Talk to the admin at work, beer and snacks are welcome.

I work in a large organization with a domain corporate network.

... but apparently I don’t realize that there are admins, there is (maybe) information security - which usually block access to the outside on all ports, except for the proxy.
Most likely, in a large network there is even a separate regulation on this topic. But the chance is minimal - explain why - can you?

For home needs, a home solution that does not require port forwarding may be suitable - anydesk, teamviewer ...
As for rdp, you need to check the connectivity from any other place. So it's easier to make sure that the problem is not in setting up a home router / computer. And only then see if the same thing happens from the office.
Another moment. By exposing port 3389 to the outside (or with a different number, but rdp), you need to make sure that all the latest updates are installed on the PC + there are definitely no accounts with simple passwords. Because brute force will start immediately after opening the port.

1. Exposing port 3389 is a bad, very bad idea.
I'm not talking about hacking - but over time, the computer will simply be DDoSED by bots trying to hack it.
2. There are several VPN implementations on Kinetic - choose the one that:
a) will pass through the protection at your work.
b) you will be able to set up a connection on a working machine.
Everything is at your own peril and risk, of course - you are going to a clear violation of some internal regulations, official or not, and it is not clear what this can lead to.

Expose some standard port outside (for example, 443) and forward it on the router to the same 3389 computer.
3389 outgoing cuts your corp. firewall.
But better - VPN, at least in the L2TP release on the same home Zyxel. Well, yes, with a non-standard port, because. 1701 is also likely stabbed to death.