Which platform would a typical IT guy be more on guard against?
While Windows has been known for decades to be a hot pot for all PC malware, Android phones are much more ubiquitous and personalized, and (as far as I know) aren’t hardened against malware in any way. I mean, it literally takes just two taps to install a rogue apk and that is notwithstanding that most OEM implementations and apps on the Play Store are ad-ridden privacy nightmares by themselves. At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions. How would someone handling infosec in an organization control security on people’s personal phones?
You’re making some incorrect assumptions about Android. You can absolutely have company-owned Android phones that are enrolled in management systems that lock things down and only allow pre-approved apps. Same as Windows.
Both platforms allow you to assume your users are stupid and force them to be safe, IF you have ownership of the device. Both are as safe or unsafe as you allow them to be.