You would do this no differently than setting other permissions.
Create your role as normal. Then REVOKE ALL privileges on tables, views, etc. for this role, and GRANT EXECUTE on the functions you want the role to be able to execute.
One caveat: I believe you'll have to make your functions as SECURITY DEFINER, since functions are normally run with the same privileges as the user calling them.
As far as I know, if a role can login to the database, there's no way to actually prevent that role from at least seeing what other objects (tables, databases, etc.) exist in the database. So they'll still be able to see your table structure, but not the data in the tables.