If you look at https://learn.microsoft.com/en-us/sql/t-sql/functions/decryptbykeyautocert-transact-sql?view=sql-server-ver16#permissions, you will find that it says:
Requires
VIEW DEFINITION
permission on the symmetric key, andCONTROL
permission on the certificate.
Apparently you Windows account has these permissions, while the SQL ID has not.