Norway’s financial services ecosystem is unusually digital by default—payments, identity, investing, and wealth platforms are woven into daily life, and trust is the product. That makes security leadership less about “having controls” and more about keeping critical services reliable under constant fraud pressure, supplier risk, and regulatory scrutiny. The leaders below stand out for being close to the underlying systems that power finance in Norway: identity rails, core infrastructure, compliance programs, and operational resilience.
Vegard Fremstad — Chief Information Security Officer, Aera Payment & Identification
Vegard Fremstad brings a builder’s mindset to security: automate what can be automated, instrument what must be observed, and reduce fragility in the infrastructure layer where failures become outages. Alongside the CISO role, the continued focus on infrastructure architecture shows a practical approach to security as an engineering discipline—log analysis, scripting, and *nix automation as force multipliers. In a payments and identity context, that blend matters: resilience, visibility, and repeatability often determine whether an incident stays a contained event or becomes a service-disrupting crisis.
Bent Norman Lund — Chief Information Security Officer, Eksfin (Eksportfinansiering Norge)
Bent Norman Lund is a long-tenured IT leader who has moved naturally into security ownership—building security regimes over time, staying hands-on with core platforms, and maintaining deep vendor and operational relationships. The combination of infrastructure stewardship, continuity planning, and leadership experience is particularly relevant in an institution that supports Norwegian export activity, where availability and integrity are non-negotiable. The repeated emphasis on stability, preparedness, and practical execution suggests a security posture shaped by decades of running mission-critical environments, not just writing policy.
Dayne Skolmen — Chief Information Security Officer, Formue Norge
Dayne Skolmen stands out for measurable program execution: building a security strategy from the ground up, standing up external SOC monitoring for 24/7 response, simplifying tooling by removing duplication, and aligning processes to achieve ISO 27001 certification. That combination—program design, operational detection/response maturity, and standards-based alignment—maps well to wealth and investment environments where customer trust can be lost faster than it’s earned. The story here is security leadership as business enablement: create clarity, reduce risk, and make resilience repeatable.
Johan Haugland — Chief Information Security Officer, Horde
Johan Haugland represents the modern “product-adjacent” CISO profile common in fintech: a security leader with lived experience across systems administration, development, support, and operations. That background is a strong fit for consumer finance platforms where the pace of iteration is high and the threat surface shifts with every release. The thread running through the experience is practical, end-to-end ownership—understanding how systems are built, how they fail, and how to make security usable for teams shipping real software.
Per-Arthur Raastad — Chief Information Security Officer, Vipps MobilePay
Per-Arthur Raastad brings deep GRC delivery experience into one of Norway’s most visible payment brands. A decade of consulting and “acting CISO / cloud security / ISMS and audits / risk management frameworks” work translates well to a payments organization that must prove assurance continuously—internally, to partners, and to regulators. The path from security governance management into the CISO seat also signals an emphasis on scalable governance: clear control ownership, measurable risk, and audit-ready execution without slowing the business down.
Vidar Ostmo — Chief Information Security Officer, EURONEXT Securities Oslo
Vidar Ostmo’s profile is defined by long-range depth: three decades across perimeter defense, network engineering, infrastructure hardening, and the practicalities of compliance translation. The emphasis on “cost-effective solutions that work under pressure” plus certifications aligned to incident handling reflects a leader who has operated through multiple waves of security change—from early firewall eras to today’s hybrid risks and DORA/GDPR expectations. In a market infrastructure setting, that blend of pragmatism, technical credibility, and resilience mindset is exactly what “quiet reliability” looks like.
Are Strandvik Aune — Chief Information Security Officer, Enova SF
Are Strandvik Aune brings a solutions-architecture background into the CISO role, with strong continuity from years in IT-security architecture work. That usually shows up as security that is designed in—patterns, standards, and repeatable platforms—rather than bolted on late. The stated emphasis across strategy, incident handling, and security management systems suggests a leader oriented toward operational resilience and governance at the same time: designing secure services while keeping the organization prepared to respond when controls fail.
The Financial Services Security Leaders Building Norway’s Trust Infrastructure
In Norway, financial services security isn’t an internal function—it’s part of national trust infrastructure. The leaders featured here span payments and identity, export finance, wealth platforms, consumer fintech, and securities markets, but share a common thread: they’re building security that survives contact with reality. Whether through automation and infrastructure rigor, audit-ready governance, or round-the-clock detection and response, they are shaping how Norwegian finance stays reliable, compliant, and resilient as both regulation and adversaries accelerate.