GCP/Infrastructure : Should a network admin be an organization admin?

Question

When setting up an organization's architecture/infrastrucutre in GCP, I am struggling to understand the division of responsibilities between general infrastructure creator/manager (typically, a terraform service account that has the accesses to organization-level roles) and general network administrator. The way I understand it, the former creates the projects, folders, handles the billing and IAM. While the latter handles everything network related, i.e. The Shared VPC, subnets, firewall rules, policies related to network-resources allocation etc...

In a past question I struggled with setting up a Shared VPC, only to come to the conclusion that the role roles/compute.xpnAdmin, involved in creating the Shared VPC, needs to be set at the organization's level. Which means that if I want to create (and perhaps manage?) the VPC, my network admin needs the same level of permissions as my infrastructure admin.

In this post's accepted answer it is stated that:

Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project.

• What is the correct paradigm if I want to set my network admin as the VPC admin; should I really be okay with my network admin having access to org level actions?