Role Definition
| Field | Value |
|---|---|
| Job Title | Director of Compliance and Information Security |
| Seniority Level | Senior (Director-level) |
| Primary Function | Oversees all regulatory compliance and information security for a gambling operator. Manages AML programme (MLRO responsibilities), responsible gambling initiatives, multi-jurisdictional licence portfolio (UKGC, MGA, state gaming commissions), data protection (GDPR/CCPA), ISO 27001 ISMS, regulatory submissions, and internal/external audit coordination. Reports to CEO or board. |
| What This Role Is NOT | NOT a junior compliance analyst running KYC checks. NOT a pure CISO focused only on technical cybersecurity. NOT a DPO-only role. NOT an operational compliance officer processing SARs. |
| Typical Experience | 10-15+ years. UKGC Personal Management Licence (PML) holder. Certifications: ICA Diploma in Governance, Risk & Compliance; CISSP or CISM for information security; experience across 3+ gambling jurisdictions. |
Seniority note: A mid-level Compliance Officer in gambling would score Yellow — they execute compliance tasks but don't own regulatory strategy or bear personal licensing liability. A junior compliance analyst processing KYC/AML alerts would score Red.
Protective Principles + AI Growth Correlation
| Principle | Score (0-3) | Rationale |
|---|---|---|
| Embodied Physicality | 0 | Desk-based role. Some site visits to gambling premises for audits and regulator meetings, but not core to daily work. |
| Deep Interpersonal Connection | 2 | Significant regulatory relationship management — UKGC case officers, MGA officials, state gaming commission contacts. Building trust with regulators during investigations and licence reviews. Board-level reporting and advising CEO on regulatory risk. |
| Goal-Setting & Moral Judgment | 3 | Core to role. Defines the compliance framework. Makes judgment calls on regulatory risk appetite, AML thresholds, responsible gambling intervention triggers. Bears personal criminal liability under gambling and AML legislation. Sets ethical direction for the organisation's compliance culture. |
| Protective Total | 5/9 | |
| AI Growth Correlation | 1 | AI adoption in gambling creates new compliance requirements — algorithmic fairness, responsible AI use in player profiling, AI-generated content regulations. RegTech tools don't eliminate the director; they expand scope and create oversight demand. Growth is moderate, not recursive. |
Quick screen result: Protective 5 + Correlation 1 = Likely Green Zone boundary. Proceed to quantify.
Task Decomposition (Agentic AI Scoring)
| Task | Time % | Score (1-5) | Weighted | Aug/Disp | Rationale |
|---|---|---|---|---|---|
| Regulatory strategy & framework oversight | 20% | 2 | 0.40 | AUGMENTATION | Defines compliance strategy, interprets new regulations (UKGC LCCP changes, MGA directives, US state rule-making), advises board on risk appetite. AI can research regulatory changes but the director must interpret business implications and make strategic decisions. Personal licensing (PML) and accountability are structural. |
| AML programme management | 20% | 3 | 0.60 | AUGMENTATION | AI handles transaction monitoring and alert generation. Director designs AML policies, sets monitoring thresholds, reviews complex SARs, and bears personal MLRO liability. AI generates alerts — human decides escalation and is personally accountable to the regulator. |
| Responsible gambling programme | 15% | 2 | 0.30 | AUGMENTATION | AI tools (BetBuddy, Playtech BetBuddy, Kindred Playscan) flag at-risk player behaviours. Director designs intervention frameworks, makes ethical judgment calls on player restrictions and account closures, and is personally accountable to UKGC for programme effectiveness. |
| Licence management & regulatory submissions | 15% | 3 | 0.45 | AUGMENTATION | AI can draft sections of licence applications and compile data for regulatory returns. Submissions require director sign-off, personal attestation, and relationship management with regulatory contacts. Complex new-market licence applications require strategic judgment on market entry. |
| Information security & ISMS management | 10% | 3 | 0.30 | AUGMENTATION | ISO 27001 compliance, security policy, incident response direction. Tools like Vanta and Drata automate evidence collection and control monitoring. Security strategy, incident escalation decisions, and board reporting remain human-led. |
| Audit coordination & remediation | 10% | 3 | 0.30 | AUGMENTATION | Internal/external audit coordination. AI can gather evidence and track remediation items. Director negotiates with auditors, prioritises remediation based on regulatory risk, and makes judgment calls on risk acceptance vs remediation investment. |
| Stakeholder management & regulatory liaison | 10% | 1 | 0.10 | NOT INVOLVED | Face-to-face meetings with UKGC, MGA officials, and state gaming commission contacts. Board presentations on compliance risk. Managing regulatory investigations and enforcement actions. The human relationship IS the value — regulators want the named PML holder present. |
| Total | 100% | 2.45 |
Task Resistance Score: 6.00 - 2.45 = 3.55/5.0
Displacement/Augmentation split: 0% displacement, 90% augmentation, 10% not involved.
Reinstatement check (Acemoglu): Yes. AI creates new tasks: validating AI-generated AML alerts, overseeing algorithmic fairness in gambling products, ensuring responsible AI use in player profiling, and managing compliance for AI-driven features. The director's scope grows with AI adoption — more systems to govern, more regulatory requirements to interpret.
Evidence Score
| Dimension | Score (-2 to 2) | Evidence |
|---|---|---|
| Job Posting Trends | 1 | Growing demand driven by US state-by-state legalisation (30+ states with some form of legal betting), UKGC enforcement ramp-up (record fines in 2024-2025), and multi-jurisdictional expansion. Indeed UK shows active director-level gambling compliance postings. Talent shortage in specialist gambling compliance — candidates need gambling regulatory expertise AND information security skills, a rare combination. |
| Company Actions | 1 | Gambling operators expanding compliance teams as they enter new jurisdictions. No reports of AI-driven compliance headcount cuts at director level. UKGC fines (Entain GBP 17M in 2023, multiple operators fined millions in 2024-2025) drive investment in senior compliance leadership. US market expansion (DraftKings, FanDuel, BetMGM) creates new director-level roles per state. |
| Wage Trends | 1 | Director-level salaries GBP 90K-180K+ in UK, $150K-$300K+ in US. Growing with market due to talent scarcity and regulatory complexity. Premium for dual compliance + security expertise. Robert Half: Compliance Director $134K-$195K base (general); gambling sector commands premium. |
| AI Tool Maturity | 0 | RegTech tools augment but don't replace. AML transaction monitoring AI is production-ready but creates more work for directors (reviewing AI-generated alerts, validating models, explaining decisions to regulators). Anthropic observed exposure for Compliance Officers: 12.1% — low. No production tool replaces director-level regulatory judgment or personal licensing accountability. |
| Expert Consensus | 1 | Universal agreement: regulatory accountability in gambling cannot be automated. UKGC PML requirement is structural — a human must hold the licence. AI transforms the operational layer but strengthens demand for senior compliance leadership. McKinsey, Deloitte, and industry bodies agree: RegTech augments, compliance leadership persists. |
| Total | 4 |
Barrier Assessment
Reframed question: What prevents AI execution even when programmatically possible?
| Barrier | Score (0-2) | Rationale |
|---|---|---|
| Regulatory/Licensing | 2 | UKGC Personal Management Licence (PML) is mandatory for the named compliance individual. MGA requires Key Function holder designation. US state gaming commissions require personal licensing and background checks. Named MLRO under Money Laundering Regulations 2017. These are personal licences that AI cannot hold — structural impossibility. |
| Physical Presence | 0 | Largely desk-based. Some site visits for audits and regulator meetings, but not a physical barrier to automation. |
| Union/Collective Bargaining | 0 | Senior management, no union representation. At-will or senior contract employment. |
| Liability/Accountability | 2 | Personal criminal liability under Gambling Act 2005, Proceeds of Crime Act 2002, GDPR (controller liability), and AML regulations. Directors can face personal prosecution, disqualification, and imprisonment for compliance failures. UKGC has prosecuted individuals. AI has no legal personhood — a human MUST bear this accountability. |
| Cultural/Ethical | 2 | Gambling regulators (UKGC, MGA, state commissions) insist on named, accountable individuals. The concept of an "AI compliance director" is structurally impossible in gambling regulation — regulators want a human they can interview under caution, sanction personally, and hold criminally liable. This is cultural AND legal. |
| Total | 6/10 |
AI Growth Correlation Check
Confirmed at 1 (Weak Positive). AI adoption in gambling creates new compliance dimensions: algorithmic fairness requirements, responsible AI use in player profiling, AI-generated content regulations, and AI-driven product compliance. The director's oversight scope expands — more AI systems mean more compliance surface area. However, this is not recursively positive like AI security roles — AI in gambling creates incremental compliance work, not an entirely new compliance paradigm. RegTech tools also absorb some operational compliance volume, partially offsetting the scope expansion.
JobZone Composite Score (AIJRI)
| Input | Value |
|---|---|
| Task Resistance Score | 3.55/5.0 |
| Evidence Modifier | 1.0 + (4 x 0.04) = 1.16 |
| Barrier Modifier | 1.0 + (6 x 0.02) = 1.12 |
| Growth Modifier | 1.0 + (1 x 0.05) = 1.05 |
Raw: 3.55 x 1.16 x 1.12 x 1.05 = 4.8428
JobZone Score: (4.8428 - 0.54) / 7.93 x 100 = 54.3/100
Zone: GREEN (Green >= 48, Yellow 25-47, Red <25)
Sub-Label Determination
| Metric | Value |
|---|---|
| % of task time scoring 3+ | 55% (AML 20% + Licence mgmt 15% + InfoSec 10% + Audit 10%) |
| AI Growth Correlation | 1 |
| Sub-label | Green (Transforming) — AIJRI >= 48 AND >= 20% of task time scores 3+ |
Assessor override: None — formula score accepted.
Assessor Commentary
Score vs Reality Check
The 54.3 score places this role 6.3 points above the Green threshold, making it a confident Green classification rather than a borderline case. The 6/10 barrier score is doing significant work — strip the barriers and this role would score approximately 45, dropping to Yellow. But the barriers here are not temporal technology gaps like physical presence; they are structural legal requirements. UKGC Personal Management Licences, named MLRO status, and personal criminal liability under the Gambling Act are embedded in legislation. These barriers can only erode through legislative change, which is moving in the opposite direction — toward more personal accountability, not less.
What the Numbers Don't Capture
- Regulatory ratchet effect. Gambling regulation only tightens. The UKGC has never reduced compliance requirements — every review adds obligations. The 2023 White Paper on gambling reform added new requirements for affordability checks, stake limits, and enhanced responsible gambling measures. This structural regulatory expansion guarantees growing demand for senior compliance directors.
- Multi-jurisdictional complexity compounding. A director managing compliance across UKGC, MGA, and 5+ US state gaming commissions faces a combinatorial explosion of regulatory requirements. Each jurisdiction has different rules, reporting cycles, and enforcement styles. AI can help track these, but the strategic synthesis across jurisdictions is deeply human.
- Function-spending vs people-spending. Gambling companies are investing heavily in RegTech platforms (millions annually on AML monitoring, KYC automation, responsible gambling tools). This investment could theoretically reduce compliance team sizes below the director. The director's scope grows but their team may shrink — fewer compliance analysts, same director.
Who Should Worry (and Who Shouldn't)
If you hold a UKGC PML and manage compliance across multiple jurisdictions — you are safer than this score suggests. The combination of personal licensing, criminal liability, and multi-jurisdictional expertise creates a moat that no AI tool can cross. Regulators are increasing their expectations of named individuals, not reducing them.
If you are a mid-level compliance officer executing KYC checks, filing SARs, and compiling regulatory returns — you should be concerned. These operational tasks are exactly what RegTech platforms automate. The director survives; the team below them compresses.
If your information security role is purely technical (running vulnerability scans, maintaining firewalls) without the regulatory compliance overlay — AI tools are further along in automating pure security operations. The protection here comes from the gambling regulatory mandate, not the security work itself.
The single biggest separator: whether you own the regulatory relationship and bear personal liability, or whether you execute compliance tasks for someone who does. The former is structurally protected; the latter is being automated.
What This Means
The role in 2028: The surviving Director of Compliance and Information Security in gambling is a strategic regulatory leader who uses AI-powered RegTech to monitor compliance across a dozen jurisdictions simultaneously. They spend less time compiling returns and more time interpreting regulatory intent, managing enforcement actions, and advising the board on market-entry compliance risk. Their team is smaller but their scope is larger.
Survival strategy:
- Master multi-jurisdictional regulatory complexity. The director who can navigate UKGC, MGA, and US state gaming commissions simultaneously is irreplaceable. Deepen expertise across jurisdictions rather than specialising in one.
- Leverage RegTech to expand your scope, not just automate your tasks. Use AI-powered AML monitoring, responsible gambling analytics, and compliance dashboards to oversee more than a human team could manually — position yourself as the strategic layer, not the operational one.
- Build and maintain direct regulatory relationships. The UKGC case officer who trusts you, the MGA contact who takes your calls — these relationships cannot be automated and are your strongest career protection.
Timeline: 5+ years of strong protection. The regulatory framework (UKGC PML, named MLRO, personal criminal liability) would require legislative change to erode, and the trend is toward more accountability, not less.
