Council Capital
Chief Information Security Officer
Council Capital, Nashville, Tennessee, United States, 37247
Council Capital is a healthcare-focused private equity firm based in Nashville, Tennessee, managing over $350 million in committed capital. We invest in lower middle market healthcare companies where we see the potential to scale purpose and performance. Our investments span control and minority positions in businesses with enterprise values between $10 million and $100 million. What sets us apart is the
Council Model —a proven framework that surrounds founders and leadership teams with a powerful combination of support: our
CEO Council
of seasoned operators, our
Strategic Healthcare Investors
who bring real-world insight and access, and our internal
Value Creation Team , focused on enabling growth through talent, systems, and strategy. At Council Capital, we’re not just backing companies—we’re helping build enduring businesses that improve lives and shape the future of healthcare.
Role Overview A fast-growing, healthcare analytics technology company is seeking a
hands‑on Chief Information Security Officer (CISO)
to own and scale its information security program in a regulated healthcare environment.
This role is a
player‑coach position , not a policy‑only or advisory role. The CISO will be directly accountable for protecting sensitive healthcare data, enabling enterprise and government customer growth, and ensuring security is never a blocker to revenue or product velocity.
The ideal candidate combines
strong judgment, pragmatic execution, modern technical fluency, and executive‑level communication .
What Success Looks Like (First 12–18 Months) Security & Risk
Zero security breaches impacting the company or its customers
Successful completion of SOC and high‑trust audits on time with no reportable findings or corrective action plans
Delivery and maintenance of:
Security risk assessments (internal and external)
System security plans
Business continuity and disaster recovery plans
Fully operational vulnerability management, patching, remediation, and incident response programs
Effective oversight and closure of POA&M items and vulnerability scan findings
Sales Enablement & Customer Trust
Security is never the reason a deal is lost
Strong performance on customer security reviews and RFPs
Trusted executive presence in customer and auditor conversations
Speed, Scale & Operations
New environments stood up within defined SLAs (measured in days, not weeks)
Security reviews for releases and deployments completed rapidly without slowing delivery
Access provisioning and approvals completed within one business day
Security operating costs aligned with industry benchmarks
Technology & Modern Practices
Secure support of modern technology stacks, including:
Public cloud environments (AWS and/or Azure)
Infrastructure as Code
Containers and orchestration
Modern data platforms and emerging AI use cases
Practical approach to endpoint security that balances usability and protection
Openness to technology choices beyond a single vendor ecosystem when value‑justified
Leadership & Communication
Regular executive‑level security updates on risk posture, trends, and forward roadmap
Clear, credible communication with executives, boards, customers, and partners
High professionalism and reliability in internal and external engagements
Key Responsibilities
Own the company’s end‑to‑end information security strategy and execution
Serve as the accountable executive for healthcare security and compliance obligations
Design and maintain secure cloud, data, and application architectures
Lead vulnerability management, incident response, and remediation efforts
Establish and track measurable security KPIs and dashboards
Partner with Sales on customer security reviews, audits, and due diligence
Balance security rigor with speed, usability, and business outcomes
Advise executive leadership on security risk and readiness
Build and lead a lean, high‑impact security function (internal and external resources)
Required Background & Experience
Significant experience securing healthcare or other regulated data environments
Senior security leadership experience (CISO, VP Security, or equivalent)
Experience operating in early‑stage or scaling technology companies
Hands‑on, execution‑oriented leadership style (player‑coach)
Public cloud security experience (AWS and/or Azure), preferably using Infrastructure as Code
Familiarity with common security frameworks (e.g., NIST CSF, ISO 27001)
Relevant security certification (e.g., CISSP or CISM)
Experience supporting government or public‑sector clients is a plus
Leadership & Behavioral Expectations
Strong judgment and risk‑based decision making
Uncompromising integrity
Pragmatic problem solving
Ability to navigate and resolve conflict productively
High energy, ownership, and bias for action
Clear and confident executive communication
Collaborative, team‑oriented leadership style
Who This Role Is Not For
Policy‑only or advisory security leaders
Executives who primarily delegate execution
Candidates without regulated‑data experience
Security leaders who view Sales or Product as adversaries
Council Capital and our portfolio companies are committed to building high‑performing teams by hiring the best talent—period.
We believe in putting the right people in the right seats, regardless of background, and we’re always looking for individuals who bring fresh thinking, grit, and a drive to make a difference.
Thank you for considering a role with one of our companies. We’re excited to learn more about you.
Compensation Range: $0 - $225K
#J-18808-Ljbffr
Council Model —a proven framework that surrounds founders and leadership teams with a powerful combination of support: our
CEO Council
of seasoned operators, our
Strategic Healthcare Investors
who bring real-world insight and access, and our internal
Value Creation Team , focused on enabling growth through talent, systems, and strategy. At Council Capital, we’re not just backing companies—we’re helping build enduring businesses that improve lives and shape the future of healthcare.
Role Overview A fast-growing, healthcare analytics technology company is seeking a
hands‑on Chief Information Security Officer (CISO)
to own and scale its information security program in a regulated healthcare environment.
This role is a
player‑coach position , not a policy‑only or advisory role. The CISO will be directly accountable for protecting sensitive healthcare data, enabling enterprise and government customer growth, and ensuring security is never a blocker to revenue or product velocity.
The ideal candidate combines
strong judgment, pragmatic execution, modern technical fluency, and executive‑level communication .
What Success Looks Like (First 12–18 Months) Security & Risk
Zero security breaches impacting the company or its customers
Successful completion of SOC and high‑trust audits on time with no reportable findings or corrective action plans
Delivery and maintenance of:
Security risk assessments (internal and external)
System security plans
Business continuity and disaster recovery plans
Fully operational vulnerability management, patching, remediation, and incident response programs
Effective oversight and closure of POA&M items and vulnerability scan findings
Sales Enablement & Customer Trust
Security is never the reason a deal is lost
Strong performance on customer security reviews and RFPs
Trusted executive presence in customer and auditor conversations
Speed, Scale & Operations
New environments stood up within defined SLAs (measured in days, not weeks)
Security reviews for releases and deployments completed rapidly without slowing delivery
Access provisioning and approvals completed within one business day
Security operating costs aligned with industry benchmarks
Technology & Modern Practices
Secure support of modern technology stacks, including:
Public cloud environments (AWS and/or Azure)
Infrastructure as Code
Containers and orchestration
Modern data platforms and emerging AI use cases
Practical approach to endpoint security that balances usability and protection
Openness to technology choices beyond a single vendor ecosystem when value‑justified
Leadership & Communication
Regular executive‑level security updates on risk posture, trends, and forward roadmap
Clear, credible communication with executives, boards, customers, and partners
High professionalism and reliability in internal and external engagements
Key Responsibilities
Own the company’s end‑to‑end information security strategy and execution
Serve as the accountable executive for healthcare security and compliance obligations
Design and maintain secure cloud, data, and application architectures
Lead vulnerability management, incident response, and remediation efforts
Establish and track measurable security KPIs and dashboards
Partner with Sales on customer security reviews, audits, and due diligence
Balance security rigor with speed, usability, and business outcomes
Advise executive leadership on security risk and readiness
Build and lead a lean, high‑impact security function (internal and external resources)
Required Background & Experience
Significant experience securing healthcare or other regulated data environments
Senior security leadership experience (CISO, VP Security, or equivalent)
Experience operating in early‑stage or scaling technology companies
Hands‑on, execution‑oriented leadership style (player‑coach)
Public cloud security experience (AWS and/or Azure), preferably using Infrastructure as Code
Familiarity with common security frameworks (e.g., NIST CSF, ISO 27001)
Relevant security certification (e.g., CISSP or CISM)
Experience supporting government or public‑sector clients is a plus
Leadership & Behavioral Expectations
Strong judgment and risk‑based decision making
Uncompromising integrity
Pragmatic problem solving
Ability to navigate and resolve conflict productively
High energy, ownership, and bias for action
Clear and confident executive communication
Collaborative, team‑oriented leadership style
Who This Role Is Not For
Policy‑only or advisory security leaders
Executives who primarily delegate execution
Candidates without regulated‑data experience
Security leaders who view Sales or Product as adversaries
Council Capital and our portfolio companies are committed to building high‑performing teams by hiring the best talent—period.
We believe in putting the right people in the right seats, regardless of background, and we’re always looking for individuals who bring fresh thinking, grit, and a drive to make a difference.
Thank you for considering a role with one of our companies. We’re excited to learn more about you.
Compensation Range: $0 - $225K
#J-18808-Ljbffr