Founded in 2012, Rush Street Interactive (NYSE: RSI) is a market leader in online casino and sports betting in the U.S. We’re building bridges between online, social and land-based gaming businesses to create amazing, integrated experiences that keep players in the game.
Rush Street Interactive operates offices in the U.S., Estonia and Colombia with our brands: BetRivers, BetRivers.com, PlaySugarHouse.com, and RushBet.co. Our growing list of partners and achievements include:
- Named Digital Operator of the Year at the Global Gaming Award Las Vegas 2020.
- Recipient of two EGR Global North America 2020 Awards: Casino Operator and Customer Service Operator.
- Authorized Sports Betting Operator of the NBA.
- Exclusive Sportsbook of the NHL’s Pittsburgh Penguins.
- Exclusive Sportsbook of the NHL’s Philadelphia Flyers and their home arena, The Wells Fargo Center.
- First US Sportsbook Operator to stream an NHL game.
We are looking for a Director of Data Protection, responsible for ensuring RSI adheres to obligations under relevant data protection and privacy legislations. This role is responsible for staff training, data protection impact assessments, and internal audits regarding data protection.
In this role, you will work closely with the Legal, Compliance and Information Security functions to address any data privacy-related issues. You will advise other RSI teams on all applicable privacy and data protection laws, rules and regulations affecting our operations and businesses. Your duties will include:
- Drive a culture of data protection & privacy throughout RSI
- Ensure compliance with all applicable data privacy & protection laws and regulations in collaboration with data owners, especially connected to gaming regulations
- Serve as a Subject Matter Expert (SME) on the RSI’s strategy for the data protection to ensure the processes are in compliance with regulatory, statutory and industry requirements
- Stay up to date on any regulatory changes relating to data privacy and protection that may affect RSI and recommend & drive required actions
- Ensure all data assets in RSI are properly classified, have designated Data Owners who understand & fulfil their responsibilities towards data protection, retention and destruction
- Undertake periodic audits to assess compliance with data privacy and protectionpolicies and requirements
- Conduct relevant periodic trainings to ensure RSI personnel understand their responsibilities, especially for Data Owner
- Maintain relevant records of all data processing activities conducted by the company, including the purposes of all processing activities
- Serve as the primary contact for all internal stakeholders in all activities relating to data protection
- Interface with data subjects to inform them about how their data is being used, their right to have their personal data erased, and what measures the company has put in place to protect their personal information
- Performs other duties as necessary and/or assigned
In order to succeed you need
- 3-5 years experience in legal, compliance, IT security or audit preferred
- Expert knowledge and in-depth understanding of data protection, data privacy and information security laws, rules and regulations, as well as industry leading-practices and standards
- In-depth experience with U.S. privacy regulations
- Experience with IT system audits
- Demonstrated strong communication skills at all levels within the organization. Ability to translate technical content into business understandable terms
- Experience writing effective policies, operational, and auditing procedures
- Able to think creatively to find practical solutions to complex issues, with the ability to effectively prioritize and manage multiple matters
- Highly self-motivated and able to work independently with minimal supervision
Nice to have
- In-depth experience with U.S. gaming regulations
- Knowledge of cybersecurity risks and information security standards