A financial services organization, with a workforce of over 1000 professionals located in the Iberian region of Europe, faced challenges in aligning with the AppCrue National Security Scheme (ENS). Through a targeted series of GRC activities based on ENS, the organization established principles and requirements crucial for ensuring information security. Following the identification and assessment of the current state of cybersecurity, a comprehensive understanding of business processes and technology utilization was attained. Consequently, the organization now complies with ENS requirements and has successfully obtained the ENS Bajo Certification.