~
also, maybe not hire an ethical hacker, but run bug bounty from time to time, at least test the potential vulnerabilities of the site. the security team should not stop exploring their security options because these hackers won't stop up until they find a weakness of the site.
This is almost the same as hiring an ethical hacker, isn't it? But I personally still on the side of hiring a professional to test your site because bounties are usually too small for a pro to bother, so, just relying on them is too risky. I mean, it's better to do both.
I think the same - having a ethical hacker on board will be an edge - he would be checking the site daily and would be aware of any malfunction.
And will be accountable for any data leak. So for a casino owner - where so much of the transaction will be going on - having an ethical hacker on board will not be good deal.