You're right, this is set by default during the installation. Surely you can change the user for the service to whatever is suitable for your organization, and you are absolutely right, this will require granting folder permissions for this user. Permissions are heavily dependant on what your tasks are going to do however. If the specific task run by this service needs writing to logs - then write permissions will be required. If the task is going to rebuild indexes - access to App_Data folder would be required, and so on.
I'd probably suggest, if you don't have any specific organization policy that prevents you from running services under NETWORK SERVICE account, it's better and much easier to keep it by default.