Chief Information Security Officer

Council Capital is a healthcare-focused private equity firm based in Nashville, Tennessee, managing over $350 million in committed capital.

We invest in lower middle market healthcare companies where we see the potential to scale purpose and performance. Our investments span control and minority positions in businesses with enterprise values between $10 million and $100 million.

What sets us apart is the Council Model—a proven framework that surrounds founders and leadership teams with a powerful combination of support: our CEO Council of seasoned operators, our Strategic Healthcare Investors who bring real-world insight and access, and our internal Value Creation Team, focused on enabling growth through talent, systems, and strategy.

At Council Capital, we’re not just backing companies—we’re helping build enduring businesses that improve lives and shape the future of healthcare.

Role Overview

A fast-growing, healthcare analytics technology company is seeking a hands-on Chief Information Security Officer (CISO) to own and scale its information security program in a regulated healthcare environment.

This role is a player-coach position, not a policy-only or advisory role. The CISO will be directly accountable for protecting sensitive healthcare data, enabling enterprise and government customer growth, and ensuring security is never a blocker to revenue or product velocity.

The ideal candidate combines strong judgment, pragmatic execution, modern technical fluency, and executive-level communication.

What Success Looks Like (First 12–18 Months)

Security & Risk

• Zero security breaches impacting the company or its customers
• Successful completion of SOC and high-trust audits on time with no reportable findings or corrective action plans
• Delivery and maintenance of:
• Security risk assessments (internal and external)
• System security plans
• Business continuity and disaster recovery plans
• Fully operational vulnerability management, patching, remediation, and incident response programs
• Effective oversight and closure of POA&M items and vulnerability scan findings
  
  

Sales Enablement & Customer Trust

• Security is never the reason a deal is lost
• Strong performance on customer security reviews and RFPs
• Trusted executive presence in customer and auditor conversations
  
  

Speed, Scale & Operations

• New environments stood up within defined SLAs (measured in days, not weeks)
• Security reviews for releases and deployments completed rapidly without slowing delivery
• Access provisioning and approvals completed within one business day
• Security operating costs aligned with industry benchmarks
  
  

Technology & Modern Practices

• Secure support of modern technology stacks, including:
• Public cloud environments (AWS and/or Azure)
• Infrastructure as Code
• Containers and orchestration
• Modern data platforms and emerging AI use cases
• Practical approach to endpoint security that balances usability and protection
• Openness to technology choices beyond a single vendor ecosystem when value-justified
  
  

Leadership & Communication

• Regular executive-level security updates on risk posture, trends, and forward roadmap
• Clear, credible communication with executives, boards, customers, and partners
• High professionalism and reliability in internal and external engagements
  
  

Key Responsibilities

• Own the company’s end-to-end information security strategy and execution
• Serve as the accountable executive for healthcare security and compliance obligations
• Design and maintain secure cloud, data, and application architectures
• Lead vulnerability management, incident response, and remediation efforts
• Establish and track measurable security KPIs and dashboards
• Partner with Sales on customer security reviews, audits, and due diligence
• Balance security rigor with speed, usability, and business outcomes
• Advise executive leadership on security risk and readiness
• Build and lead a lean, high-impact security function (internal and external resources)
  
  

Required Background & Experience

• Significant experience securing healthcare or other regulated data environments
• Senior security leadership experience (CISO, VP Security, or equivalent)
• Experience operating in early-stage or scaling technology companies
• Hands-on, execution-oriented leadership style (player-coach)
• Public cloud security experience (AWS and/or Azure), preferably using Infrastructure as Code
• Familiarity with common security frameworks (e.g., NIST CSF, ISO 27001)
• Relevant security certification (e.g., CISSP or CISM)
• Experience supporting government or public-sector clients is a plus
  
  

Leadership & Behavioral Expectations

• Strong judgment and risk-based decision making
• Uncompromising integrity
• Pragmatic problem solving
• Ability to navigate and resolve conflict productively
• High energy, ownership, and bias for action
• Clear and confident executive communication
• Collaborative, team-oriented leadership style
  
  

Who This Role Is Not For

• Policy-only or advisory security leaders
• Executives who primarily delegate execution
• Candidates without regulated-data experience
• Security leaders who view Sales or Product as adversaries
  
  

Council Capital and our portfolio companies are committed to building high-performing teams by hiring the best talent—period.

We believe in putting the right people in the right seats, regardless of background, and we’re always looking for individuals who bring fresh thinking, grit, and a drive to make a difference.

Thank you for considering a role with one of our companies. We’re excited to learn more about you.

Compensation Range: $0 - $225K