebanken Møre, he built deep experience across security assurance, risk, and program delivery, including many years in information systems security management. His background suggests a steady, systems-oriented approach that fits well with a regional bank’s needs: balancing governance and day-to-day security execution, strengthening controls, and improving how risk is identified and managed across the organization.
Frida Fjeldstad — Chief Information Security Officer, BN Bank ASA
Frida Fjeldstad represents a newer generation of banking security leadership, transitioning into the CISO role at BN Bank with experience from Norway’s public sector. Her trajectory signals strength in structured environments where process, compliance, and stakeholder coordination matter, skills that translate directly into banking security governance. In a sector where operational resilience and regulatory alignment are constant priorities, she is positioned to shape security foundations that scale with the bank’s business objectives.
Stig Torsbakken — Chief Information Security Officer, Storebrand
Stig Torsbakken is focused on the hardest part of cybersecurity leadership: making cyber risk legible and actionable for decision makers. His perspective is shaped by a clear belief that organizations routinely misjudge cyber risk because it behaves like other low-probability, high-impact threats. As CISO, he is committed to evolving the way cyber risk is communicated and embedded into strategic decision-making, pairing an understanding of attackers, technology, and controls with a deliberate effort to understand executive incentives and governance realities.
Rune Carlsen — Chief Information Security Officer, KLP
Rune Carlsen brings extensive leadership experience and deep technical breadth across security strategy, architecture, and operational resilience. His profile spans governance and compliance frameworks including CIS, NIST, NSM, ISO standards, and DORA, with emphasis on risk management, vendor oversight, continuity planning, and security reporting. Known for structured and pragmatic execution, Rune also stands out as a strong communicator who can translate complex security issues across boards, technical teams, and the wider organization, supporting a mature, enterprise-grade security posture.
Mario Stelzner — Chief Information Security Officer, NOBA Bank Group
Mario Stelzner’s background blends cybersecurity leadership with strong infrastructure and cloud architecture depth, shaped by roles spanning banking, consulting, and enterprise technology environments. At NOBA Bank Group, he leads security in a hybrid, fast-moving context where scalable controls and dependable operations are essential. His experience designing and running cloud-based infrastructure, managing distributed teams, and leading IT security functions suggests a security approach grounded in modern architecture, practical delivery, and operational reliability.
Åsmund Myklevoll — Chief Information Security Officer, Sparebanken Norge
Åsmund Myklevoll has built a career around security and preparedness in environments that require dependable infrastructure and disciplined execution. With prior responsibility for information security at Sparebanken Sør and a foundation in security product integration, policy work, and public-sector procurement, he brings a blend of hands-on technical understanding and governance maturity. In his current leadership role, his focus is naturally aligned with strengthening resilience, improving security culture, and ensuring security is embedded into how infrastructure and operations are run across the bank.
Frederik Nicolaisen — Chief Information Security Officer, Eika
Frederik Nicolaisen leads cybersecurity strategy and execution at Eika, with a focus that extends into AI governance and modern security program maturity. His profile reflects a builder mindset: designing resilient, scalable security programs, strengthening culture, and aligning cybersecurity with regulatory and industry expectations. With prior leadership experience managing sizable consulting teams and contributing to security architecture for major digitalization initiatives, Frederik emphasizes measurable security posture, end-to-end visibility across cloud and legacy systems, and embedding security directly into the software development life cycle.
Ole Reidar Dvergsdal — Chief Information Security Officer, SpareBank 1 Sogn og Fjordane
Ole Reidar Dvergsdal brings long-term security operations and leadership experience from the healthcare technology sector into his banking CISO role. With years spent securing large endpoint estates and participating in incident response functions, he offers a strong operational foundation that maps well to banking’s resilience demands. His move into banking leadership reflects a practical orientation toward protecting critical services, strengthening security operations, and ensuring the organization can detect, respond, and recover effectively when incidents occur.
Norway’s Banking Cybersecurity Landscape
Norwegian banks face a dual challenge: accelerating digital transformation while meeting rising expectations for operational resilience, third-party risk control, and regulatory compliance. The CISOs featured here reflect the shift from security as a technical domain to security as a core business capability. Their work highlights what modern banking cybersecurity requires: credible governance, measurable risk management, resilient operations, and leadership that can translate security priorities into decisions that protect customers, continuity, and trust.