There is an example of creating a DirectorySecurity instance and adding an ACE for a named user here (but use the default constructor to start with an empty ACL).

To get the SID of the account there are two possibilities (these need testing):

The first approach is to rely on the owner of the process being the owner of the directory. This is likely to break if doing impersonation (e.g. under Windows Authentication to have the client's identity used for access control to filesystem content):

var ds = new DirectorySecurity();
var sid = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null)
var ace = new FileSystemAccessRule(sid,
                                   FileSystemRights.FullControl,
                                   AccessControlType.Allow);
ds.AddAccessRule(ace);

The second approach to to get the process owner from the process Token, this will require P/Invoke. This includes an example: http://www.codeproject.com/KB/cs/processownersid.aspx, once you have the SID create a SecurityIdentifier instance for it and follow the above to create the ACL.