Rush Street InteractiveRemote
Data Protection Manager
United States of America
Full Time
1 week ago
Visa Sponsor
Key skills
Stakeholder ManagementRisk ManagementMentoringCommunication
About this role
Rush Street Interactive is a market leader in online casino and sports betting, currently operating real-money gaming with brands like BetRivers.com and PlaySugarHouse.com. They are seeking an experienced Data Protection Manager to ensure compliance with data protection laws and oversee the data protection program, working closely with various business areas to implement compliance and governance initiatives.
Responsibilities:
- Lead and mentor a small privacy team, setting priorities, reviewing deliverables, and ensuring alignment with the organization’s privacy strategy
- Foster a culture of accountability, professional growth, and proactive risk management within the privacy function
- Drive the operational implementation of the organization’s data privacy framework and related policies
- Manage data protection registers, privacy impact assessments, privacy risks, and Records of Processing Activities (RoPA)
- Ensure ongoing compliance with applicable data protection regulations
- Develop and maintain Data Processing Agreement (DPA) templates and oversee their implementation
- Monitor regulatory developments and recommend practical actions to maintain compliance
- Oversee and manage Data Subject Request (DSR) processes
- Support teams in applying privacy-by-design and privacy-by-default principles across projects and products
- Manage incident response processes for personal data breaches, including documentation, assessment, and regulatory notifications
- Conduct and coordinate privacy audits and vendor risk assessments
- Act as a key point of contact for internal and external stakeholders on data protection matters
- Deliver privacy training and awareness initiatives across the organization
Requirements:
- Bachelor's degree in Information Management, Law (with focus on Data Protection/Privacy), Data Science, or equivalent experience
- 5+ years of experience in data privacy, information security compliance, or a related field
- Experience leading or mentoring a small team
- Strong working knowledge of GDPR, CCPA, and at least one additional privacy framework
- Understanding of AML/KYC requirements and online gaming data regulations
- Experience implementing privacy programs, conducting DPIAs, and managing DSR processes
- Familiarity with privacy management and data governance tools
- Strong communication and stakeholder management skills
- Ability to translate legal and regulatory requirements into practical business processes and technical controls
- Professional privacy certifications such as CIPP/E, CIPM, or CIPT are preferred