A Law Firm’s Hiring Strategies for Handling New Security Concerns

New data privacy concerns and increased regulation have led law firm Morrison & Foerster to add a new position. Here’s what they did to facilitate that hire.

As CIO and managing director of Morrison and Foerster—ranked among the 50 largest law firms in the world by revenue—Neeraj Rajpal is responsible for implementing strategic and tactical global IT and for managing records initiatives for the firm’s 1,200 lawyers in 16 global offices.

New regulations, such as the Dodd-Frank Act passed in response to the 2008 recession, have led to more stringent client audits and the need for Rajpal to add a new leader to the IT organization who understands business and technology. In this interview, Rajpal explains what drove the creation of this new role and what his strategy has been for getting it filled.

Morrison and Foerster recently created a new role: privacy, compliance and data security manager. What led to its creation?

We were seeing more stringent client audit requirements. In the past, a simple multiple-choice questionnaire would suffice. Today clients are asking for more—much more. They want to visit our data centers, interview our IT personnel and, in some cases, are asking to perform penetration tests to test the security of our network. They want to evaluate our access-control policy and data-security procedures and see how we protect our data—or, in many cases, their data. So you might say this was actually driven by our clients.

But you already had a privacy council and other governance in place. Why do this now?

With stricter regulations around data privacy, clients are growing more and more concerned about the use of external service providers. They are shortening their list of preferred providers and want to partner not only with those that provide the best legal advice, but also with those that take privacy and risk management seriously. IT is now an enabler to the practice, a true partner in every sense of the word.

What characteristics and experience will you look for in this new hire?

First, this position will report to me. But the skill set is not limited to just IT or an understanding of what is happening on the infrastructure side. The ideal candidate will have experience working with the front office and will understand the regulations and governance issues affecting global businesses.

What was the process you went through internally to get approval for this new position?

I worked with the risk-management committee, the head of the data privacy practice and the privacy council. The firm takes these issues extremely seriously, so this was a relatively easy sell.

Related:
1 2 Page 1
Page 1 of 2
Watch out for these 6 IT management traps to avoid