Compliance Specialist III

We're committed to bringing passion and customer focus to the business.

The Privacy Compliance Specialist will support the organization’s privacy program, ensuring compliance with applicable laws, industry standards, and internal policies. This role requires a strong understanding of privacy laws such as CCPA/CPRA, GLBA, HIPAA, and other relevant regulations. The ideal candidate has practical experience in data privacy, information governance, and regulatory compliance.

Essential Duties and Responsibilities

•Monitor and interpret changes in global, federal, and state privacy laws; advise internal stakeholders on regulatory impact.

•Draft, review, and maintain privacy-related policies, procedures, and standards across business units.

•Conduct privacy impact assessments (PIAs) and advise on data use in new projects, systems, and third-party engagements.

•Review contracts, data processing agreements (DPAs), and vendor relationships for privacy compliance.

•Provide regulatory guidance on the collection, use, storage, transfer, and disposal of personal data.

•Investigate, assess, and document privacy incidents and data breaches; assist with regulatory reporting as needed.

•Support training and awareness initiatives to promote a culture of privacy across the organization.

•Partner with IT, InfoSec, HR, Marketing, Product, and other teams to implement privacy by design and data minimization principles.

•Conduct internal audits and assessments of data privacy controls.

•Assist with responding to data subject access requests and customer or regulator inquiries.

• ​Develop and implement action plans to remediate privacy issues, secure stakeholder alignment, and manage issues through resolution.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

Skills

•Strong working knowledge of privacy laws (e.g., CCPA/CPRA, GLBA, HIPAA, etc.)

•Strong contract review skills specific to data protection clauses.

•Excellent legal research, writing, and communication skills.

•Ability to communicate complex legal and compliance issues to non-legal stakeholders.

•Experience with data mapping, data governance, and privacy tools (e.g., OneTrust, TrustArc) is a plus.

Education and/or Experience

• BS/BA Degree (4 year) from an accredited university /college or two to four years’ experience in equivalent compliance position, preferred.

Certifications (preferred but not required)

•Certified Information Privacy Professional (CIPP/US, CIPP/E)

•Certified Information Privacy Manager (CIPM)

•Other relevant certifications (e.g., CIPT, CISSP, CISA)

Computer Skills 

• MS Word, Excel, PowerPoint, and Outlook

Other Qualifications (including physical requirements)

• Must have good time management, communication, and organizational skills.

Equal Employment Opportunity Information: Simmons First National Corporation and its subsidiaries are committed to a policy of equal employment with respect to a person's race, color, religion, sex, ancestry, sexual orientation, gender identity, national origin, covered veterans, military status, physical or mental disability or any other legally protected classifications.