Director of Data Privacy

At ARB Interactive, creativity, tech, and play collide. Founded in 2022, we've grown to nearly 200 team members and were named one of LinkedIn's ​2025 Top 50 Startups in the United States​! We move fast, think big, and love bold ideas that push boundaries (and buttons). From new rewards to fresh game mechanics, every challenge is a chance to innovate and have fun doing it. Our culture is collaborative, curious, and full of laughter because great ideas grow best between coffee, code, and a few epic high-fives.

ARB Interactive, Inc. (ARB) is seeking a Director of Data Privacy, who will act as the Data Privacy Officer (DPO) for ARB. The Director of Data Privacy/DPO will develop, lead and oversee our data privacy compliance operation and relevant teams and personnel responsible for building out and managing operational processes and programs that require compliance with various countries’ and states’ data privacy laws. The Director of Data Privacy/DPO is directly responsible for representing the Data Privacy compliance program during virtual and onsite audits from global regulatory bodies, financial institutions, attorney general offices and other governmental agencies.

The Director of Data Privacy/DPO will be responsible for developing, implementing, and maintaining the company’s data protection and privacy program in alignment with applicable laws and regulatory requirements, including but not limited to GDPR, CCPA, and gaming-specific regulations. This role will oversee the collection, processing, storage, and sharing of personal and financial data for players, employees, and partners, ensuring that all data handling practices are transparent, secure, and compliant. The Director of Data Privacy/DPO will conduct data protection impact assessments (DPIAs), manage records of processing activities, monitor third-party vendor compliance, and establish policies and procedures that reflect industry best practices in cybersecurity and responsible gaming environments.

In addition, the DPO will serve as the primary point of contact for regulators, supervisory authorities, and internal stakeholders on all matters related to data privacy and protection. The role includes leading incident response efforts related to data breaches, coordinating required notifications, and delivering privacy training and awareness programs across the organization. The DPO will advise leadership on privacy-by-design principles in product development, marketing initiatives, and platform enhancements, helping the company balance innovation with regulatory compliance and user trust.

The ideal candidate will have at least 8 years of experience managing data privacy compliance and laws. In addition to the following specific responsibilities, employee may be required to perform other such duties as assigned by ARB and their supervisor.

This position will establish the foundation for ARB data privacy protections, policies and procedures. It will work with a fantastic team of executives who endeavor to grow, develop and innovate ARB’s best-in-class product offerings. Reporting to ARB’s General Counsel, this role will focus on ensuring ARB’s compliance with various countries and states data privacy laws, while educating and advising ARB’s management team and front line personnel on data privacy protections as well as the following:

• Lead and manage the company’s data privacy and protection program for a fast-growing online social casino and social plus gaming platform;

• Ensure compliance with GDPR, CCPA/CPRA, and applicable gaming regulatory requirements across all jurisdictions;

• Familiar with California Invasion of Privacy (CIPA) and Illinois Biometric Information Privacy Act (BIPA) claims and corresponding litigation;

• Oversee lawful collection, processing, storage, and transfer of player and financial data, including KYC, AML, and geolocation information;

• Embed privacy-by-design principles into product development, payments, marketing, analytics, and platform integrations;

• Serve as the primary liaison with regulators and data protection authorities;

• Lead data breach response, regulatory notifications, and incident documentation;

• Oversee third-party vendor privacy compliance (payment processors, game providers, cloud, affiliates);

• Manage consumer data rights requests and maintain data processing records and DPIAs;

• Partner with Product, Technology, Cyber Security, Compliance and Legal teams to mitigate privacy risk and support responsible gaming initiatives;

• Monitor evolving privacy and gaming regulations and advise leadership on risk and compliance strategy;

• J.D. required;

• Minimum of 8 years of data privacy compliance experience with prior background with gaming (casino, sports, iGaming or social casino) or online businesses preferred;

• Experience influencing and collaborating with a broad set of senior stakeholders;

• Excellent analytical skills with a keen attention to detail;

• Proven ability to communicate complex compliance issues clearly and effectively;

• Strong organizational skills and the ability to manage multiple projects simultaneously; and

• Passion for being part of a team and a desire to work hard in a fast-paced, start-up environment.

Diversity Commitment: We are focused on building a diverse and inclusive team. We welcome people of all backgrounds, experiences, abilities, and perspectives and are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Important Security Notice: Our recruitment team will only contact candidates through official channels using @arbinteractive.com email addresses and via our recruiting platform, Ashby. If you find a position on a third party careers page (LinkedIn, Indeed, etc.), the job posting will redirect you to our careers page (https://jobs.ashbyhq.com/arb-interactive) to begin your application. We will never request payment, banking information, or personal identification details during the application process.

If you're ever uncertain about the legitimacy of communication claiming to be from our company, please forward it to [email protected] for verification before responding or clicking any links.